[CentOS] [OT] Remote control of a WinXP machine from a Linux host

Sun Jan 11 02:26:48 UTC 2009
Bill Campbell <centos at celestial.com>

On Sun, Jan 11, 2009, Marko Vojinovic wrote:
>On Saturday 10 January 2009 23:03, John R Pierce wrote:
>> Marko Vojinovic wrote:
>> > I have a WinXP machine that is to be unattended for a period of 3 years
>> > (yes, I know, it sounds ridiculous, but still...). What I need is remote
>> > access to it to perform regular system maintenance, virus cleanups,
>> > occasional software installations, reboots, config changes, etc.
>> >
>> > Of course, rdesktop would do it, or vnc server or something else. The
>> > problem is that this machine is behind a NAT, and I cannot access it
>> > remotely from outside (and I need access from whereever on the planet I
>> > may happen to be).
>>
>> if this remote XP machine is behind a NAT server that you can log onto
>> with SSH, then, from your local machine...
>>
>>     ssh -L 3390:private-ip-of-remote-XP-machine:3389
>> username at ip-or-hostname-of-remote-NAT-server
>
>Well, first, private-ip-of-remote-XP-machine is dynamic, given by my ISP's 
>dhcp server, so I cannot have 100% guarantee that it will always be the same. 
>And I have no easy way of finding it out if it does change.

We handle this with our *nix clients that are on dynamic IP
addresses by assigning them a hostname with proper DNS that
resolves to their latest dynamic IP address, then having them
check in every fifteen minutes with a cron job that hits a web
URL here with this hostname as an argument.  On this end, it
looks at their real IP, compares that to the one in DNS, and
sends a notice of there's a change.  It also sends a reply to the
http(s) request indicating a change that can be acted up on their
end (actually it's an xmlrpc call and the cron job a python
script -- which is probably fairly easy to implement using python
on the Microsoft Virus, Windows).

Using OpenVPN from the dynamic end, it would be pretty easy to
have it make sure that there's a current connection after a
change is made.  We generally use unique /24 subnets in the
private 10.0.0.0/8 space for each client machine so the *nix side
can route through the appropriate OpenVPN tunnel.

>Second, and more serious, I have no access to the NAT server, the ISP controls 
>it. I may try using my username/password combination, but I am not sure what 
>structure the ISP has. I mean, they may well have a NAT inside a NAT inside a 
>NAT... However, I'll try it out to see if this kind of port-forwarding works 
>in my case. :-)

That should not be a problem with OpenVPN connections initiated
from the Windows machines.

The real issue is how one would script this on the Windows side
as the OpenVPN client I've seen for Windows assumes GUI control.

Bill
-- 
INTERNET:   bill at celestial.com  Bill Campbell; Celestial Software LLC
URL: http://www.celestial.com/  PO Box 820; 6641 E. Mercer Way
Voice:          (206) 236-1676  Mercer Island, WA 98040-0820
Fax:            (206) 232-9186

Rights is a fictional abstraction.  No one has ``Rights'', neither
machines nor flesh-and-blood.  Persons... have opportunities, not rights,
which they use or do not use.
    -- Lazarus Long