Pretty soon I'll have to set up a Vista PC (home edition, without terminal services) for someone to access over the internet (telework from home kinda thing).

I started this thread before: message_topic.aspx?topic=399746 and then it sounded like most people were using Hamachi and ultravnc. I ended up using UltraVNC at the time, and it worked well, but that was XP and that was 2 years ago.

What are you using currently to access PCs remotely (consumer wise, don't wanna hear about cisco and juniper plz)

4/8/2008 9:14:02 PM

I'm a fan of http://www.logmein.com. Seems to work well and I don't need to think about my IP.

4/8/2008 9:19:26 PM

oh sorry forgot to mention we would like it to be free (one reason i was/am a fan of ultravnc)

do you use the free version? what limitations are there?

4/8/2008 9:21:11 PM

Personally I use Hamachi + Remote Desktop.

The next best alternative for you would probably be Hamachi + some flavor of VNC. I've always used tightVNC, just because someone told me once it was the best, and it always worked for me. There might be some other ones that are better/newer.

But definitely use Hamachi. And if getting to your PC is critical, if your computer were to restart, I would also get a dyndns and open up a port on your router to connect until you can load up Hamachi (Hamachi doesn't autostart as a service unless you buy the premium version).

4/8/2008 9:21:45 PM

Quote :

"But definitely use Hamachi."

what does Hamachi add to the mix, why do you need that in addition to one of the VNCs?

4/8/2008 9:26:01 PM

I do you use the free version of logmein.com. It does lack some of the features of the pro version (you can't copy files from one pc to the other is the main drawback) but for remote control it works well.

4/8/2008 9:27:47 PM

if they could stand to use vnc instead of RDP for 2 years, it should still work fine for them. But if they do a lot of work from home its worth the extra $50 for a version of vista that does RDP.

4/8/2008 9:29:18 PM

hamachi and ultr@vnc FTW

Quote :

"what does Hamachi add to the mix, why do you need that in addition to one of the VNCs?"

hamachi basically allows you to have access to any computer that receives a dynamic IP...so even if your IP changes, the address that's assigned through hamachi doesn't, so you can always VNC into the machine if it's online or not

[Edited on April 8, 2008 at 9:32 PM. Reason : .]

4/8/2008 9:30:33 PM

putty and xwin32

4/8/2008 9:39:12 PM

^^Not if the pc isn't online, if the IP changes

[Edited on April 8, 2008 at 9:40 PM. Reason : v ]

4/8/2008 9:39:52 PM

^^^ so hamachi means you don't have to keep checking the ip address of the pc you want to access huh?

4/8/2008 9:43:02 PM

Logmein is the same way, you don't need to know the IP. With logmein you go to logmein.com and login to your account and it connects to the pc that is running the logmein agent. I haven't used Hamachi but it appears to perform a similar function.

4/8/2008 9:44:34 PM

^^ yes

^ aren't they the same thing? i mean, hamachi was definitely first, but i think they "changed" to LogMeIn Hamachi, where logmein is the web client, and hamachi is the actual program

4/8/2008 10:21:03 PM

i use logmein, the free version. the only limitations of the free version vs. the paid is remote sound and drag and drop file transfer and there are definitely workarounds.

4/8/2008 10:36:02 PM

ultravnc does the file transfer stuff...i don't know that i've ever even thought about sound

4/8/2008 10:46:08 PM

I use hamachi+realvnc for any XP machines that I work with but VNC doesn't work with Vista. Remote Desktop is the only thing I can think of but you are using home edition so, good luck man.

4/8/2008 11:03:17 PM

Whoa whoa ... Hamachi is not just a tool to link to your computer regardless of it's IP address (I mean, it DOES, but ...), you are perhaps forgetting the most important reason to use Hamachi when connecting remotely to your computer. ENCRYPTION. That's right, Hamachi creates a secure tunnel between you and your remote computer. By default, the VNC clients do not have encryption built in, so you are encouraged to operate them over an SSH connection, well Hamachi handles that for you.

So yes, use Hamachi, but know WHY you are using it

4/8/2008 11:11:09 PM

^ hah, you're right...it's important, but i keep forgetting that over the extreme convenience

Quote :

"VNC doesn't work with Vista"

ultravnc works just fine on both of my vista machines...is it just realvnc that doesn't work for you?

