Thread: XP Remote Desktop over VPN problem
View Single Post
  #10 (permalink)  
Old 05-09-2008, 11:55 AM
Stew
 
Posts: n/a
Re: XP Remote Desktop over VPN problem
Thanks for all the extra info, it's been interesting reading.

I've got good news (as you would expect). I used your suggested alternative
to manually configure what address the client/host will receive. To keep it
simple I used 11.11.11.11 - 11.11.11.12 for PC1, 22.22.22.22 - 22.22.22.23
for PC2 etc. This makes the connection setup more user friendly.
For example the VPN is established using a FQDN, via a hostname service,
which has recognisable text pertanent to the host (telemetry) PC. Once the
VPN is connected the RDT is connected using 11.11.11.11, if it's PC1 we're
connecting to. For certain applications TightVNC is more suitable than XP RDT
and this method ensures the payload is encrypted. Once a successful
connection has been made then the addresses are stored in the RDT drop down
list and helps the user setup the connection without having to
remember/retyping the addresses.

A great outcome, thanks.



"Sooner Al [MVP]" wrote:

> I forgot to add here is how to configure the XP Windows Firewall on your
> headless PPTP VPN/RDC server/host machine if you just want to use RDC
> without going through the VPN tunnel. Obviously its similar if your using a
> different software firewall on the PC.
>
> http://theillustratednetwork.mvps.or...t_for warding
>
> You also might consider changing the default encryption level to "High" from
> the default. That is done via a group policy setting on your RDC host
> machine. The following was written for a Vista host but its the same for XP.
>
> http://theillustratednetwork.mvps.or...ions.html#host
>
> --
>
> Al Jarvi (MS-MVP Windows – Desktop User Experience)
>
> Please post *ALL* questions and replies to the news group for the
> mutual benefit of all of us...
> The MS-MVP Program - http://mvp.support.microsoft.com
> This posting is provided "AS IS" with no warranties, and confers no
> rights...
> How to ask a question
> http://support.microsoft.com/KB/555375
>
> "Sooner Al [MVP]" <SoonerAl@somewhere.net.invalid> wrote in message
> news:A3C0EF6C-A17C-4A30-BDD7-4B420D9E7F4A@microsoft.com...
> > See the inline replies...
> >
> > "Stew" <Stew@discussions.microsoft.com> wrote in message
> > news:FF736BF6-54F9-4D85-98C3-8BD8E6C972AC@microsoft.com...
> >> Yes it's just two XP PCs connected to each other with the internet in
> >> between, no private LAN, servers or routers etc. I already use a hostname
> >> service via DynDNS.com to manage the dynamic IP address issue of the
> >> remote
> >> PC. So yes I establish the VPN connection by using the FQDN.
> >> But here's the thing, once I've got the VPN tunnel established I thought
> >> I
> >> could use the 'Computer Name' to make the RDT connection because this
> >> works
> >> with PCs that have a common domain defined in Control
> >> Panel/System/Computer
> >> Name. However these PCs actually have no domain but a workgroup defined
> >> and
> >> the Computer Name connection method fails.
> >> Why is this so????
> >
> > I am not sure if NetBIOS names are propagated through a PPTP VPN tunnel. I
> > used a lmhosts or hosts file to map NetBIOS names through a PPTP VPN
> > tunnel when I used one in the past. Use of the IP works all the time. In
> > your case use the From: IP that you setup in the PPTP VPN server config to
> > call the PC using RDC since your trying to connect to the same PC through
> > the VPN tunnel.
> >
> >> If I use the FQDN again in the RDT it also fails.
> >
> > Right because you probably don't have TCP Port 3389 open on any software
