Sorry for an off topic post, but a lot of you folks are sysadmins here or there, and just might have a suggestion... ;-)
I have a WinXP machine that is to be unattended for a period of 3 years (yes, I know, it sounds ridiculous, but still...). What I need is remote access to it to perform regular system maintenance, virus cleanups, occasional software installations, reboots, config changes, etc.
Of course, rdesktop would do it, or vnc server or something else. The problem is that this machine is behind a NAT, and I cannot access it remotely from outside (and I need access from whereever on the planet I may happen to be).
Basically, I need to setup some type of ssh tunnelling from XP (machine A) to my static-IP-24/7-high-bandwidth-CentOS server (machine B) and then further to my laptop (machine C, Fedora 10) located elsewhere (possibly behind another NAT, I can't know in advance). I have root access for all three machines (A, B and C). Of course, all three are on different LANs.
However, I have never done anything like this before, so I wonder what is the best method of creating such a setup?
One of my ideas was to make some script on A which would connect to B once every 15 minutes or so, look for a flagfile, and if present, initiate connection with C directly or through B if necessary. That means, if I want access from C to A, I ssh from C to B and create a flagfile, wait 15 minutes or so, and a rdesktop (or vnc or other) appears on my laptop. In theory.
Or is there some other XP-tool that might do what I want out of the box? However, it need be absolutely automatic, there will be nobody around to do anything locally on A once I leave it.
Another idea I had was to have machine A running as a virtual machine on a CentOS host (vmware or such would suffice). Then I could easily configure the above A-to-B-to-C scenario, shutdown the virtual A, pull its hard disk file to C, start it locally, perform maintenance, push it back to host A and run it again as a vm. But this is highly complicated, takes too much time and bandwidth, so I hope something simpler is available.
Yet another idea is to ask A's ISP to provide a static IP for that machine, or to forward some available port to A, which could be used by rdesktop in some customized fashion. But the ISP may refuse such requests, and I need a robust solution.
Yet even another idea is to put another CentOS machine (D) between A and A's ISP (create a local LAN). Then initiate ssh -X connection from C to D (somehow, via flagfile scenario or such), and then rdesktop from D to A over a local LAN.
The main problem is NAT, if machine A had a world-accessible IP, I would just rdesktop from C to A, but alas, it doesn't... :-(
Any suggestions about the best way of doing this?
Thanks, :-) Marko
OpenVPN.
Tim Nelson Systems/Network Support Rockbochs Inc. (218)727-4332 x105
----- "Marko Vojinovic" vvmarko@panet.co.yu wrote:
Sorry for an off topic post, but a lot of you folks are sysadmins here or there, and just might have a suggestion... ;-)
I have a WinXP machine that is to be unattended for a period of 3 years (yes, I know, it sounds ridiculous, but still...). What I need is remote access to it to perform regular system maintenance, virus cleanups, occasional software installations, reboots, config changes, etc.
Of course, rdesktop would do it, or vnc server or something else. The problem is that this machine is behind a NAT, and I cannot access it remotely from outside (and I need access from whereever on the planet I may happen to be).
Basically, I need to setup some type of ssh tunnelling from XP (machine A) to my static-IP-24/7-high-bandwidth-CentOS server (machine B) and then further to my laptop (machine C, Fedora 10) located elsewhere (possibly behind
another NAT, I can't know in advance). I have root access for all three machines (A, B and C). Of course, all three are on different LANs.
However, I have never done anything like this before, so I wonder what is the best method of creating such a setup?
One of my ideas was to make some script on A which would connect to B once every 15 minutes or so, look for a flagfile, and if present, initiate
connection with C directly or through B if necessary. That means, if I want access from C to A, I ssh from C to B and create a flagfile, wait 15 minutes or so, and a rdesktop (or vnc or other) appears on my laptop. In theory.
Or is there some other XP-tool that might do what I want out of the box? However, it need be absolutely automatic, there will be nobody around to do anything locally on A once I leave it.
