Using TightVNC on corporate network...

classic Classic list List threaded Threaded
10 messages Options
Reply | Threaded
Open this post in threaded view
|

Using TightVNC on corporate network...

fred.hammond
I am trying to use TightVNC on my corporate laptop running Symantec Protection Agent. I want to connect to my home machine, which does have the TightVNC server up and running.  My company uses proxy servers, which I imagine is the reason why I can not connect to my home machine. I get the "failed to connect to server" error message.  Is there any way to get past the company's proxy server or configure TightVNC to work with my proxy server?

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
___________________________________________________________
TightVNC mailing list, [hidden email]
To change your subscription or to UNSUBSCRIBE, please visit
https://lists.sourceforge.net/lists/listinfo/vnc-tight-list
Reply | Threaded
Open this post in threaded view
|

RE: Using TightVNC on corporate network...

Bob McConnell
-----Original Message-----
> From: [hidden email] On Behalf Of
[hidden email]

> Sent: Monday, January 21, 2008 10:09 AM
> To: [hidden email]
> Subject: Using TightVNC on corporate network...
>
> I am trying to use TightVNC on my corporate laptop
> running Symantec Protection Agent. I want to connect
> to my home machine, which does have the TightVNC server
> up and running.  My company uses proxy servers, which I
> imagine is the reason why I can not connect to my home
> machine. I get the "failed to connect to server" error
> message.  Is there any way to get past the company's proxy
> server or configure TightVNC to work with my proxy server?

There are too many variations on firewalls and proxy servers to be able
to make any suggestions without more detailed information. But I think
you would be better off setting up an SSH tunnel from the office to your
home system, or vice versa, then use it to forward the VNC connection.

I currently do that in reverse so I can access my work machines from
home. Once I found out the external IP for the firewall I used Putty to
set up an SSH connection into the office network, forwarding port 5900
to one workstations and 5901 to the other. I then run two instances of
the viewer to access the two computers. Both locations are on
Roadrunner, so the bottleneck isn't very noticeable. I can also leave
the tunnel up and access it in reverse if I so desire. It's all a matter
of how the ports are forwarded through the SSH connection.

Bob McConnell
Principal Communications Programmer
The CBORD Group, Inc.
61 Brown Road
Ithaca NY, 14850
Phone 607 257-2410
FAX 607 257-1902
Email [hidden email]
Web www.cbord.com

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
___________________________________________________________
TightVNC mailing list, [hidden email]
To change your subscription or to UNSUBSCRIBE, please visit
https://lists.sourceforge.net/lists/listinfo/vnc-tight-list
Reply | Threaded
Open this post in threaded view
|

RE: Using TightVNC on corporate network...

John Serink
In reply to this post by fred.hammond
Hi Fred:

Right VNC uses tcp port 5900 as default for the server port. If your
company has proxy servers in for web traffic it is HIGHLY unlikely that
they are allowing port 5900 traffic out.
You can try to setup VNC on port 80 on your home machine with the
appropriate PAT entry on your home router and this should work. In you
vnc client you would connect like this:
a.b.c.d::80 where a.b.c.d is the IP address of your home internet
connection.

Be advised however that some ISPs block all ports below 1023 for home
type of DSL connections so that you can't setup your own
website/mailserver/newserver etc.

Cheers,
john



-----Original Message-----
From: [hidden email]
[mailto:[hidden email]] On Behalf Of
[hidden email]
Sent: Monday, January 21, 2008 11:09 PM
To: [hidden email]
Subject: Using TightVNC on corporate network...


I am trying to use TightVNC on my corporate laptop running Symantec
Protection Agent. I want to connect to my home machine, which does have
the TightVNC server up and running.  My company uses proxy servers,
which I imagine is the reason why I can not connect to my home machine.
I get the "failed to connect to server" error message.  Is there any way
to get past the company's proxy server or configure TightVNC to work
with my proxy server?

------------------------------------------------------------------------
-
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
___________________________________________________________
TightVNC mailing list, [hidden email]
To change your subscription or to UNSUBSCRIBE, please visit
https://lists.sourceforge.net/lists/listinfo/vnc-tight-list

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
___________________________________________________________
TightVNC mailing list, [hidden email]
To change your subscription or to UNSUBSCRIBE, please visit
https://lists.sourceforge.net/lists/listinfo/vnc-tight-list
Reply | Threaded
Open this post in threaded view
|

Re: Using TightVNC on corporate network...

Morgan Storey
another option that I have had some success in, in situations like this is installing Hamachi at both ends. Hamachi is a vpn client and server that gets around port blocking by searching for usable ports, and then setting up the return route through the nat as if it were a normal application. Very few sites won't allow at least one port full access out, so himachi works almost everywhere.

On Jan 22, 2008 12:06 PM, John Serink <[hidden email]> wrote:
Hi Fred:

Right VNC uses tcp port 5900 as default for the server port. If your
company has proxy servers in for web traffic it is HIGHLY unlikely that
they are allowing port 5900 traffic out.
You can try to setup VNC on port 80 on your home machine with the
appropriate PAT entry on your home router and this should work. In you
vnc client you would connect like this:
a.b.c.d::80 where a.b.c.d is the IP address of your home internet
connection.

Be advised however that some ISPs block all ports below 1023 for home
type of DSL connections so that you can't setup your own
website/mailserver/newserver etc.

Cheers,
john



-----Original Message-----
From: [hidden email]
[mailto:[hidden email]] On Behalf Of
[hidden email]
Sent: Monday, January 21, 2008 11:09 PM
To: [hidden email]
Subject: Using TightVNC on corporate network...


I am trying to use TightVNC on my corporate laptop running Symantec
Protection Agent. I want to connect to my home machine, which does have
the TightVNC server up and running.  My company uses proxy servers,
which I imagine is the reason why I can not connect to my home machine.
I get the "failed to connect to server" error message.  Is there any way
to get past the company's proxy server or configure TightVNC to work
with my proxy server?

------------------------------------------------------------------------
-
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
___________________________________________________________
TightVNC mailing list, [hidden email]
To change your subscription or to UNSUBSCRIBE, please visit
https://lists.sourceforge.net/lists/listinfo/vnc-tight-list

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
___________________________________________________________
TightVNC mailing list, [hidden email]
To change your subscription or to UNSUBSCRIBE, please visit
https://lists.sourceforge.net/lists/listinfo/vnc-tight-list


-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
___________________________________________________________
TightVNC mailing list, [hidden email]
To change your subscription or to UNSUBSCRIBE, please visit
https://lists.sourceforge.net/lists/listinfo/vnc-tight-list
Reply | Threaded
Open this post in threaded view
|

RE: Using TightVNC on corporate network...

fred.hammond
In reply to this post by fred.hammond
John, thanks for the response.  Could you be more specific in terms of how to configure my router? When I look in the settings, I see options for port forwarding or port triggering.  With port forwarding, I have to enter a start port, end port, and a server ip address.  With port triggering, I have to enter service type (tcp or udp) and triggering port in the SERVICE section.  In the REQUIRED INBOUND CONNECTION section, I have to enter service type, starting port and ending port.

What information should I enter in those sections and should I be using port forwarding or port triggering?


 -------------- Original message ----------------------
From: "John Serink" <[hidden email]>

> Hi Fred:
>
> Right VNC uses tcp port 5900 as default for the server port. If your
> company has proxy servers in for web traffic it is HIGHLY unlikely that
> they are allowing port 5900 traffic out.
> You can try to setup VNC on port 80 on your home machine with the
> appropriate PAT entry on your home router and this should work. In you
> vnc client you would connect like this:
> a.b.c.d::80 where a.b.c.d is the IP address of your home internet
> connection.
>
> Be advised however that some ISPs block all ports below 1023 for home
> type of DSL connections so that you can't setup your own
> website/mailserver/newserver etc.
>
> Cheers,
> john
>
>
>
> -----Original Message-----
> From: [hidden email]
> [mailto:[hidden email]] On Behalf Of
> [hidden email]
> Sent: Monday, January 21, 2008 11:09 PM
> To: [hidden email]
> Subject: Using TightVNC on corporate network...
>
>
> I am trying to use TightVNC on my corporate laptop running Symantec
> Protection Agent. I want to connect to my home machine, which does have
> the TightVNC server up and running.  My company uses proxy servers,
> which I imagine is the reason why I can not connect to my home machine.
> I get the "failed to connect to server" error message.  Is there any way
> to get past the company's proxy server or configure TightVNC to work
> with my proxy server?
>
> ------------------------------------------------------------------------
> -
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2008.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> ___________________________________________________________
> TightVNC mailing list, [hidden email]
> To change your subscription or to UNSUBSCRIBE, please visit
> https://lists.sourceforge.net/lists/listinfo/vnc-tight-list


-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
___________________________________________________________
TightVNC mailing list, [hidden email]
To change your subscription or to UNSUBSCRIBE, please visit
https://lists.sourceforge.net/lists/listinfo/vnc-tight-list
Reply | Threaded
Open this post in threaded view
|

Re: Using TightVNC on corporate network...

John Serink
In reply to this post by fred.hammond
Ok, let's try the default port 5900 first.
On your router, choose port forwarding.
Select tcp start port 5900 and end port 5900(which means port 5900 only). The server ip address is the local ip of your home pc with xp on it. Make sure you xp firewall is off.
See if that works.
Cheers,
John

----- Original Message -----
From: [hidden email] <[hidden email]>
To: John Serink; [hidden email] <[hidden email]>
Sent: Tue Jan 22 23:15:36 2008
Subject: RE: Using TightVNC on corporate network...

John, thanks for the response.  Could you be more specific in terms of how to configure my router? When I look in the settings, I see options for port forwarding or port triggering.  With port forwarding, I have to enter a start port, end port, and a server ip address.  With port triggering, I have to enter service type (tcp or udp) and triggering port in the SERVICE section.  In the REQUIRED INBOUND CONNECTION section, I have to enter service type, starting port and ending port.

What information should I enter in those sections and should I be using port forwarding or port triggering?


 -------------- Original message ----------------------
From: "John Serink" <[hidden email]>

> Hi Fred:
>
> Right VNC uses tcp port 5900 as default for the server port. If your
> company has proxy servers in for web traffic it is HIGHLY unlikely that
> they are allowing port 5900 traffic out.
> You can try to setup VNC on port 80 on your home machine with the
> appropriate PAT entry on your home router and this should work. In you
> vnc client you would connect like this:
> a.b.c.d::80 where a.b.c.d is the IP address of your home internet
> connection.
>
> Be advised however that some ISPs block all ports below 1023 for home
> type of DSL connections so that you can't setup your own
> website/mailserver/newserver etc.
>
> Cheers,
> john
>
>
>
> -----Original Message-----
> From: [hidden email]
> [mailto:[hidden email]] On Behalf Of
> [hidden email]
> Sent: Monday, January 21, 2008 11:09 PM
> To: [hidden email]
> Subject: Using TightVNC on corporate network...
>
>
> I am trying to use TightVNC on my corporate laptop running Symantec
> Protection Agent. I want to connect to my home machine, which does have
> the TightVNC server up and running.  My company uses proxy servers,
> which I imagine is the reason why I can not connect to my home machine.
> I get the "failed to connect to server" error message.  Is there any way
> to get past the company's proxy server or configure TightVNC to work
> with my proxy server?
>
> ------------------------------------------------------------------------
> -
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2008.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> ___________________________________________________________
> TightVNC mailing list, [hidden email]
> To change your subscription or to UNSUBSCRIBE, please visit
> https://lists.sourceforge.net/lists/listinfo/vnc-tight-list

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
___________________________________________________________
TightVNC mailing list, [hidden email]
To change your subscription or to UNSUBSCRIBE, please visit
https://lists.sourceforge.net/lists/listinfo/vnc-tight-list
Reply | Threaded
Open this post in threaded view
|

Re: Using TightVNC on corporate network...

Gerard Seibert-2
On Tue, 22 Jan 2008 23:39:01 +1300
"John Serink" <[hidden email]> wrote:

> Ok, let's try the default port 5900 first.
> On your router, choose port forwarding.
> Select tcp start port 5900 and end port 5900(which means port 5900
> only). The server ip address is the local ip of your home pc with xp
> on it. Make sure you xp firewall is off.

I don't think he means to disable the firewall, but rather configure it
to pass pass port 5900 through. Your firewall and possibly your AV
program documentation should be consulted if you are unsure of how to
proceed.

--

Gerard
[hidden email]

Syntactic sugar causes cancer of the semicolon.

        Epigrams in Programming, ACM SIGPLAN Sept. 1982


-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
___________________________________________________________
TightVNC mailing list, [hidden email]
To change your subscription or to UNSUBSCRIBE, please visit
https://lists.sourceforge.net/lists/listinfo/vnc-tight-list

signature.asc (202 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Using TightVNC on corporate network...

