0

I have a home server that I used to administer remotely via RDP. I simply opened a port on my router and connected. The server is now using the commercial iVPN service, and while I can still connect via the LAN I can't connect from outside any more.

This seems to be because the iVPN client routes all non-LAN traffic through the VPN, so the server is unable to accept connections from the WAN.

I want to avoid relying on third party services to connect to my server, so things like TeamViewer are out. I'm not tied to RDP though, I could switch to VNC. I have a private domain which can host web applications. I could attach something like a RaspberryPi to my LAN if required.

I considered creating a VPN connection in to my LAN. I would rather avoid that level of access if possible, but it's an option I am aware of and would interested if it could be limited to only allowing RDP sessions.

How can I remotely view my server's desktop, ideally with RDP, while it is connected to the VPN?

Improve this question
3
  • You should use one of the programs or services you have listed in your question. We can't recomend specific clients, applications, or services as those would all fall under a recomendation. If you want to connect to the server, which is connected to a VPN, then the client also has to connect to the VPN. That is typically how you configure what you want to do. Allowing any client not connected to the VPN woudl be a huge security threat.
    – Ramhound
    Commented Jan 20, 2017 at 13:50
  • It's possible to set up routing to allow certain, limited connections outside the VPN in a reasonably secure way. Also, if services like TeamViewer can offer assistance to connect without ports open or knowing the server's IP address, then it seems like I should be able to run such a service myself.
    – user3241
    Commented Jan 20, 2017 at 17:37
  • Teamviewer uses works without having to forward ports, simply because it connects to the web service, hosted outside of your network. You can use VNC while connected or not connect to your VPN. Of course what address you use would depend if your connected or not connected to the VPN.
    – Ramhound
    Commented Jan 20, 2017 at 17:46

2 Answers 2

Reset to default
0

The server is now using the commercial iVPN service, and while I can still connect via the LAN I can't connect from outside any more.
This seems to be because the iVPN client routes all non-LAN traffic through the VPN, so the server is unable to accept connections from the WAN.

Yep, that's the purpose of a VPN. Once you have a VPN set up it doesn't make sense to keep access open from the WAN -- that would be a security risk.

Your client needs first to use a VPN client to connect to the VPN, then access the server's desktop via RDP (or any other protocol; once you're on the LAN via VPN, you're pretty much free to choose any protocol you want knowing that the traffic is not exposed to the outside world).

Improve this answer
1
  • The purpose of the VPN is to block my ISP and others in the UK from spying on my internet connection. While incoming connections outside the VPN would be visible to them, I am willing to accept that. The bulk of the traffic will be via the VPN and encrypted.
    – user3241
    Commented Jan 20, 2017 at 17:35
0

There are two ways to do this.

If your motherboard has Intel AMT you can configure that and open up a port on your firewall. The VPN only affects the running OS, the AMT stuff operates outside that. Be careful with AMT though, being firmware there may well be unpatched vulnerabilities so I'd be hesitant to open it up to the internet.

A better option is to use Guacamole. It's an HTML 5 based server for Linux that provides an RDP/VNC gateway in a browser. You then only need to allow access to the web server on your LAN, which then connects to the computer using the VPN.

Guacamole can be run in a VM on the same machine you want to connect to, or on another computer like a Raspberry Pi.

Setup guide: http://www.davewentzel.com/content/guacamole-clientless-rdp-gateway

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .