Ticket Options
Question Profile
| DATE | Jan 12, 2008 |
| TICKET | #335625 |
| STATUS | Closed |
| SUBJECT | Using ARD behind routers |
| CAT | Home/Business Network and/or Internet Connection |
| TYPE | Security, Firewall, VPN |
| DESC | |
| DESC | |
| PLATFORM | Apple Macintosh (Intel) |
| MODEL | Mac Pro Dual Core |
| PROC | 3 Ghz |
| RAM | 4 GB |
| DRIVE | 1 TB |
| NAME | Gregory |
| USERNAME | sovell |
| TECHNICAL | Little Experience |
| ISSUE | Need Advice |
Question Details
TICKET ARCHIVE -> Using ARD behind routers
sovell - Jan 12, 2008 - 5:44 pm
I want to have access to my desktop (MAc Pro) computer at my office when I travel with my MacBook Pro. Up until a few months ago, I ran HamachiX on both my desktop and laptop. HamachiX generated an IP address that I could input into ARD and connect. Had very little issue with it as it usually worked. I always question it's level of security.
Then leopard was introduced. HamachiX does not work with leopard. I can't use the Ichat's new screen sharing option as someone has to physically be at my office desktop to "accept" the session. Not a great solution when I'm 13 time zones away and I need a file.
I'm confused on how to set this up today....I continue to look around the internet for some STEP-BY-STEP instructions that will allow me to do this.
I've found some cryptic info using Jellyfissh on freemacblog.com come but they were using their set-up to a server with a host name.
I also have found a little info using DYNdns...but I don't know if need this since our main ip is static...
My office uses a Linksys WRT54GS router and we have a static IP address from our ISP.
We use DHCP issued IP addresses from the Linksys.
Any advise or help on this would be much appreciated..???
Then leopard was introduced. HamachiX does not work with leopard. I can't use the Ichat's new screen sharing option as someone has to physically be at my office desktop to "accept" the session. Not a great solution when I'm 13 time zones away and I need a file.
I'm confused on how to set this up today....I continue to look around the internet for some STEP-BY-STEP instructions that will allow me to do this.
I've found some cryptic info using Jellyfissh on freemacblog.com come but they were using their set-up to a server with a host name.
I also have found a little info using DYNdns...but I don't know if need this since our main ip is static...
My office uses a Linksys WRT54GS router and we have a static IP address from our ISP.
We use DHCP issued IP addresses from the Linksys.
Any advise or help on this would be much appreciated..???
Serenak - Jan 12, 2008 - 7:15 pm
Hello Gregory
welcome to macosx.com, thanks for choosing to use the service and I will do my best to advise you.
remote contol/access to Macs over the internet is not only something that interests me but something I have experimented with to a fair degree...
Personally I use Vine Server 3.0 which is free here - http://www.redstonesoftware.com/prod...osx/index.html
you install that on the Mac you want to access and it is helpful to use a Dyndns address (but not essential if you have a static IP at the base Mac. Vine server is better than the built in ARD vnc server in my opinion but if you want to use the ARD "remote desktop" function that is also viable
Dyndns accounts are free here https://www.dyndns.com/ and you can get a "faux" joedoe.dynalias.org type domain name there and a tool to keep the "domain" pointed at your IP too
To use a system like this does need you to (possibly) do some geeky port forwarding etc. but I cannot tell from your initial post how "involved" you are prepared to get.
If you take this route you then need to have a VNC viewer on the remote Mac with which to access the "base" Mac... my preference is the oddly named Chicken of the VNC which is free here - http://sourceforge.net/projects/cotvnc/
If you want a "quick and dirty" solution the previously Windows only service "LogMeIn" is now available for Macs and can be found here https://secure.logmein.com/welcome/g...ree/signup.asp
Personally wherever possible I prefer to use an ssh link to the Mac I want to access and Vine Server and CotVNC... but LogMeIn has some advantages too
I know that maybe this has not been crystal clear... come back to me and we can discuss the finer points and depending on what you choose to use I can offer you more detailed "step by step" instructions, if you choose LogMeIn however they will walk you through it all by themselves... which has a lot to recommend it all by itself
PS The LogMeIn service also has the benefit of not needing firewall fiddling and port 22 forwarding, though it is probably not so secure as a proper ssh port forwarded connection with VNC
welcome to macosx.com, thanks for choosing to use the service and I will do my best to advise you.
remote contol/access to Macs over the internet is not only something that interests me but something I have experimented with to a fair degree...
