[dba-Tech] Remote Desktop on a server

Jim Lawrence accessd at shaw.ca
Sun May 8 16:24:14 CDT 2011


OpenDNS works similar to Hamachi or LogMeIn (who owns Hamachi) in that they
all run from central servers just like the Cloud does. The beauty of the
whole scenario is that the OpenDNS is that you can always get into your
home/office site regardless if the IP address ever changes. 

This is important as large organizations have multiple IP addresses and the
central senior techs may be required to move a subnet or IP address from one
location another or your ISP may change you IP addresses at certain
occasions.

Because your office DNS VPN system is in constant contact, with its central
servers so all the connections are automatically adjusted (IP addresses).
Where this form of tethering of remote users is superior to Hamachi and
LogMeIn is that that company uses special IP addresses like 5.x.x.x and
ports which are designed to slip under your firewall protection. OpenDNS
uses standard ports like port 80 or 8080 that will not ever be blocked by
any Firewall. By default OpenDNS uses 256 bit encryption which protects
communication between your office host and where ever the remote may be
located. Example: A remote user may be calling from a very insecure Wi-Fi
connection in some coffee shop and through their router.

You can of course run a VPN service from your own servers but it is hardly
worth it, especially if the site owner does not want to have a full time
tech running things. VPN servers by their nature are extreme complex. It is
similar to those efforts of some companies that are still installing and
maintaining Exchange servers to handle their mail but again if the host
owner can not afford a full-time tech it is safer to just move to some Cloud
services like GMail.

I have no idea what the issues are at your site but if it is as you explain;
no validation or VPN services are being used during connect times then there
is something wrong. If you are not connecting to the Host office site
directly and not going through a DNS VPN server then it is hardly the fault
of the of your DNS services. If there is some code on the remote computers
that allows the storage and use of credentials, through the DNS VPN service,
to automate the login the remote user, that again is something outside you
have to personally resolve and it is not the fault of any DNS VPN services.

HTH
Jim
   

-----Original Message-----
From: dba-tech-bounces at databaseadvisors.com
[mailto:dba-tech-bounces at databaseadvisors.com] On Behalf Of Steve Erbach
Sent: Sunday, May 08, 2011 12:27 PM
To: Discussion of Hardware and Software issues
Subject: Re: [dba-Tech] Remote Desktop on a server

Jim,

>> I can not enter 10.0.0.15 and access your VPN specifically because that
IP range can only be used within an intranet. <<

Yep, I dig that.  The company where my wife works has a similar
setup...but they don't use a public DNS provider.  They dial into the
VPN on the company server directly.

>> For a further general information, on VPNs go to OpenVPN website
(http://openvpn.net/) and though the documentation is specific to the
product it is standard in its features and scope. <<

How does OpenVPN.net differ from DynDNS.org?  Aren't they offering the
same sort of service?  The first network guy my client hired set up an
account on DynDNS.org.  That's the "public DNS outfit" I referred to.

What's bothering me is that I can open Remote Desktop, type in the
domain name that was set up through DynDNS.org, and get access to my
client's server WITHOUT having opened the VPN connection first.  That
is, just now I opened a Remote Desktop session and typed in the DynDNS
domain name I set up, and voilá!  There's the server.  If I type in my
client's login name (NO password) I have complete administrative
access to the server.  I checked in my Windows XP Network Connections
and there's the VPN entry "Disconnected".

Clearly something isn't set up right.  I should ONLY be able to log in
to the server remotely by first establishing the VPN connection.

Clearly I'm confused.

Steve Erbach
Neenah, WI


On Thu, May 5, 2011 at 11:47 AM, Jim Lawrence <accessd at shaw.ca> wrote:
> Hi Steve:
>
> You will note that you can only access the VPN via a computer setup to run
> over the VPN. I can not enter 10.0.0.15 and access your VPN specifically
> because that IP range can only be used within an intranet. The VPN just
> extends that capability to computers that may be remote. Check also that
the
> VPN station does not also supply the username and password to ease access.
>
> The environment in which you describe is fairly typical for a lot of
> companies. In one company, once logged into the VPN, a person can see
every
> node in 40 states and 12 provinces and you could easily print an invoice
to
> some printer in Georgia. Though this is not a very secure system it is
> fairly common. You should be able to go into the VPN client on the
stations
> and remove the auto login feature.
>
> For a further general information, on VPNs go to OpenVPN website
> (http://openvpn.net/) and though the documentation is specific to the
> product it is standard in its features and scope.
>
> Jim
>
> PS First backup anything you are fixing as it can be easy to lose
important
> credentials.
>
>
> -----Original Message-----
> From: dba-tech-bounces at databaseadvisors.com
> [mailto:dba-tech-bounces at databaseadvisors.com] On Behalf Of Steve Erbach
> Sent: Thursday, May 05, 2011 7:35 AM
> To: Discussion of Hardware and Software issues
> Subject: [dba-Tech] Remote Desktop on a server
>
> Dear Group,
>
> The network guy who set up my client's Windows 2003 Server also set up
> remote access.  He used a public DNS outfit to create a domain name
> which is what we use for VPN.  Then he also set up one of the network
> adapters with an internal IP address of 10.0.0.15...so when one runs
> Windows Remote Desktop, the IP address to type in is 10.0.0.15.  Fine.
>  This all works.
>
> The only problem is (well, not the ONLY problem...the network guy went
> to jail and has been incommunicado since...and I have only a simple
> knowledge of network protocols and such) that the VPN setup isn't set
> up properly.  I say that because this morning I discovered that one
> can simply fire up Windows Remote Desktop, type in the real IP
> address, and log right in. (One additional problem is that the owner
> of the company has network administrator rights...but NO
> PASSWORD!!??!!!)
>
> So my question is, what do I have to do to ensure that Remote Desktop
> access ONLY goes through the VPN?  Do we have to set up the VPN from
> the server itself?  I thought that that had been done, but now I'm not
> so sure.
>
> Regards,
>
> Steve Erbach

_______________________________________________
dba-Tech mailing list
dba-Tech at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/dba-tech
Website: http://www.databaseadvisors.com





More information about the dba-Tech mailing list