4/8/2008 11:28:04 PM

a) Hamachi & VNC-variant (ultraVNC, RealVNC, TightVNC)
b) Hamachi & RDP
c) Logmein (which doesn't require hamachi, it has it's own install, still uses encryption)

Hamachi creates a VPN, not to be confused with VNC

VNC's cannot create VPN's, so using hamachi isn't JUST about using encryption, it's also about getting past firewalls

[Edited on April 8, 2008 at 11:57 PM. Reason : ,]

4/8/2008 11:54:38 PM

^^well it might be, I'll try ultravnc sometime

4/9/2008 12:04:40 AM

i have an avocent digital IP KVM racked in my server room (aka a corner of my attic) and wired up to my various boxes via preexisting cat5e

NAT port redirection + hamachi bridged to the local network + kvm web access = win

4/9/2008 12:12:37 AM

my better is better than your better

4/9/2008 1:06:57 AM

^^if you run across any more for cheap, let me know? thanks!

4/9/2008 1:13:46 AM

^yeah, seriously...

but it begs the question why use a $4,000+ piece of hardware and then put it up in the hot attic? why not invest in an actually cool environment for your server rack.

my server rack is going in the basement

[Edited on April 9, 2008 at 1:28 AM. Reason : .]

4/9/2008 1:28:06 AM

How do you know his attic isn't cooled?

4/9/2008 1:44:59 AM

good question, i just assumed attic to be an unconditioned, unfinished space...

i do like the hardware!

4/9/2008 1:54:33 AM

All this shit makes me so happy I just use Remote Desktop. Uses TSL, plenty of good encryption, everything works exactly as it should. Don't have to worry about IP's changing or connecting to websites or paid subscriptions or extra hardware or configuration.

It just works, and damn well I might add. Though admittedly I might be a little biased

4/9/2008 2:04:24 AM

^Um, Hamachi ... "just works" ... and it works for many other uses and applications than just with Remote Desktop or VNC. It's called a no-nonsense VPN, and is completely free unless you want to use the Premium version which enables 100Mbit connections instead of just 10Mbit, which is a non-issue.

Microsoft has yet to offer a product that even comes close to paralleling Hamachi's functionality between a Windows/Linux/Mac environment.

4/9/2008 2:15:23 AM

So Remote Desktop is encrypted well enough so your stuff can't be spied on?

That great to hear. I guess I don't need the encryption from Hamachi then, except for the convenience of not having to worry if my IP address were to change.

4/9/2008 7:30:58 AM

^dyndns.org + adding it to router config works for me.

Any tips on improving performance with RDP? 6meg/768 DSL -> 8meg/512 and 20ms-40ms pings should be enough not to lag at all eh?


lol, don't install hamachi over rdp.

[Edited on April 9, 2008 at 9:42 AM. Reason : .]

4/9/2008 9:34:15 AM

Quote :

"^^if you run across any more for cheap, let me know? thanks!"

government surplus ftw.

Quote :

"but it begs the question why use a $4,000+ piece of hardware and then put it up in the hot attic? why not invest in an actually cool environment for your server rack."

only place i've got to put things, plus it's semi-soundproofed - have you ever been in a datacenter before? i do not want my house to sound like there's a jet engine in it.

it doesn't really get that hot in there, and if it does, the UPS is attached to a thermostat that will gracefully shut everything down if the temp gets above 100 and email my phone.

trying to find a freestanding air conditioner i can stick in there that will kick in at like 95 degrees to try and offload some heat.

4/9/2008 10:53:39 AM

^oh i totally understand the noise issue, and the fact that you have your UPS has a temp features is a major plus.

i forgot to add... my d-link dgl-4300 has dyndns.org built-in and adding the RDP port to router config is setup as well.

i like to have redundant ways to access my computer, and since RDP is windows-only, i think that's a pretty major restriction, while the performance is phenomenal over an intranet, i find over the internet, VNC actually performs better (with similar settings)

gs7, you can't really compare RDP to hamachi as they are used for different purposes. i use RDP over hamachi all the time...

Quote :

"Don't have to worry about IP's changing or connecting to websites or paid subscriptions or extra hardware or configuration."