Dave Ihnat
In reply to this post by Morgan Storey
On Tue, Jan 22, 2008 at 04:19:57PM +1100, Morgan Storey wrote:
> another option that I have had some success in, in situations like this is
> installing Hamachi at both ends.

People should be aware that, if there's a corporate IT department that
has set up firewalls to block certain types of traffic, they're going to
take a very dim view of deliberate attempts to circumvent those policies.
It all depends on how much you like your job, I guess.

I would take up any problems with the corporate firewall and access with
the IT group.  If they won't work with you on it, and you can't make a strong
enough business case for the need to get management to change the policies
or make IT work with you, it's not worth doing from work.

As for the ISP blocking ports--that's simple.  Tell them to open the ports
you want, or you'll move to an ISP that will.

Cheers,
--
        Dave Ihnat
        President, DMINET Consulting, Inc.
        [hidden email]

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
___________________________________________________________
TightVNC mailing list, [hidden email]
To change your subscription or to UNSUBSCRIBE, please visit
https://lists.sourceforge.net/lists/listinfo/vnc-tight-list
Reply | Threaded
Open this post in threaded view
|

Re: Using TightVNC on corporate network...

fred.hammond
In reply to this post by John Serink
I had port forwarding set up already since my public IP address is my router.  But that doesn't address getting past my company's proxy server.

-----Original Message-----
From: "John Serink" <[hidden email]>

Date: Tue, 22 Jan 2008 23:39:01
To:<[hidden email]>,<[hidden email]>
Subject: Re: Using TightVNC on corporate network...


Ok, let's try the default port 5900 first.
On your router, choose port forwarding.
Select tcp start port 5900 and end port 5900(which means port 5900 only). The server ip address is the local ip of your home pc with xp on it. Make sure you xp firewall is off.
See if that works.
Cheers,
John

----- Original Message -----
From: [hidden email] <[hidden email]>
To: John Serink; [hidden email] <[hidden email]>
Sent: Tue Jan 22 23:15:36 2008
Subject: RE: Using TightVNC on corporate network...

John, thanks for the response.  Could you be more specific in terms of how to configure my router? When I look in the settings, I see options for port forwarding or port triggering.  With port forwarding, I have to enter a start port, end port, and a server ip address.  With port triggering, I have to enter service type (tcp or udp) and triggering port in the SERVICE section.  In the REQUIRED INBOUND CONNECTION section, I have to enter service type, starting port and ending port.

What information should I enter in those sections and should I be using port forwarding or port triggering?


 -------------- Original message ----------------------
From: "John Serink" <[hidden email]>

> Hi Fred:
>
> Right VNC uses tcp port 5900 as default for the server port. If your
> company has proxy servers in for web traffic it is HIGHLY unlikely that
> they are allowing port 5900 traffic out.
> You can try to setup VNC on port 80 on your home machine with the
> appropriate PAT entry on your home router and this should work. In you
> vnc client you would connect like this:
> a.b.c.d::80 where a.b.c.d is the IP address of your home internet
> connection.
>
> Be advised however that some ISPs block all ports below 1023 for home
> type of DSL connections so that you can't setup your own
> website/mailserver/newserver etc.
>
> Cheers,
> john
>
>
>
> -----Original Message-----
> From: [hidden email]
> [mailto:[hidden email]] On Behalf Of
> [hidden email]
> Sent: Monday, January 21, 2008 11:09 PM
> To: [hidden email]
> Subject: Using TightVNC on corporate network...
>
>
> I am trying to use TightVNC on my corporate laptop running Symantec
> Protection Agent. I want to connect to my home machine, which does have
> the TightVNC server up and running.  My company uses proxy servers,
> which I imagine is the reason why I can not connect to my home machine.
> I get the "failed to connect to server" error message.  Is there any way
> to get past the company's proxy server or configure TightVNC to work
> with my proxy server?
>
> ------------------------------------------------------------------------
> -
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2008.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> ___________________________________________________________
> TightVNC mailing list, [hidden email]
> To change your subscription or to UNSUBSCRIBE, please visit
> https://lists.sourceforge.net/lists/listinfo/vnc-tight-list

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
___________________________________________________________
TightVNC mailing list, [hidden email]
To change your subscription or to UNSUBSCRIBE, please visit
https://lists.sourceforge.net/lists/listinfo/vnc-tight-list
Reply | Threaded
Open this post in threaded view
|

Re: Using TightVNC on corporate network...