Personally I use Vine Server 3.0 which is free here - http://www.redstonesoftware.com/prod...osx/index.html
you install that on the Mac you want to access and it is helpful to use a Dyndns address (but not essential if you have a static IP at the base Mac. Vine server is better than the built in ARD vnc server in my opinion but if you want to use the ARD "remote desktop" function that is also viable
Dyndns accounts are free here https://www.dyndns.com/ and you can get a "faux" joedoe.dynalias.org type domain name there and a tool to keep the "domain" pointed at your IP too
To use a system like this does need you to (possibly) do some geeky port forwarding etc. but I cannot tell from your initial post how "involved" you are prepared to get.
If you take this route you then need to have a VNC viewer on the remote Mac with which to access the "base" Mac... my preference is the oddly named Chicken of the VNC which is free here - http://sourceforge.net/projects/cotvnc/
If you want a "quick and dirty" solution the previously Windows only service "LogMeIn" is now available for Macs and can be found here https://secure.logmein.com/welcome/g...ree/signup.asp
Personally wherever possible I prefer to use an ssh link to the Mac I want to access and Vine Server and CotVNC... but LogMeIn has some advantages too
I know that maybe this has not been crystal clear... come back to me and we can discuss the finer points and depending on what you choose to use I can offer you more detailed "step by step" instructions, if you choose LogMeIn however they will walk you through it all by themselves... which has a lot to recommend it all by itself
PS The LogMeIn service also has the benefit of not needing firewall fiddling and port 22 forwarding, though it is probably not so secure as a proper ssh port forwarded connection with VNC
sovell - Jan 12, 2008 - 9:58 pm
Dear Serenak:
Thank you for the quick reply. I have no issue with changing from ARD to Vine Server if it is better. I just somehow ended up with ARD rather than Timbuktu a few years ago.
I have one DYNdns account but have not set up to point to anything. When you say the "base" mac, are you referring to my mac Desktop IP address which currently is issued by the DHCP of the router...or are you referring to the static IP address in the router configuration which is static. I understood that people needed the dyndns service when they had dynamic IP address (as I do at home at my apartment). Do I also need it pointing to my desktop computer? Tell me if I'm wrong but I think I should give myself a manual IP address on my desktop computer so that it does not change given the DHCP service from the router. I just don't remember if it should be inside or outside the DHCP range.. and then there is no reason to use DYNdns... or is there??
I spend the past 6 hour messing, fiddling therefore over-geeking has already passed. I did going into my linksys router at the office and go to "gaming" ( i don't know why it called that) for port forwarding and specify the ports (start 3283 to end 3283) to my ip address and ports (start 5900 to end 5900) to my ip address.
When I got home I tried to connect to my static router ip address thinking it would then go directly to my desktop....wrong...no connection.
I can follow directions. If you want to give them to me I can do it.
Also for what's it worth. I have also a new Airport Extreme modem just sitting in the box at my office. I can swap out the linksys if it makes anything easier.
thanks
Gregory
Thank you for the quick reply. I have no issue with changing from ARD to Vine Server if it is better. I just somehow ended up with ARD rather than Timbuktu a few years ago.
I have one DYNdns account but have not set up to point to anything. When you say the "base" mac, are you referring to my mac Desktop IP address which currently is issued by the DHCP of the router...or are you referring to the static IP address in the router configuration which is static. I understood that people needed the dyndns service when they had dynamic IP address (as I do at home at my apartment). Do I also need it pointing to my desktop computer? Tell me if I'm wrong but I think I should give myself a manual IP address on my desktop computer so that it does not change given the DHCP service from the router. I just don't remember if it should be inside or outside the DHCP range.. and then there is no reason to use DYNdns... or is there??
I spend the past 6 hour messing, fiddling therefore over-geeking has already passed. I did going into my linksys router at the office and go to "gaming" ( i don't know why it called that) for port forwarding and specify the ports (start 3283 to end 3283) to my ip address and ports (start 5900 to end 5900) to my ip address.
