I’m a bit of a moron when it comes to understanding networks, so please be patient with me.
I have a Macintosh MacBook Pro laptop running OS X v10.4.8. My home desktop is a PC running Windows XP Media Center. Here’s what I want to do: As the Mac is the computer I travel with, I would like to be able to use it to access my desktop PC over the internet.
Now, I do have a static IP set up, so I do know what the IP address of my network is. Two computers are connected to the router: desktop #1, desktop #2, so they both obviously have a different local IP address, but share the same IP address with the rest of the world (I don’t know what the terms are for all this).
I am able to connect to both computers on my local wireless network by using Connect to Server > smb:\COMPUTER1 and smb:\COMPUTER2. So I know the network is set up fine, my Mac and PCs can see each other, etc.
So, what I need to do is set it up so when I’m away, I can access COMPUTER1’s hard drives remotely. I do not need to see the desktop or anything like that. I just need access to four internal hard drives to pull up files when I might need them.
I tried setting up VPN on COMPUTER1, but I have no idea how it works, nor how exactly would VPN know which computer I’m trying to access when I VPN to my static IP address. The IP address only describes the beginning of my network connection, i.e., the router, right?
As you can tell, I have no idea what I’m talking about, so please be gentle and hold my hand through this.
OK - I’ll try and create some context for you to think about.
From the outside (internet), the end point you are connecting to is your router. To get from your router to the internal PC, you need to create a “forwarder” - this is a defined external port (1025, maybe) that forwards packets to a defined internal IP address and port (your PC and the port of whatever client system you are using). Only use specific port forwarding - don’t use the feature that allows all external packets to be forwarded to an ip address (sometimes called a DMZ entry) - this will expose your PC to the internet, and put it at risk of being compromised.
So you first need to determine if your router can be configured to do this.
Then you need to install a server on your internal PC and a client on your remote. The issue here is that the system needs to be cross-platform. OpenVPN is a good option (but difficult to set up), Hamachi is another (but I think that the MacOS side may be awkward). You also need to tell your PC firewall about this server too.
While you don’t want remote desktop capability, some of the VNC based systems offer great file management tools, encrypted communications and cross platform capabilities - it may be easier.
Finally, you need a way to find your router when you are on the road - you state you have a static ip address. This will help. However, you could also use a service like DynDNS.org to set up a free DNS entry and use that instead of the ip address - or add a host file entry (can you do that on a Mac?).
Si_blakely has it. You’ll need to set up a VPN of sorts which tunnels to the XP machine and VCN or something like it.
Something you may want to consider is another element in your network - a NAS: network attached storage.
The only reason I bring this up is because I just discovered the Linksys NSLU2 (AKA, The Slug). It’s a small device with two USB ports and an Ethernet port. I was interested because it runs linux firmware and is very alterable. But, I’m running the Linksys firmware at the moment and it is doing what I need.
Basicly hookup is simple. You plug a USB hard drive in to the Slug, pop it on your network and assign it an IP. There is a quick walkthrough via a web browser to set up usernames/passwords and network shares. Once set up you can access the files from the network using a SAMBA connection (what you’re using now) or via the web interface located at the slugs IP address. One of the Linksys firmwares offer FTP support and with the mods out there anything is possible.
I’ve got mine hooked up to a Western Digital 500gig Mybook USB drive. Tomorrow I’m buying another for a total of one terabyte of storage. It’s been running rock solid and fast (once I loaded the R25 linksys firmware into it). I have all my work and studio files backing up to the slug (via automated script) in a protected directory, but my family uses it to place their files in a public share (no username/password needed). I’m even using it to serve the mp3 files for my Dlink DSM-320 wireless media player - all the mp3 files are in the public share.
The benefit of this type of setup means you don’t have to rely on your Windows box being up and running while you’re away and you have an external backup for your important files.
One of the slug mods you can add is SSL ablility which would cover your encryption needs. You can find this stuff here.
Oh yeah, the best part. The slug costs around $80-90 in the US. I got mine for about $120 in Canada. The 500 gig Mybook cost me $250. That’s damn cheap for a NAS device.
For the client/server I would recommend some sort of implementation of SSH. Running an ssh server on your WinXP box (perhaps this) and then grabbing a GUI SFTP/SCP client for your Mac (perhaps this). I do this using Linux as an SSH server and connect to it using WinSCP3 from WinXP.
This would be much more secure then VNC, since SSH provides point to point encryption.
UltraVNC has an optional encryption module. Other VNC varients do too (although I have not looked at the Mac clients). The use of some form of SSH is an option - I use WinSCP all the time, but over a VPN when remote. If you are setting up SSH, why not use OpenVPN - the configuration complexity is fairly similar and the VPN gives a more natural result?
Cool, I did not know that. I use tightVNC for work and they have warnings all over the place to use it only within secure networks. When I use it to remote to home I tunnel it over SSH.
OK. Let’s say I have a spare computer and monitor lying around somewhere. Would it be easier to set this up as a Linux box (as a server) or something and then network all the other computers around it?
Well, looking at my router management screen, I see optiong for Port Forwarding/Port Triggering, WAN Setup, LAN IP Setup, Dynamic DNS, Static Routes, Remote Management, UPnP. There is also that DMZ entry somewhere.
Also, doesn’t XP itself have a way of setting up a VPN server? I could have sworn I went through one of those options in the New Connection Wizard. There’s an option for “Setup an Advanced Connection” that follows with “Accept Incoming Connections.” I didn’t know what exactly to do with all this, though.