Noen, your arguments are not entirely valid, what if i'm in an internet cafe across the globe and i want to access my computer at home, but cannot run hamachi/vnc/rdp? logmein is FREE and very useful for this purpose, no software listed in this thread requires a subscription... no option here has to worry about changing IP's or configuration....in fact hamachi is a zero-configuration VPN...

where as with RDP, you need to use a dynamic dns (in case of changing IP's) and the major drawback to RDP is that it's windows-only and it doesn't create a VPN, so you have to manually open the firewall ports for it, not an option for work-environments where you may not have control over the firewall.

coming in here and saying that all you'll ever need is RDP (and the fact that you work for Microsoft) is a bit arrogant, and quite frankly why i think Microsoft lacks innovation, they take so much pride in their work, they fail to see why anyone would need anything else. while it may be all YOU need, it just doesn't work for everyone's situation.

[Edited on April 9, 2008 at 12:42 PM. Reason : .]

4/9/2008 12:34:22 PM

Quote :

"RDP is windows-only"

RDP is not windows only. xrdp is available for nearly every *nix derivative from my understanding. It's an open standard, and has clients for nearly every OS out there (including mobile devices).

Quote :

"where as with RDP, you need to use a dynamic dns (in case of changing IP's) and the major drawback to RDP is that it's windows-only and it doesn't create a VPN, so you have to manually open the firewall ports for it, not an option for work-environments where you may not have control over the firewall."

You don't need a VPN for RDP. You open port 3389 and done. You still have to open ports for VPN passthrough too, so this is really not an argument.

I'm not saying logmein and hamachi aren't great, I'm just saying I think it's funny that you and others put up with all kinds of restrictions and limitations with these other services instead of using a fully featured, free option that already exists.

Quote :

"coming in here and saying that all you'll ever need is RDP (and the fact that you work for Microsoft) is a bit arrogant, and quite frankly why i think Microsoft lacks innovation, they take so much pride in their work, they fail to see why anyone would need anything else. while it may be all YOU need, it just doesn't work for everyone's situation."

I never said it's all ANYONE will ever need, just that I've never needed anything else (and I've used RDP for several years, long before working here). The rest of your quote is so grossly mis-informed I don't even know how to respond to it. I just spent the last hour with half of our upper management on a MSDN chat session with customers to answer questions from them and ask our customers what they need in the future.

And that's a pretty regular affair. What I find funny being on this side of the coin now, is that the most vocal haters of the things I work on (I can't speak for Windows or Office) are generally absolutely miniscule parts of our market and the reason they don't get their wants is because it's in direct opposition to a large, verified, tested, and happy majority.

[Edited on April 9, 2008 at 2:04 PM. Reason : .]

4/9/2008 1:57:59 PM

haha, i know i just had to throw that in there...

Quote :

"You open port 3389 and done. You still have to open ports for VPN passthrough too, so this is really not an argument. "

hamachi you do not need to open any ports for, like i said zero-configuration... so my point about only being able to use RDP when you have access to the firewall still stands.

Quote :

"I'm not saying logmein and hamachi aren't great, I'm just saying I think it's funny that you and others put up with all kinds of restrictions and limitations with these other services instead of using a fully featured, free option that already exists."

and i'll say it again, hamachi is not a remote control application, it's a private vpn tunneling app, it's free, zero-configuration, and very very minor restrictions like you only pay for more than 16 users or something crazy like that.

logmein is free, while there are "some" restrictions on it, it allows a user to control the computer from a web browser it's that simple.

i use RDC when i can, don't get me wrong. but it is FAR from the ideal solution for EVERY situation, especially on machines that don't have an RDP app installed or give the user rights to.

BTW, you need to install RDC 6.0 for XP SP2 just to communicate to Vista.... (so what were you saying about how easy it is)???
[hopefully MS will push RDC 6.0 out in SP3, which it looks like they will - http://technet2.microsoft.com/windowsserver2008/en/library/f6dc3107-81dc-4827-8f07-75241ed351761033.mspx?mfr=true]

[Edited on April 9, 2008 at 2:46 PM. Reason : .]

4/9/2008 2:30:06 PM

all this said, dyndns + RDP + 3389 route is all i have ever used, unless I'm trying to use my laptop as a media remote and then I'll use some derivation of VNC. And yeah, I installed RDP on OS X two nights ago.