Another idea I had was to have machine A running as a virtual machine on a CentOS host (vmware or such would suffice). Then I could easily configure the above A-to-B-to-C scenario, shutdown the virtual A, pull its hard disk file to C, start it locally, perform maintenance, push it back to host A and run it again as a vm. But this is highly complicated, takes too much time and bandwidth, so I hope something simpler is available.
Yet another idea is to ask A's ISP to provide a static IP for that machine, or to forward some available port to A, which could be used by rdesktop in some customized fashion. But the ISP may refuse such requests, and I need a robust solution.
Yet even another idea is to put another CentOS machine (D) between A and A's ISP (create a local LAN). Then initiate ssh -X connection from C to D
(somehow, via flagfile scenario or such), and then rdesktop from D to A over a local LAN.
The main problem is NAT, if machine A had a world-accessible IP, I would just rdesktop from C to A, but alas, it doesn't... :-(
Any suggestions about the best way of doing this?
Thanks, :-) Marko
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On Fri, Jan 9, 2009 at 3:41 PM, Marko Vojinovic vvmarko@panet.co.yu wrote:
Sorry for an off topic post, but a lot of you folks are >sysadmins here or there, and just might have a suggestion... ;-) I have a WinXP machine that is to be unattended for a >period of 3 years (yes, I know, it sounds ridiculous, but still...). What I need is >remote access to it to perform regular system maintenance, virus >cleanups, occasional software installations, reboots, config changes, etc.
We have 3 boxes with WinXP Home Edition on them. Two are dual boot, with CentOS 5.2 (32 bit). There is something in WinXP Home Edition, to allow remote access. I assume the Professional version has it too. Before you get more complex, I suggest that you read up on what that permits you to do. Glad you do not need the box to be up for 3 years, without a reboot! :-) Hopefully, the HW will not fail.. ...
Marko Vojinovic wrote:
Sorry for an off topic post, but a lot of you folks are sysadmins here or there, and just might have a suggestion... ;-)
I have a WinXP machine that is to be unattended for a period of 3 years (yes, I know, it sounds ridiculous, but still...). What I need is remote access to it to perform regular system maintenance, virus cleanups, occasional software installations, reboots, config changes, etc.
Of course, rdesktop would do it, or vnc server or something else. The problem is that this machine is behind a NAT, and I cannot access it remotely from outside (and I need access from whereever on the planet I may happen to be).
Basically, I need to setup some type of ssh tunnelling from XP (machine A) to my static-IP-24/7-high-bandwidth-CentOS server (machine B) and then further to my laptop (machine C, Fedora 10) located elsewhere (possibly behind another NAT, I can't know in advance). I have root access for all three machines (A, B and C). Of course, all three are on different LANs.
However, I have never done anything like this before, so I wonder what is the best method of creating such a setup?
Set up an openvpn tunnel from the remote unattended machine to the centos box. If you can set up port-forwarding on it's NAT router, you may be able to originate this connection either way. If you can't, use a keep-alive setting on the natted side to make sure the connection stays active. Then you can either do the same on the laptop with appropriate routing or you can run freenx on the Centos server and connect to it with the nomachine NX client on the laptop. In the latter scenario you would run rdesktop or vncviewer on the Centos server but the display would be on the laptop.
Well use Radmin 2.2 for the server and Wine and Radmin 3 for the Client.... Works fine for me
Marko Vojinovic wrote:
Sorry for an off topic post, but a lot of you folks are sysadmins here or there, and just might have a suggestion... ;-)
I have a WinXP machine that is to be unattended for a period of 3 years (yes, I know, it sounds ridiculous, but still...). What I need is remote access to it to perform regular system maintenance, virus cleanups, occasional software installations, reboots, config changes, etc.
A simple to use tool is available from http://www.logmein.com. The free version of logmein should do what you want. Or they do "Hamachi" for Windows and Linux which will create a "personal" VPN for you, which means you can then use rdesktop direct to the XP machine.
Of course, there's no guarantee these services will be around in 3 years time....
Cheers
D
On Friday 09 January 2009 21:41, Marko Vojinovic wrote:
I have a WinXP machine that is to be unattended for a period of 3 years (yes, I know, it sounds ridiculous, but still...). What I need is remote access to it to perform regular system maintenance, virus cleanups, occasional software installations, reboots, config changes, etc.
Ok, so the main choices are openvpn, radmin, logmein and hamachi. I'll look into all of them and take it from there.
Thanks to everyone for advice! ;-)
Best, :-) Marko
Marko Vojinovic wrote:
Sorry for an off topic post, but a lot of you folks are sysadmins here or there, and just might have a suggestion... ;-)
I have a WinXP machine that is to be unattended for a period of 3 years (yes, I know, it sounds ridiculous, but still...). What I need is remote access to it to perform regular system maintenance, virus cleanups, occasional software installations, reboots, config changes, etc.
Of course, rdesktop would do it, or vnc server or something else. The problem is that this machine is behind a NAT, and I cannot access it remotely from outside (and I need access from whereever on the planet I may happen to be).
Basically, I need to setup some type of ssh tunnelling from XP (machine A) to my static-IP-24/7-high-bandwidth-CentOS server (machine B) and then further to my laptop (machine C, Fedora 10) located elsewhere (possibly behind another NAT, I can't know in advance). I have root access for all three machines (A, B and C). Of course, all three are on different LANs.
if this remote XP machine is behind a NAT server that you can log onto with SSH, then, from your local machine...
ssh -L 3390:private-ip-of-remote-XP-machine:3389 username@ip-or-hostname-of-remote-NAT-server
and use rdesktop (or XP MSTSC.EXE) to connect to localhost:3390 which will be forwarded over the SSH tunnel to the remote XP machine's RDP service. (Remote Desktop Protocol)
or, if this remote NAT is some sort of appliance router (linksys etc), setup a port forward on said router to forward inbound TCP port XXXX to ip-of-XP-machine:3389 and connect your rdesktop/mstsc.exe to ip-of-nat-server:XXXX
Windows remote desktop uses a fairly secure challenge/handshake authentication protocol, so as long as all accounts on said remote XP box have reasonably strong passwords, this is more secure than some might think. Its certainly more secure than plain vanilla VNC
On Saturday 10 January 2009 23:03, John R Pierce wrote:
Marko Vojinovic wrote:
I have a WinXP machine that is to be unattended for a period of 3 years (yes, I know, it sounds ridiculous, but still...). What I need is remote access to it to perform regular system maintenance, virus cleanups, occasional software installations, reboots, config changes, etc.
Of course, rdesktop would do it, or vnc server or something else. The problem is that this machine is behind a NAT, and I cannot access it remotely from outside (and I need access from whereever on the planet I may happen to be).
if this remote XP machine is behind a NAT server that you can log onto with SSH, then, from your local machine...
ssh -L 3390:private-ip-of-remote-XP-machine:3389username@ip-or-hostname-of-remote-NAT-server
Well, first, private-ip-of-remote-XP-machine is dynamic, given by my ISP's dhcp server, so I cannot have 100% guarantee that it will always be the same. And I have no easy way of finding it out if it does change.
Second, and more serious, I have no access to the NAT server, the ISP controls it. I may try using my username/password combination, but I am not sure what structure the ISP has. I mean, they may well have a NAT inside a NAT inside a NAT... However, I'll try it out to see if this kind of port-forwarding works in my case. :-)
Thanks for help!
Best, :-) Marko
On Sun, Jan 11, 2009, Marko Vojinovic wrote:
On Saturday 10 January 2009 23:03, John R Pierce wrote:
Marko Vojinovic wrote:
I have a WinXP machine that is to be unattended for a period of 3 years (yes, I know, it sounds ridiculous, but still...). What I need is remote access to it to perform regular system maintenance, virus cleanups, occasional software installations, reboots, config changes, etc.
