786soul Posted October 9, 2009 Share Posted October 9, 2009 To keep things simple heres what I have and what I'm looking to do: Home server set up for some stock/foreign exchange trading. Have already set up dyndns and remote desktop connection establishes fine. I'd like to secure the connection so that nothing can be seen going back and forth. Is it necessary to do this? Also, I'd like to change the port that RDP is running on for the whole security through obscurity thing, where can I do this? Thanks for the help. Quote Link to comment Share on other sites More sharing options...
Sparda Posted October 9, 2009 Share Posted October 9, 2009 To secure it you'll want to use a VPN. If you want to change the port so it is simply not easily detectable on the internet, the VPN will do that so it's not an issue. Quote Link to comment Share on other sites More sharing options...
goldtouch Posted October 9, 2009 Share Posted October 9, 2009 As an alternative to a vpn, you could also use ssh port forwarding and tunnel the remote desktop session over that. Quote Link to comment Share on other sites More sharing options...
lopez1364 Posted October 9, 2009 Share Posted October 9, 2009 Another good way to do is thru a SSH tunnel. Set up RDP to only travel thru your tunnel. Quote Link to comment Share on other sites More sharing options...
786soul Posted October 10, 2009 Author Share Posted October 10, 2009 I'm still wrapping my head around how the vpn would work, but maybe one of you could help me out. After setting up the vpn to accept incoming connections for the pc I'll be connecting to, I then set up the vpn client on my laptop which I'll be using to connect to the server from my school's campus. After establishing the vpn connection, what IP am I using to open the RDP connection? If I use the DynDNS address will it still go through the vpn? Essentially with the vpn connected, does that mean even internet traffic is tunnelled through the vpn? I'm a bit confused as to how it all works. Any help is appreciated. thanks. Quote Link to comment Share on other sites More sharing options...
Iain Posted October 10, 2009 Share Posted October 10, 2009 If the VPN server hands out IP addresses via DHCP, you will get an IP address which is on your home network. When the VPN's established, check it using ipconfig /all from the command prompt and you'll see 2 IP addresses. Just make sure that the remote and home networks are not using the same IP range. At home, I typically use something like 10.17.100.0/24 so there's almost no chance of that range being used if I connect to a potentially hostile wireless network. If your home server address is, for instance, 10.17.100.250 then that's the address you'll need to use from your remote client. When the VPN is established you are, in effect, sitting at home connected directly to your home LAN. Quote Link to comment Share on other sites More sharing options...
Netshroud Posted October 11, 2009 Share Posted October 11, 2009 Do it over a VPN, and force NLA connections. Quote Link to comment Share on other sites More sharing options...
786soul Posted October 13, 2009 Author Share Posted October 13, 2009 Do it over a VPN, and force NLA connections. What is the NLA connections for? Quote Link to comment Share on other sites More sharing options...
555 Posted October 13, 2009 Share Posted October 13, 2009 What is the NLA connections for? Someone will probuly just tell you to google what a NLA connection is.. since i have no idea eaither what one is i will do us both a favor and look it up.. The Role of NLA The Network Location Awareness (NLA) service provider is vital for computers or devices that might move between different networks, and for selecting optimal configurations when more than one is available. For example, a wireless computer roaming between physical networks can use NLA to determine the proper configuration based on information about its available network connection. NLA also proves valuable when a multihomed computer has a physical connection to one network while also connected to another network through a dial-up connection or a tunnel. In the past, developers had to obtain information about a logical network interface, and therefore make decisions about network connectivity, based on a multitude of disparate network information. In those circumstances, developers had to choose the appropriate network interface based on the IP address, the subnet of the interface, the Domain Name System (DNS) name associated with the interface, the MAC address of a NIC, a wireless network name, or other network information. NLA alleviates this problem by supplying a standard interface for enumerating logical network attachment information, correlating it with physical network interface information, and then providing notification when previously returned information gets invalidated. NLA provides the following network location information: Logical Network Identity NLA first attempts to identify a logical network by its DNS domain name. If a logical network does not have a domain name, NLA identifies the network from custom static information stored in the registry, and finally from its subnet address. Logical Network Interfaces For each network to which a computer is attached, NLA supplies an AdapterName that uniquely identifies a physical interface such as a NIC, or a logical interface such as a RAS connection. The AdapterName can then be used with functions available in the IP Helper API to obtain further interface characteristics. NLA implements the logical network as a service class, with an associated class GUID and properties. Each logical network for which NLA returns information is an instance of that service class. Im still not even sure what VPN is all about I use RDP.. im guessing a VPN is like Citrix? Quote Link to comment Share on other sites More sharing options...
Iain Posted October 13, 2009 Share Posted October 13, 2009 Im still not even sure what VPN is all about I use RDP.. im guessing a VPN is like Citrix? As you were kind enough to explain NLA (I didn't know what it was!), I'll explain what I know about VPN/RDP. They are both intrinsic within Windows XP/2003. Remote Desktop is an insecure protocol that's used to access a remote host and bring the desktop to the local host as if the operator were sitting at the remote host. By default, it uses TCP 3389. In order to make the RDP connection more secure, it's not uncommon to connect to the remote network first via VPN and that connection is encrypted. The simplest encryption is PPTP (TCP 1723) and the more secure is L2TP (TCP 1701). When the VPN connection has been established, the local host is given an additional IP address which is an address on the remote network. It's a simple matter then to connect to the target host via a RDP connection which is tunnelled through a secure VPN connection. I'm a "Windows guy" and my knowledge of Linux is very limited. I think that the principles in Linux are similar. Quote Link to comment Share on other sites More sharing options...
Netshroud Posted October 13, 2009 Share Posted October 13, 2009 Wrong NLA, I meant Network Level Authentication. Quote Link to comment Share on other sites More sharing options...
Iain Posted October 14, 2009 Share Posted October 14, 2009 Wrong NLA, I meant Network Level Authentication. Ha - that's the problem using abbreviations but I'm not blaming you specifically. IT is littered with such abbreviations. I'll set about researching "Network Level Authentication" now. Quote Link to comment Share on other sites More sharing options...
Netshroud Posted October 14, 2009 Share Posted October 14, 2009 http://www.google.com.au/search?rlz=1C1GGL...ote+desktop+nla Quote Link to comment Share on other sites More sharing options...
Iain Posted October 15, 2009 Share Posted October 15, 2009 You beat me to it - it was going to be my project for the weekend! Quote Link to comment Share on other sites More sharing options...
786soul Posted October 16, 2009 Author Share Posted October 16, 2009 Here's what I'm thinking of doing: I picked up a wrt54G router cheap and plan on getting dd-wrt set up on it. Is there a way I can keep my existing DLink router but Use the 54G as a VPN to my home network? Small diagram: Intenet ---> Dlink--->Linksys----VPN---->Server Something tells me the way I'm looking at the setup isn't right. Quote Link to comment Share on other sites More sharing options...
Sparda Posted October 16, 2009 Share Posted October 16, 2009 Here's what I'm thinking of doing: I picked up a wrt54G router cheap and plan on getting dd-wrt set up on it. Is there a way I can keep my existing DLink router but Use the 54G as a VPN to my home network? Small diagram: Intenet ---> Dlink--->Linksys----VPN---->Server Something tells me the way I'm looking at the setup isn't right. It's completely possible, just have to setup port forwarding on the Dlink to send the correct traffic to the WRT. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.