When I got home I tried to connect to my static router ip address thinking it would then go directly to my desktop....wrong...no connection.
I can follow directions. If you want to give them to me I can do it.
Also for what's it worth. I have also a new Airport Extreme modem just sitting in the box at my office. I can swap out the linksys if it makes anything easier.
thanks
Gregory
Serenak - Jan 13, 2008 - 2:22 pm
Hello Gregory
To be honest whether you choose to use the ARD functionality or Vine server is basically irrelevant - I used Vine Server because I have full control over that and it seemed to work better for me.
Dyndns - if you have a static external IP then no it is not necessary, but you may still choose to use it to get a nice pseudo "domain name" to use rather than the direct IP number
OK regarding the "Base Mac" i.e. the Mac Pro that you want to access/control remotely - that has an IP address which is dynamically assigned by your router, this will need to be changed to a manually assigned one, personally I have one Mac with a manual address and all the notebooks are DCHP assigned I simply assigned it a very high number (200-250) so that the DCHP is very very unlikely to assign that to anything else... strictly speaking that is not the correct way to go about it but it works for me...
This is how mine is setup and works.
I have the "base Mac" with a manual assigned internal IP and that has Vine Server running a System Server (i.e. a VNC server that starts on start up and is not tied to a particular user account) this usually has a default port of 5900, I found it useful to use another port, such as 5909 for clarity later on. I also turn on the "Require Remote Login (SSH)"
My external IP is also dynamic so I use a dyndns account and their IP updater so that my "domain name" always points to my home IP no matter how often the actual IP number changes (obviously this is not necessary in your case)
In theory you are now almost ready to go, but opening a hole in the firewall and forwarding port 5900 or whatever is not a very safe practice - we don't want to leave the door to the house open now do we? What we need to do is a little trick called SSH (secure shell) which will allow us to open an encrypted secure tunnel from us to the Base Mac which is why we set the VNC server to require SSH
In the System Preferences/Sharing turn on the "Remote Login" option
In your router close the ports you opened and instead open port 22... then forward port 22 to the internal IP of the Base Mac (in my netgear router this is achieved by creating a Service (Port 22 SSH)- actually that is preconfigured I just turned it on - and a Rule (send External Port 22 to internal IP xxx.xxx.xxx.base). Your router should have instructions on how to do this.
Now to connect from outside your home LAN you connect the MBP to the net and use Terminal typing the arcane commands that follow
ssh username@fixed IP address number or dyndns name -L 5900:127.0.0.1:screen port number you set
which should actually look like this ssh account@192.168.156.72 -L 5900:127.0.0.1:5909
or this ssh account@myaccount.dyndns.org -L 5900:127.0.0.1:5909
the -L 5900:127.0.0.1:5909 means Link the output of local display on the MBP to the VNC port number you set back in the Vine Server
you will then get prompted for the your user password
and it should return a prompt with your Base Mac account
Now leaving the Terminal open you open the VNC viewer of your choice (I use Chicken of the VNC) where the setup forthe connection should be Host: Local Host
Screen:0 Password: the password you set in the Vine Server. Personally I wouldn't use full screen and no one else should be trying to log in so you don't need that option either
Press connect - a window should open showing you the screen of the Base Mac... and you can control it as if you were there.
Obviously you need to leave the Base Mac on, or use the system preferences to set it to turn on and auto login to your account at a time you want to use it. If no one is going to be around you can turn the monitor off of course.
Test the operation of the setup... from work or somewhere outside your local network, it sometimes takes a couple of tries to get it right.
OK I hope that helps, if it is all way to much to handle the LogMeIn service is available
BTW SSH can be made REALLY secure by using encrypted keys... but that requires more fiddling still
PS - I keep the ssh command in a Text Edit doc that I open and cut and paste in to the Terminal... and CotVNC can store the settings for the Base Mac for future use.
To be honest whether you choose to use the ARD functionality or Vine server is basically irrelevant - I used Vine Server because I have full control over that and it seemed to work better for me.