Right now i'm trying to gauge the benefits of setting up a VPN. Hamachi's virtual network adapter pissed me off and I didn't feel like setting it up after it blocked my remote connection even on the private LAN.

[Edited on April 9, 2008 at 4:19 PM. Reason : ,]

4/9/2008 4:19:36 PM

my Vista computer at work generated its own SSL cert when i turned RDP on. I thought that was pretty cool.

4/9/2008 4:31:49 PM

^^fwiw, i've never experienced any problems with hamachi blocking any app (or protocol) over the VPN, especially not with RDP, i'd say try it again

4/9/2008 4:49:51 PM

i do like hamachi

i actually stuck DNS entries pointing to my hamachi addresses in my e00.us zone - makes it so much easier to access machines...

4/9/2008 5:03:46 PM

Quote :

"hamachi you do not need to open any ports for, like i said zero-configuration... so my point about only being able to use RDP when you have access to the firewall still stands."

Correct me if I'm wrong here, but dont you STILL need to have VPN pass-through ports open? Which is STILL not zero-config.

Quote :

"BTW, you need to install RDC 6.0 for XP SP2 just to communicate to Vista.... "

You need to install hamachi to connect to anything. What's your point? I carry the RDC client on a thumbdrive JIC.

The thing that bothers me about Hamachi is: it's centralized, closed source and beta. All that VPN, SSL encryption doesn't mean anything to me when there's the possibility of my connection being tapped into or monitored from their central server. The beauty of RDP is it's point to point. Hamachi says it's secure, but no one really knows, and all it takes is one disgruntled employee to ruin some lives.

4/9/2008 5:26:45 PM

Quote :

"Correct me if I'm wrong here, but dont you STILL need to have VPN pass-through ports open? Which is STILL not zero-config. "

nope, it tries uPnP, if it can't forward, it tries to use something like STUN... if that still doesn't work, it defaults to using a proxy.

so no matter what the configuration, you can connect.

my office machine (which only has internet access through a squid proxy that doesn't even do socks5) is able to be on the hamachi network, so that's saying a lot.

4/9/2008 6:14:58 PM

Quote :

"Correct me if I'm wrong here, but dont you STILL need to have VPN pass-through ports open? Which is STILL not zero-config. "

i've never had to login to a router to open ports for hamachi, it's a tunneling app.

and please read up on hamachi before posting again... hamachi is peer-to-peer. the central server only helps establish the connection... no data is passed through their server.

Quote :

"You need to install hamachi to connect to anything. What's your point? I carry the RDC client on a thumbdrive JIC."

my point is, it's not nearly as "built-in" as you say it is (or are inferring), it's not exactly "out-of-the-box"... and yes i can carry hamachi on a thumbdrive too... JIC.

[Edited on April 9, 2008 at 6:25 PM. Reason : .]

4/9/2008 6:18:04 PM

Wow you are misinformed about what tunneling (or a VPN, same thing) is, Noen. It's apparent that you don't know anything about an SSH connection either ... well using SSH you create a secure connection between each machine, to where it looks as if there is 0 hops between the machines. Fully encrypted communication. With this protocol you can forward ports from one machine to another, in Linux you can even forward the X11 display across the connection among other things. However, there is a lot to setup and has to not be restricted by a firewall, or have a specific ports opened.

Well, Hamachi creates that tunnel/VPN, sure it's less featured than a proper SSH connection, but due to how they created the clients and how they create a virtual network adapter for the connection the need for firewall holes is eliminated. The only thing they do as an in-between is manage the private networks between Hamachi IPs ... In other words (and maybe you should see this for yourself and be informed rather than otherwise), only Hamachi IPs that are part of your password-protected private network can see/route to your Hamachi IP.

Oh and also, for someone who is so bothered by the closed-source-ness of Hamachi ... Why do you use Windows, or any Microsoft product? They are all mostly closed-source. Ok then. The centralized nature of Hamachi is as I said, just a routing, no data passes through their servers.

Hamachi is point-to-point ROUTING, stop comparing it to RDP already.

4/9/2008 7:44:34 PM

i cant tell who is trolling

4/9/2008 8:12:34 PM

Quote :

"I'm a fan of http://www.logmein.com. Seems to work well and I don't need to think about my IP."

