VPN setup with Windows 7 and remote desktop.. free dynamic dns?

pamccabe

I'm looking for some advise with setting up a secure vpn connection and remote desktop. It is for my parent's computer. They always have viruses and questions. Instead of driving over there constantly, it would be nice to be able to remote in. I have Windows 7 setup to accept incoming connections using PPTP and port 1723. I am able to successfully connect to their network. Now, I would like to use remote desktop and have that running as well. My concern is opening ports 1723 and 3389 to the internet. I've been searching and finding many reasons not to do that, and other information saying its ok as long as you have a strong password.

Is there a better solution or am I to accept that my password is strong enough?

Second, I am using their ip address with ':3389' to connect via remote desktop. I see that dyndns does not have free accounts anymore. Is there a service that is recommended?

J_86

Have you looked into using something like TeamViewer or LogMeIn?

jaywalker

+1 on Teamviewer. Your parents or anyone for that matter can see active connections as they occur (a mini-window will pop up on their end.) You will need a 9 digit code (provided by the remote computer) to even establish the connection. Then the remote password for the authentication process. You could disable Teamviewer internet sessions and log in via (v)LAN instead.

Bryzey

Yeah teamviewer is awesome. +1

pamccabe

Thank you guys and I will look into those options. However, does anyone have answers to my questions? I'm still curious.

Qord

While it's not really the best idea from a security perspective, I still rdp to my house. BUT....I set the router to only allow rdp connections coming from my office's ip pool. Since I can vpn into work at any time, I can always vpn to work and the rdp to home from there, so it's a little more secure than just having the port open to the world.

For a replacement for dyndns, you might want to check out no-ip. That's what I use now.

pamccabe

Qord wrote: »

While it's not really the best idea from a security perspective, I still rdp to my house. BUT....I set the router to only allow rdp connections coming from my office's ip pool. Since I can vpn into work at any time, I can always vpn to work and the rdp to home from there, so it's a little more secure than just having the port open to the world.

For a replacement for dyndns, you might want to check out no-ip. That's what I use now.

Qord, I just setup no-ip, but can't seem to connect from the outside to my computer's vpn connection. When I ping my no-ip name, I get my ISP's IP and a request timed out message. This seems right because of my home router in place. My question is did you have to port forward anything to get no-ip to work?

santaowns

I use logmein but also use openvpn with my webservers located in another state. I was able to walk my mom through installing logmein so it's very easy to install.

Qord

Nope, no special port forwarding set up. But it did take a while for the dns to resolve to the right IP.

J_86

So you already have the VPN part setup and are able to access their local network? If so, the you shouldn't need to open RDP ports open on their network, just VPN in and use RDP if you have already established local connection.

I personally would not open RDP access up to the internet, but that is just me. Too many things/people scanning the whole internet looking for that type of thing. Sure you have a strong password, but what happens when someone uses some 0 day exploit on the Window box or something like that. You just never know with internet facing devices. Maybe I'm just overly paranoid

pamccabe

J_86 wrote: »

So you already have the VPN part setup and are able to access their local network? If so, the you shouldn't need to open RDP ports open on their network, just VPN in and use RDP if you have already established local connection.

I personally would not open RDP access up to the internet, but that is just me. Too many things/people scanning the whole internet looking for that type of thing. Sure you have a strong password, but what happens when someone uses some 0 day exploit on the Window box or something like that. You just never know with internet facing devices. Maybe I'm just overly paranoid

Yes, the VPN is setup and works. The issue is that I have to use the public IP and not the dynamic dns name. Maybe like Qord said, I need to be patient. Anyway, when I am connected through the VPN I cant not use RDP. To get it to work I had to open the ports on the router. Then it worked great. I've since turned that off, because like you, I am paranoid. Actually, I just tried it again and I can connect through the VPN. However, when I check my IP I do not have an IP from the local DHCP server. Makes me wonder if I truly have a connection or not. Although, on their computer, it shows there is one connection.

discount81

I don't think i'd recommend what you are attempting to do.

LogMeIn/TeamViewer is a much safer solution.

Alternatively buy a router or firewall that is capable of handling incoming VPN connections.
I have a ZyXEL ZyWall as my firewall at home (costs about $120), and I can SSL VPN into it any time, I use no-ip for the dynamic dns.

Untangle is great also if you have a spare machine to put it on, and the room to store it.