Of course, rdesktop would do it, or vnc server or something else. The problem is that this machine is behind a NAT, and I cannot access it remotely from outside (and I need access from whereever on the planet I may happen to be).
if this remote XP machine is behind a NAT server that you can log onto with SSH, then, from your local machine...
ssh -L 3390:private-ip-of-remote-XP-machine:3389username@ip-or-hostname-of-remote-NAT-server
Well, first, private-ip-of-remote-XP-machine is dynamic, given by my ISP's dhcp server, so I cannot have 100% guarantee that it will always be the same. And I have no easy way of finding it out if it does change.
We handle this with our *nix clients that are on dynamic IP addresses by assigning them a hostname with proper DNS that resolves to their latest dynamic IP address, then having them check in every fifteen minutes with a cron job that hits a web URL here with this hostname as an argument. On this end, it looks at their real IP, compares that to the one in DNS, and sends a notice of there's a change. It also sends a reply to the http(s) request indicating a change that can be acted up on their end (actually it's an xmlrpc call and the cron job a python script -- which is probably fairly easy to implement using python on the Microsoft Virus, Windows).
Using OpenVPN from the dynamic end, it would be pretty easy to have it make sure that there's a current connection after a change is made. We generally use unique /24 subnets in the private 10.0.0.0/8 space for each client machine so the *nix side can route through the appropriate OpenVPN tunnel.
Second, and more serious, I have no access to the NAT server, the ISP controls it. I may try using my username/password combination, but I am not sure what structure the ISP has. I mean, they may well have a NAT inside a NAT inside a NAT... However, I'll try it out to see if this kind of port-forwarding works in my case. :-)
That should not be a problem with OpenVPN connections initiated from the Windows machines.
The real issue is how one would script this on the Windows side as the OpenVPN client I've seen for Windows assumes GUI control.
Bill
Bill Campbell wrote:
The real issue is how one would script this on the Windows side as the OpenVPN client I've seen for Windows assumes GUI control.
the Windows OpenVPN implementation supports pretty much the same command line interface as the Unix version... the OpenVPN GUI is just an aid for the commandline deprived.
On Sat, Jan 10, 2009, John R Pierce wrote:
Bill Campbell wrote:
The real issue is how one would script this on the Windows side as the OpenVPN client I've seen for Windows assumes GUI control.
the Windows OpenVPN implementation supports pretty much the same command line interface as the Unix version... the OpenVPN GUI is just an aid for the commandline deprived.
Call me Windows deprived. I have always avoided it except to run a few applications that were not available on Linux, Unix, or OS X (Drafix CAD, TurboTax, and a day of testing to get certified as a GTE reseller about 10 years ago). I went from Burroughs main frames to Xenix on the Radio Shack Model 16 in 1982, and always have found DOS/Windows cumbersome and hard to do anything easily.
Bill
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf
Of
Marko Vojinovic Sent: Sunday, January 11, 2009 1:36 AM To: CentOS mailing list Subject: Re: [CentOS] [OT] Remote control of a WinXP machine from a Linux
host
ssh -L 3390:private-ip-of-remote-XP-machine:3389username@ip-or-hostname-of-remote-NAT-server
Well, first, private-ip-of-remote-XP-machine is dynamic, given by my ISP's dhcp server, so I cannot have 100% guarantee that it will always be the same. And I have no easy way of finding it out if it does change.
Can't you use one of those free dyndns-thingies? That way you'd always connect to my.homecomputer.com (or something) instead of an arbitrary ip.
At least that's what I do when connecting from eg work to my homecomputers (linux and windows machines).
HTH.
on 1-9-2009 12:41 PM Marko Vojinovic spake the following:
Sorry for an off topic post, but a lot of you folks are sysadmins here or there, and just might have a suggestion... ;-)
I have a WinXP machine that is to be unattended for a period of 3 years (yes, I know, it sounds ridiculous, but still...). What I need is remote access to it to perform regular system maintenance, virus cleanups, occasional software installations, reboots, config changes, etc.