This would be my choice. Look at SME7.1 (www.smeserver.org and www.contribs.org). This has got to be the easiest way to set up a linux firewall in the world - I’ve been running this for years. It does firewalling, file sharing, VPNs, web mail, web hosting, spam trapping. And the forums are full of helpful people, and most of the addons are wrapped up into installable units. Really, really cool. Put two network cards in the computer, connect one to the inside network, and one to the router, and away you go (this is called gateway mode).
Port Forwarding is probably what you want to look at, once you have decided which way you want to set things up. And it looks like the router can handle setting up DynDNS notifications, too.
That would be OK if you were using an XP laptop as a client - I can’t remember what XP uses for VPNs but it probably won’t be compatible with a Mac. Typical MS. Ah - I remember - PPTP (Point to Point Tunnelling Protocol). Mac OS X has a client, so it may be an easy win, but I really would not trust XP to maintain a VPN. Also, your router firewall may have issues with the required two sessions. YMMV.
It seems that, in theory, my XP Media Center should be able to handle connections coming from an Apple over PPTP.
Is there an easy way to test the VPN? Do I have to calling in from a different IP address, or can I sit here on my Mac, VPN my own IP, and have the XP box pick up the connection?
One more dumb quesiton, to make sure I understand what’s going on here:
My router has an IP address of, let’s pretend, 70.70.70.70–My XP box has an internal IP of 192.168.1.5.
So, when I use PPTP to VPN 70.70.70.70, I need to forward the port 1723 (PPTP) to 192.168.1.5, right? Is this what’s happening: when I VPN 70.70.70.70, the router notices incoming packets on port 1723, then it looks up its port forwarding list, and decides to send the packets over to 192.168.1.5?
If so, how do I make sure or know that the computer on 192.168.1.5 is “listening” or knows what to do with this incoming data stream?
Am I understanding the basic concept here correctly?
Access it in what sense? Be able to mount its C:\ drive on your Desktop? Or ssh into it and run commands from the command prompt? Or have a window appear on your Mac screen that shows the PC’s Desktop, Start Menu, and cursor, and run the whole freaking PC remotely just as if you were at home sitting in front if it?
For the lattermost: Timbuktu. Timbuktu is God. Trust me on this. Nothing is as fast, as flexible, or as secure for running a computer from another (faraway) computer. They’ve been doing it for eons and they’re very very good at it. (Do wish they’d release a Linux version though).
As a distant second-place alternative, PCAnywhere now (supposedly) has a Mac version.
As an even more distant (but free) third-place alternative, VNC will do the job, albeit very very sluggishly.
Timbuktu can tunnel better than any of the others. It can deal with DHCP and it can even deal with 192.168.xx.yy addresses that aren’t NAT’ted to the outside world at all, if you’re willing/able to piggyback Timbuktu on top of Skype (it can do that).
Oh… have you tried FTP? Will it reconcile properly when you try it? If not, …well, Timbuktu for just file access may seem like overkill but it has a great interface for file copying from one computer to the other. (One of the reasons I regard VNC as such a step-down, although far from the only reason).
If you’ve tried FTP and gotten nowhere, is the router set up to auto-forward requests to the local machine, or does the local machine get a different local IP at each bootup?
I haven’t tried FTP, but that would not be a bad solution, to tell you the truth. My computers local IPs are fixed. The desktop I want to access is always 192.168.1.4. How do I set up the XP box as an FTP server, and what do I have to do with the router settings? Do I just set the FTP port forward to 192.168.1.4? And then what?
OK, I found an online tutorial, and I set up IIP on my XP box, and it seems like everything is correctly configured. Should I be able to ftp to it from my Mac, even though we’re both on the same IP address or must I log in somewhere else? Because, at the moment, FTP’ing my IP from the terminal is doing nothing.
OK, we’re getting closer. We ftp’ed from a remote account, and I’m getting a connection, XP box is showing our login under User Sessions, but when I type in “ls” or “pwd,” it just hangs. What’s going wrong here?
To be specific, this is what I get:
230 Anonymous user logged in
Remote system type is Windows_NT
ftp> ls
200 PORT command successful.
150 Opening ASCII mode data connection for /bin/ls.
Your FTP sessions are NOT encrypted in any way (including username/password info), so your home PC can be compromised in a number of ways.
Not a good idea.
And PPTP may not be possible - the port 1723 is the control channel, but the data channel is sent on GRE (IP protocol 47, not the same as port 47) which your router may or may not be able to handle.
OpenVPN can be used with only TCP forwarding and NAT, as can SSH. Try those.
Let me repeat - FTP is insecure.
And you will have to test whatever configuration you choose from outside your own network - it is the only way.
Anyhow, I will look into your suggestions. Networks are a friggin’ headache for me, but thanks to your and other’s explanations, they’re becoming a little clearer. I never did get regular FTP access to work for me. In active mode, I just get it to hang at any PORT command like get/ls/dir etc. Microsoft has some explanation for why it happens, but I just don’t understand it. Switching to passive mode just causes a “No route to host” error.
But, anyhow, I’ll try setting up OpenVPN or something. I’ve never been able to properly set up remote networking on my system.
Wait…what does this mean exactly? Maybe this is the source of my PPTP woes. I have a friend with an Apple server and I can’t PPTP into his server either, even though all my settings seem to be okay. At my girlfriend’s place, though, it worked fine. I’ve been destroying my brain trying to figure out what router setting might be wrong, but haven’t been able to figure it out. I have a NetGear WGR614 wireless router. I’m more than willing to replace my router if it helps my issues.