FTMFW

4/9/2008 8:53:17 PM

Quote :

"Personally I use Hamachi + Remote Desktop. The next best alternative for you would probably be Hamachi + some flavor of VNC."

opening rdp on an public ip and then tying that ip to an advertised dns is a bad idea, particularly if any of the passwords on your box are weak. anyone scanning is gonna see a listener on 3389, if group policy isnt set (likely isnt), enumerate the accounts, and then start brute forcing. without another group policy setting, rdp doesn't lock you out for hammering. if you're going to just use rdp, forward something like port 89325 on your router to 3389 on your local machine. rdp over hamachi is a much better option however, especially if you set your windows firewall to only accept rdp connections over the 5.0.0.0 address range.

you never advertise your machine, you don't have to open ports if you use upnp (though I can't say I trust the security of upnp), and all your traffic happens over an encrypted tunnel. never having to remember your ip is an added bonus. AND if you don't trust everyone with a hamachi account, you can set hamachi to only allow traffic from people in a particular vlan you create.

I use hamachi at home and on my laptop so I can use my desktop at home as a proxy for browsing, aim, and email when I'm on a wireless connection. It works great, just get a free proxy like privoxy and a plugin like foxyproxy for firefox/opera or just manually set it for IE.

4/10/2008 10:49:48 AM

Quote :

"Wow you are misinformed about what tunneling (or a VPN, same thing) is, Noen. It's apparent that you don't know anything about an SSH connection either ... well using SSH you create a secure connection between each machine, to where it looks as if there is 0 hops between the machines. Fully encrypted communication. With this protocol you can forward ports from one machine to another, in Linux you can even forward the X11 display across the connection among other things. However, there is a lot to setup and has to not be restricted by a firewall, or have a specific ports opened. Well, Hamachi creates that tunnel/VPN, sure it's less featured than a proper SSH connection, but due to how they created the clients and how they create a virtual network adapter for the connection the need for firewall holes is eliminated. The only thing they do as an in-between is manage the private networks between Hamachi IPs ... In other words (and maybe you should see this for yourself and be informed rather than otherwise), only Hamachi IPs that are part of your password-protected private network can see/route to your Hamachi IP. Oh and also, for someone who is so bothered by the closed-source-ness of Hamachi ... Why do you use Windows, or any Microsoft product? They are all mostly closed-source. Ok then. The centralized nature of Hamachi is as I said, just a routing, no data passes through their servers. Hamachi is point-to-point ROUTING, stop comparing it to RDP already."

Even with tunneling, you STILL need an open port to do so, do you not? I completely understand how Hamachi works. I also completely understand (but apparently yall don't) that you are using a central routing service for SSL connections. Which is a potentially major security weakpoint. It's not that I distrust Hamachi, but the point is (and is completely valid) that you have no idea how secure their side is. And I can see, just off the top of my head, several ways to spoof the service, piggy back on the VPN tunnel and worm one's way into either end (or just snoop all the data I pleased).

Microsoft is a completely different ballgame from Hamachi. The former has government compliance to worry about and major business and governmental partners to provide security for. The latter makes no claims or assurances (nor do they need to) over the security or operational spec of their product.

It's been a while, but I did do quite a bit of study on computer security and did pretty well at it And the classic weakpoint to any P2P encapsulation security has always been introducing a 3rd tracking/location/pairing entity.

4/10/2008 5:34:20 PM

^i missed the convo, can you elaborate on this:

Quote :

"And I can see, just off the top of my head, several ways to spoof the service, piggy back on the VPN tunnel and worm one's way into either end (or just snoop all the data I pleased)."

4/10/2008 5:45:01 PM

the only thing that happens at hamachi's central server is the coordination of the initial 3-way hand shake. sure, if someone at hamachi wanted to write some code that corrupted the handshake and all traffic to a man in the middle on the way to the other end point it could, but the traffic is still encrypted. so, while you could intercept it, you couldn't do anything with it. it's RSA 256bit public key encryption. its pretty doubtful someone with the resources to bruteforce that would care enough to.