Morgan Storey
The main reason I had to do it was because I was brought in after the previous IT had been fired due to incompetence. The firewall in place could not be reset as time didn't allow, and the password was not documented by the previous IT.
But yes I agree corporate IT has policies in place for a reason, circumvention should only be done in extreme circumstances. Or if you are me anytime you can't get to something you want to get to :)
I was also trying to point out that VNC is inherently insecure, plain text passwords and all that. I see a lot of people running VNC servers out to the world, even had a client who was hacked before we got there, RealVNC 4.1.1 open to the world, some script kiddie running a script had gotten in and dropped in a trojan.

On Jan 23, 2008 2:16 AM, Fred D. Hammond <[hidden email]> wrote:
I had port forwarding set up already since my public IP address is my router.  But that doesn't address getting past my company's proxy server.

-----Original Message-----
From: "John Serink" <[hidden email]>

Date: Tue, 22 Jan 2008 23:39:01
To:<[hidden email]>,<[hidden email]>
Subject: Re: Using TightVNC on corporate network...


Ok, let's try the default port 5900 first.
On your router, choose port forwarding.
Select tcp start port 5900 and end port 5900(which means port 5900 only). The server ip address is the local ip of your home pc with xp on it. Make sure you xp firewall is off.
See if that works.
Cheers,
John

----- Original Message -----
From: [hidden email] <[hidden email]>
To: John Serink; [hidden email] <[hidden email]>
Sent: Tue Jan 22 23:15:36 2008
Subject: RE: Using TightVNC on corporate network...

John, thanks for the response.  Could you be more specific in terms of how to configure my router? When I look in the settings, I see options for port forwarding or port triggering.  With port forwarding, I have to enter a start port, end port, and a server ip address.  With port triggering, I have to enter service type (tcp or udp) and triggering port in the SERVICE section.  In the REQUIRED INBOUND CONNECTION section, I have to enter service type, starting port and ending port.

What information should I enter in those sections and should I be using port forwarding or port triggering?


 -------------- Original message ----------------------
From: "John Serink" <[hidden email]>
> Hi Fred:
>
> Right VNC uses tcp port 5900 as default for the server port. If your
> company has proxy servers in for web traffic it is HIGHLY unlikely that
> they are allowing port 5900 traffic out.
> You can try to setup VNC on port 80 on your home machine with the
> appropriate PAT entry on your home router and this should work. In you
> vnc client you would connect like this:
> a.b.c.d::80 where a.b.c.d is the IP address of your home internet
> connection.
>
> Be advised however that some ISPs block all ports below 1023 for home
> type of DSL connections so that you can't setup your own
> website/mailserver/newserver etc.
>
> Cheers,
> john
>
>
>
> -----Original Message-----
> From: [hidden email]
> [mailto:[hidden email]] On Behalf Of
> [hidden email]
> Sent: Monday, January 21, 2008 11:09 PM
> To: [hidden email]
> Subject: Using TightVNC on corporate network...
>
>
> I am trying to use TightVNC on my corporate laptop running Symantec
> Protection Agent. I want to connect to my home machine, which does have
> the TightVNC server up and running.  My company uses proxy servers,
> which I imagine is the reason why I can not connect to my home machine.
> I get the "failed to connect to server" error message.  Is there any way
> to get past the company's proxy server or configure TightVNC to work
> with my proxy server?
>
> ------------------------------------------------------------------------
> -
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2008.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> ___________________________________________________________
> TightVNC mailing list, [hidden email]
> To change your subscription or to UNSUBSCRIBE, please visit
> https://lists.sourceforge.net/lists/listinfo/vnc-tight-list

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
___________________________________________________________
TightVNC mailing list, [hidden email]
To change your subscription or to UNSUBSCRIBE, please visit
https://lists.sourceforge.net/lists/listinfo/vnc-tight-list


-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
___________________________________________________________
TightVNC mailing list, [hidden email]
To change your subscription or to UNSUBSCRIBE, please visit
https://lists.sourceforge.net/lists/listinfo/vnc-tight-list