> > firewall the remote PC is running. As an alternative to VPN just open TCP
> > Port 3389 up and forget about the VPN. You can then use the FQDN to call
> > the PC. The RDC connection is natively encrypted. Make sure you use a
> > *strong* password.
> >
> >>Fyr if I try the latter
> >> with PCs that have identical domains it sets up two parallel paths: 1 x
> >> VPN,
> >> 1 x RDT and I used a Protocol Analyser to confirm that the RDT traffic is
> >> outside the VPN tunnel ie. it's not encrypted.
> >
> > RDC is natively encrypted. I don't know why your analyzer says otherwise.
> >
> >> Re yor last paragraph... I think this is going to be a good alternate
> >> solution. I'll do some testing and get back to you.
> >>
> >> Thanks heaps.
> >
> > --
> >
> > Al Jarvi (MS-MVP Windows – Desktop User Experience)
> >
> > Please post *ALL* questions and replies to the news group for the
> > mutual benefit of all of us...
> > The MS-MVP Program - http://mvp.support.microsoft.com
> > This posting is provided "AS IS" with no warranties, and confers no
> > rights...
> > How to ask a question
> > http://support.microsoft.com/KB/555375
> >
> >>
> >> "Sooner Al [MVP]" wrote:
> >>
> >>> So your basic connection is like this if you ignore the desktop and
> >>> laptop
> >>> on the VPN servers network. You only have the VPN client and the VPN
> >>> server
> >>> which is also the PC you want to access with Remote Desktop (RDC),
> >>> right?
> >>>
> >>> http://theillustratednetwork.mvps.or...-HomeUser.html
> >>>
> >>> As far as dynamically assigned IPs from an ISP you could use a service
> >>> like
> >>> No-IP.com to map a fully qualified domain name (FQDN) to the ISP
> >>> assigned
> >>> IP. That way you simply call the remote VPN server or Remote Desktop
> >>> (RDC)
> >>> host PC by the FQDN.
> >>>
> >>> The 169.254.X.X address is not assigned by the VPN or DHCP server. That
> >>> simply means the client PC your seeing it on is not getting a valid IP
> >>> from
> >>> the local DHCP server.
> >>>
> >>> If your running the built-in PPTP VPN server on an XP box you can
> >>> manually
> >>> configure what the address is the client will receive. In the case of an
> >>> XP
> >>> box acting as both a PPTP VPN server and the RDC host use the first
> >>> address
> >>> in the example, ie. the From: address. The client gets the To: address.
> >>>
> >>> http://theillustratednetwork.mvps.or...tionsTCPIP.JPG
> >>>
> >>> --
> >>>
> >>> Al Jarvi (MS-MVP Windows – Desktop User Experience)
> >>>
> >>> Please post *ALL* questions and replies to the news group for the
> >>> mutual benefit of all of us...
> >>> The MS-MVP Program - http://mvp.support.microsoft.com
> >>> This posting is provided "AS IS" with no warranties, and confers no
> >>> rights...
> >>> How to ask a question
> >>> http://support.microsoft.com/KB/555375
> >>>
> >>>
> >>> "Stew" <Stew@discussions.microsoft.com> wrote in message
> >>> news:6916C4BF-0A72-4CB5-A030-B601159B9BCC@microsoft.com...
> >>> > The PC I'm remoting into is unmanned (telemetry PC) and uses a
> >>> > Wireless
> >>> > Broadband modem with dynamic IP address. Often I am using the same
> >>> > config
> >>> > on
> >>> > my local PC. Therefore the IP addresses are allocated from the ISPs
> >>> > pool
> >>> > and
> >>> > appear to be across the various Public IP address ranges and I assume
> >>> > have
> >>> > no
> >>> > control over this (they don't offer a static IP service). I have have
> >>> > just
> >>> > noted in another thread on another site that VPN allocates it's own
> >>> > separate
> >>> > set of IP addresses inside of this. They tend to be in the 169.254.x.x
> >>> > range.
> >>> > I have also just found I can see the client/server addresses at the