Dyndns - if you have a static external IP then no it is not necessary, but you may still choose to use it to get a nice pseudo "domain name" to use rather than the direct IP number
OK regarding the "Base Mac" i.e. the Mac Pro that you want to access/control remotely - that has an IP address which is dynamically assigned by your router, this will need to be changed to a manually assigned one, personally I have one Mac with a manual address and all the notebooks are DCHP assigned I simply assigned it a very high number (200-250) so that the DCHP is very very unlikely to assign that to anything else... strictly speaking that is not the correct way to go about it but it works for me...
This is how mine is setup and works.
I have the "base Mac" with a manual assigned internal IP and that has Vine Server running a System Server (i.e. a VNC server that starts on start up and is not tied to a particular user account) this usually has a default port of 5900, I found it useful to use another port, such as 5909 for clarity later on. I also turn on the "Require Remote Login (SSH)"
My external IP is also dynamic so I use a dyndns account and their IP updater so that my "domain name" always points to my home IP no matter how often the actual IP number changes (obviously this is not necessary in your case)
In theory you are now almost ready to go, but opening a hole in the firewall and forwarding port 5900 or whatever is not a very safe practice - we don't want to leave the door to the house open now do we? What we need to do is a little trick called SSH (secure shell) which will allow us to open an encrypted secure tunnel from us to the Base Mac which is why we set the VNC server to require SSH
In the System Preferences/Sharing turn on the "Remote Login" option
In your router close the ports you opened and instead open port 22... then forward port 22 to the internal IP of the Base Mac (in my netgear router this is achieved by creating a Service (Port 22 SSH)- actually that is preconfigured I just turned it on - and a Rule (send External Port 22 to internal IP xxx.xxx.xxx.base). Your router should have instructions on how to do this.
Now to connect from outside your home LAN you connect the MBP to the net and use Terminal typing the arcane commands that follow
ssh username@fixed IP address number or dyndns name -L 5900:127.0.0.1:screen port number you set
which should actually look like this ssh account@192.168.156.72 -L 5900:127.0.0.1:5909
or this ssh account@myaccount.dyndns.org -L 5900:127.0.0.1:5909
the -L 5900:127.0.0.1:5909 means Link the output of local display on the MBP to the VNC port number you set back in the Vine Server
you will then get prompted for the your user password
and it should return a prompt with your Base Mac account
Now leaving the Terminal open you open the VNC viewer of your choice (I use Chicken of the VNC) where the setup forthe connection should be Host: Local Host
Screen:0 Password: the password you set in the Vine Server. Personally I wouldn't use full screen and no one else should be trying to log in so you don't need that option either
Press connect - a window should open showing you the screen of the Base Mac... and you can control it as if you were there.
Obviously you need to leave the Base Mac on, or use the system preferences to set it to turn on and auto login to your account at a time you want to use it. If no one is going to be around you can turn the monitor off of course.
Test the operation of the setup... from work or somewhere outside your local network, it sometimes takes a couple of tries to get it right.
OK I hope that helps, if it is all way to much to handle the LogMeIn service is available
BTW SSH can be made REALLY secure by using encrypted keys... but that requires more fiddling still
PS - I keep the ssh command in a Text Edit doc that I open and cut and paste in to the Terminal... and CotVNC can store the settings for the Base Mac for future use.
sovell - Jan 16, 2008 - 6:18 am
I have Logmein up and running without any issues. I had to fly to Asia today and I'm not going to have time to get back to trying the other solutions for a few weeks when I'm back in NYC. Should I just keep the ticket open? or close it?
Serenak - Jan 16, 2008 - 9:20 am
Gregory
I will close the ticket as they normally expire after 72 hours of inaction... when you get back either re post a tech support ticket or better simply e-mail me directly at serenakster(at)googlemail(dot)com - sorry about typing it like that but I get enough spam as it is and even google don't manage to filter it all!
I will close the ticket as they normally expire after 72 hours of inaction... when you get back either re post a tech support ticket or better simply e-mail me directly at serenakster(at)googlemail(dot)com - sorry about typing it like that but I get enough spam as it is and even google don't manage to filter it all!
IF THIS IS YOUR QUESTION AND YOU WISH TO RESPOND, LOGIN HERE FIRST.
