Marek Hamerlik's blog

Summary

The post presents solution for cross-platform remote desktop for computer behind NATs, which is TightVNC + Hamachi2. If you know all about that you can stop reading now :-]

Motivation

I often needed to help my father with multiple computer related tasks/problems. Most of them required actions taken on a computer located in a remote location. After few trips I decided to do it all smarter and set up some remote environment to provide “online support” from home (or wherever I would be).

Remote desktop/desktop sharing

Firstly I needed remote desktop/desktop sharing application.

Computers I was interested in work under Windows XP, so there was an option to use remote desktop from Microsoft. Generally it works nicely, I mean it is fast (sending as few images on the network as possible, instead of graphics system instructions are sent and they are simulated on the other side). It however has 2 downsides: doesn’t work under Linux as a client (I could live without that) and has no desktop sharing. The latter could be a bigger issue. I still might log in and perform tasks by myself, but I can’t present anything to my father and he can’t show me what he is doing, so I can’t see what the problem is (and it is sometime really hard to understand what he means by “I clicked there on that thingy thing and sth appeared and it was all down…” 😉 ). Therefore I needed desktop sharing system.

My choice for desktop sharing system was TightVNC. It is small application, is known for its low bandwidth consumption (which was an issue as office connections is radio based), it is multi-platform and free. TightVNC can be downloaded from http://www.tightvnc.com/ for free. It has intuitive installation wizard for Windows so everybody should be able to install it. What we need to install is TightVNC Server.

One more thing we need to do is to allow connections to be made to TightVNC in our firewall. With standard settings it works on ports 5900 (TightVNC viewer access) and 5800 (HTTP, Java access).

On the other side we need TightVNC Client, that would allow us to connect to our server. It can be installed with the same installer. It is also possible to use web browser to access java applet, that can serve as a client.

Dynamic IP

So I had VNC server waiting for me to connect. However how do I know where to connect to? The computer doesn’t have static IP address. First thought was to register a domain on http://www.dyndns.com/ that would point to the computer’s IP (so I could use the name instead of the IP) and install updater application on the computer to update this mapping any time it changes.

Good idea, it would be if the computer had dynamic but public IP. In the location there is wireless router and few computers connected to it via local network, so we have a NAT and can’t connect easily to selected computer. Fortunately I was able to change router settings. Therefore I set ports forwarding (aka virtual server) for selected machines. This way when connection comes to the router on selected port it is forwarded to defined machine. Simple router configuration allowed only for forwarding connection using the same ports so I needed to change settings of TightVNC servers on each machine to different ports.

Finally I tried to connect 🙂 and I couldn’t 😦 Brief overview of information on router gave me an idea. Router itself was part of local network (set up by ISP) and didn’t have public IP… so we had NAT behind NAT. Nice. Of course it is technically possible to set another level of ports forwarding (and I did it for some other networks) however here I had no access to ISP’s router to mess up with its configuration. I couldn’t go furthers this way.

Tunnelling

Having no possibility to connect directly from the outside I needed a tunnel (usually encrypted connection that when called on one side of it forwards messages to the computer on the other side of it and connects from there further). There would be no problem setting a tunnel to some server and then connecting to that server and being tunneled to the computer (though some script setting up such a tunnel would be necessary at startup), however I didn’t have any publicly accessible server at my disposal. Yet there was a solution.

There is nice application and service called Hamachi (or actually Hamachi2) https://secure.logmein.com/products/hamachi2/ from LogMeIn. Application runs in background as a service in Windows and just after startup creates tunnels to all defined computers. Moreover it monitors when other computers come on-line and creates tunnels at this time. It of course uses their server to start tunnels up (so there is no problem creating a tunnel between two computers behind NAT), but afterwards tunnels are generally up without the server as a proxy. When tunnels are up it is possible to connect with any application to the other computer “directly” (using virtual IP assigned by Hamachi to represent the computer behind tunnel). It is necessary to install Hamachi2 application on each computer, create a network (group of computers) and add all of the computers to the network. There is cool feature in Hamachi now that allows to manage client applications all from one central dashboard (i.e. Hamachi website). It is necessary to create an account on the website and download an application when logged in. We get personalized installer that installs an application that is connected to the account from the start. Then we can create networks and assign computers to them from our central dashboard.

Alternative approach (2 in 1)

During my research I found an app and service called LogMeIn  from (guess 😉 ) LogMeIn, which basically is kind of 2 in 1, as it allows to connect to computers behind NAT and serves possibility to share a desktop. It however is not free, so after short testing (it has trial period) I abandoned it.

Use

When we want to connect to remote computer it is just enough to check our Hamachi2 application, to see if computer of our interest is on-line and what is its virtual IP. Then we connect with TightVNC Client to the server using this virtual IP address. If we just want to watch (or spy 😉 ) and not to disturb the user (or not to be noticed 😉 ) we can connect in view only mode, so our mouse will not move mouse pointer on remote machine, and we will not be able to interact.

Remarks

Great thing is that we can install both: TightVNC Client (fewer options, but crucial functionality is there) and Hamachi2 (https://secure.logmein.com/US/labs/ – labs beta version with console UI only, but works fine for me) on Linux as well. This way we can use the solution on our favourite OS 🙂