> >>> > local
> >>> > end
> >>> > and can use the server IP address in RDT to connect. However these
> >>> > addresses
> >>> > seem to be dynamic as well and I was trying to find a way to use a
> >>> > consistent
> >>> > connection name in RDT (like Computer Name) as I have a number of
> >>> > different
> >>> > remote PCs to connect into. I tried putting the VPN server IP address
> >>> > in
> >>> > the
> >>> > HOST file of the remote PC with a text name, but it didn't work.
> >>> > Fundamentally I'm trying to keep it simple and just wanted to use a
> >>> > hostname
> >>> > to establish VPN and Computer Name for RDT.
> >>> >
> >>> > "Sooner Al [MVP]" wrote:
> >>> >
> >>> >> Correction..."client on 192.168.1.X for example. Note the third
> >>> >> octet."
> >>> >>
> >>> >> --
> >>> >>
> >>> >> Al Jarvi (MS-MVP Windows – Desktop User Experience)
> >>> >>
> >>> >> Please post *ALL* questions and replies to the news group for the
> >>> >> mutual benefit of all of us...
> >>> >> The MS-MVP Program - http://mvp.support.microsoft.com
> >>> >> This posting is provided "AS IS" with no warranties, and confers no
> >>> >> rights...
> >>> >> How to ask a question
> >>> >> http://support.microsoft.com/KB/555375
> >>> >>
> >>> >> "Sooner Al [MVP]" <SoonerAl@somewhere.net.invalid> wrote in message
> >>> >> news:C296F5BB-DF82-499D-9CD5-639C965DE4A7@microsoft.com...
> >>> >> > When you connect with the VPN can you ping the target Remote
> >>> >> > Desktop
> >>> >> > (RDC)
> >>> >> > host PC by IP?
> >>> >> >
> >>> >> > Note that if the PPTP VPN server network and the remote network
> >>> >> > your
> >>> >> > accessing the server on are using the same address scope, ie. both
> >>> >> > in
> >>> >> > the
> >>> >> > 192.168.0.X range for example, you will have trouble connecting to
> >>> >> > the
> >>> >> > RDC
> >>> >> > host. Its a good idea for the server network and the remote network
> >>> >> > to
> >>> >> > be
> >>> >> > in different address ranges, ie. PPTP VPN server on 192.168.0.X and
> >>> >> > the
> >>> >> > remote client on 102.168.1.X for example. Note the third octet.
> >>> >> >
> >>> >> > --
> >>> >> >
> >>> >> > Al Jarvi (MS-MVP Windows – Desktop User Experience)
> >>> >> >
> >>> >> > Please post *ALL* questions and replies to the news group for the
> >>> >> > mutual benefit of all of us...
> >>> >> > The MS-MVP Program - http://mvp.support.microsoft.com
> >>> >> > This posting is provided "AS IS" with no warranties, and confers no
> >>> >> > rights...
> >>> >> > How to ask a question
> >>> >> > http://support.microsoft.com/KB/555375
> >>> >> >
> >>> >> > "Stew" <Stew@discussions.microsoft.com> wrote in message
> >>> >> > news:298A9DFF-AF45-4A7F-9C07-507A6944691D@microsoft.com...
> >>> >> >> OS: XP Pro V2002 SP2.
> >>> >> >> Trying to use XP Remote Desktop within VPN (using XP inbuilt VPN
> >>> >> >> Client/Server) between two standalone PCs. Each work fine on their
> >>> >> >> own
> >>> >> >> ie.
> >>> >> >> VPN connects OK or RDT connects and works OK, but once I setup VPN
> >>> >> >> connection
> >>> >> >> and try and run RDT over it, it fails to connect. I have used this
> >>> >> >> solution
> >>> >> >> successfully between two XP PCs, but with domains defined (using
> >>> >> >> Computer
> >>> >> >> Name in the RDT Connection 'Computer:' field). The PCs I have the
> >>> >> >> problem
> >>> >> >> with both have a workgroup defined, not domain, (Windows default
> >>> >> >> of
> >>> >> >> WORKGROUP). I have tried both the Computer Name and the hostname,
> >>> >> >> neither
> >>> >> >> work.
> >>> >> >> Can anyone help with a solution?
> >>> >> >>
> >>> >> >
> >>> >>
> >>>
> >
>
Reply With Quote