[Edited on April 10, 2008 at 6:09 PM. Reason : I guess you could snag the private key too, if it goes over the wire]

4/10/2008 6:04:58 PM

You DO NOT need an open port to use Hamachi, it makes both clients think they are outgoing connections to each other and magically the connection is made, it's really quite brilliant. You should read up on Hamachi, you don't know how it works. The Hamachi servers are NOT central routing servers, they are central CONNECTION servers ... they don't even play into the mass amounts of traffic being exchanged between your machines, they just tell each machine how to find each other. They are the authentication and gateway to your machines finding each other initially. They have NOTHING to do with any data transfers.

I trust them because I have not found a single security expert to distrust or prove Hamachi to be insecure. For instance, when I use Hamachi within my home network they connect to the Hamachi server to find everyone in their private network, once they find them they just send keep-alives to Hamachi's servers, and all my Hamachi network sees each other. Now ... when I transfer files, etc, I can max out the 10Mbit/s bandwidth limit imposed by the free Hamachi client (the premium edition goes to 100Mbit/s). I would like you to note that if this data were passing through their servers first my transfer rate would most definitely be about 0.35Mbit/s.

Security experts have even said there is no way to spoof this, etc ... it's secure, encrypted, all good and proper. I challenge you to find otherwise.

From a notable security source, Gibson Research Corporation (GRC):

http://www.grc.com/sn/SN-018.htm

Quote :

"So you're able now to securely and safely use Remote Desktop through this Hamachi link with absolutely no concern that it can be eavesdropped upon. I've spent - I started talking to Alex on December 1st, and here we are on the 15th. I spent two weeks back and forth with him, asking him, I mean, bugging him to death, asking him very detailed questions about, okay, what about this? Are you hashing this password? Is it stored on the machine? You know, everything. He has done this, I mean, perfectly correct. The client builds an asymmetric key pair, a so-called public key pair. It gives the public one to the server so that the server can be used as the key distribution mechanism. And you're able to also see it in your client if you want. But the nice thing about the server having the public key is then other clients that you agree you want to have connect to you, they receive the key from the server. Basically Hamachi is a zero configuration VPN peer-to-peer system. It does NAT traversal so that you're able - two people behind NAT routers, it will connect them. His server does not forward any traffic. And in fact it is not a relay. It actually establishes direct point-to-point connections between the machines. So this is how he avoids the router issue, the firewall issue. He has a third point, a middle point that you both make outgoing connections to which - and then he connects you. So he looks, he basically figures out how your router is working, characterizes your router, and then works out - he tells then both clients over a TCP connection how to find each other. They find... This is without opening - doing any port forwarding or... And that's the other cool thing, is that if you had a VPN router, if you had any server running on your system, you'd have to have static ports open in order for you to be able to connect to it from the outside. Not so with Hamachi. It makes outgoing connections to the server, maintains a static TCP connection, then when you want traffic to go between machines, it's able to negotiate that directly. Using a random IP - a port that - it does use a port, though, doesn't it? Well, it's able to work through the local NAT router's port. So it works with whatever port the NAT router has assigned to outgoing traffic. Well, so it solves that problem. The security is complete. As I was saying about the asymmetric key pair, your private key never leaves your client. So you don't even have to trust the Hamachi server. The Hamachi server cannot be part of an attack on your system. It wasn't until I really understood this that I was willing to run these clients on my servers in my co-location. I mean, there is no way for the Hamachi system to access my stuff, even if it wanted to. ... If you were using Remote Desktop without Hamachi, you'd have to have port 3389 wide open to the world. Everyone knows 3389 is Remote Desktop Protocol, and so you're potentially vulnerable to, I mean, anyone knows you've got that open and soliciting a connection. If you use Hamachi to give you the same functionality, a direct point-to-point connection, it's encrypted and strongly authenticated, which Remote Desktop Protocol won't do. You still have a point-to-point connection."

Oh and one more thing, Hamachi has never tried to hide what they are doing, they just prefer the closed-source lifestyle. They are very open about their security however:

https://secure.logmein.com/products/hamachi/securityarchitecture.asp

[Edited on April 10, 2008 at 6:27 PM. Reason : .]

4/10/2008 6:08:23 PM

^THANKS! That article is awesome, and yes I definitely needed to be edubicated on how it all works. very clever indeed. Though I still have my doubts on the infallability of the handshake, ill look into that later though

Really cool piece of kit there, call me wrong and I'll shut my trap

4/10/2008 7:04:02 PM