Of course, rdesktop would do it, or vnc server or something else. The problem is that this machine is behind a NAT, and I cannot access it remotely from outside (and I need access from whereever on the planet I may happen to be).
Basically, I need to setup some type of ssh tunnelling from XP (machine A) to my static-IP-24/7-high-bandwidth-CentOS server (machine B) and then further to my laptop (machine C, Fedora 10) located elsewhere (possibly behind another NAT, I can't know in advance). I have root access for all three machines (A, B and C). Of course, all three are on different LANs.
However, I have never done anything like this before, so I wonder what is the best method of creating such a setup?
One of my ideas was to make some script on A which would connect to B once every 15 minutes or so, look for a flagfile, and if present, initiate connection with C directly or through B if necessary. That means, if I want access from C to A, I ssh from C to B and create a flagfile, wait 15 minutes or so, and a rdesktop (or vnc or other) appears on my laptop. In theory.
Or is there some other XP-tool that might do what I want out of the box? However, it need be absolutely automatic, there will be nobody around to do anything locally on A once I leave it.
Another idea I had was to have machine A running as a virtual machine on a CentOS host (vmware or such would suffice). Then I could easily configure the above A-to-B-to-C scenario, shutdown the virtual A, pull its hard disk file to C, start it locally, perform maintenance, push it back to host A and run it again as a vm. But this is highly complicated, takes too much time and bandwidth, so I hope something simpler is available.
Yet another idea is to ask A's ISP to provide a static IP for that machine, or to forward some available port to A, which could be used by rdesktop in some customized fashion. But the ISP may refuse such requests, and I need a robust solution.
Yet even another idea is to put another CentOS machine (D) between A and A's ISP (create a local LAN). Then initiate ssh -X connection from C to D (somehow, via flagfile scenario or such), and then rdesktop from D to A over a local LAN.
The main problem is NAT, if machine A had a world-accessible IP, I would just rdesktop from C to A, but alas, it doesn't... :-(
Any suggestions about the best way of doing this?
Thanks, :-) Marko
There is an application based on VNC called teamviewer that can be set to start automatically and points to a central server so that you can always find the system. It crosses NAT easily and can be set with a fixed password.
Maybe it will help you.
On Monday 12 January 2009 03:36, Scott Silva wrote:
on 1-9-2009 12:41 PM Marko Vojinovic spake the following:
I have a WinXP machine that is to be unattended for a period of 3 years (yes, I know, it sounds ridiculous, but still...). What I need is remote access to it to perform regular system maintenance, virus cleanups, occasional software installations, reboots, config changes, etc.
There is an application based on VNC called teamviewer that can be set to start automatically and points to a central server so that you can always find the system. It crosses NAT easily and can be set with a fixed password.
Ok, thanks, I'll look at teamviewer as well.
For the record, yesterday I investigated all options so far mentioned in the thread (except for teamviewer, of course), and found that openvpn is actually the best way to go, for me at least. Other tools are also not bad, but some are not cost-free (or have a trial-only period), some fail over NAT, and some just don't feel robust enough (this is just a personal feeling, of course).
Openvpn is completely cost-free (and also open-source), very well documented and gives a very large amount of control in how to setup the virtual network. And it doesn't depend on third-party servers, just me and myself involved. ;-) In fact, it seems that most of other tools use openvpn in the background, and just automate the configuration and installation, and dumb-down the vpn flexibility in the process.
Not to say they don't work or are not good at what they do, it's just my gut-feeling that they are not "serious" enough. I feel they may have too many points of failure, where openvpn has less.
So, it will eventually be openvpn or teamviewer (if it is good enough for my taste).
Big thanks to all of you! :-)
Best, :-) Marko
-
Bill Campbell -
Daniel Bird -
Franklin S Werren -
John R Pierce -
Lanny Marcus -
Les Mikesell -
Marko Vojinovic -
Scott Silva -
Sorin Srbu -
Tim Nelson