CentOS - Jan 2009 - [OT] Remote control of a WinXP machine from a Linux host

Sorry for an off topic post, but a lot of you folks are sysadmins here or 
there, and just might have a suggestion... ;-)

I have a WinXP machine that is to be unattended for a period of 3 years (yes, 
I know, it sounds ridiculous, but still...). What I need is remote access to 
it to perform regular system maintenance, virus cleanups, occasional software 
installations, reboots, config changes, etc.

Of course, rdesktop would do it, or vnc server or something else. The problem 
is that this machine is behind a NAT, and I cannot access it remotely from 
outside (and I need access from whereever on the planet I may happen to be).

Basically, I need to setup some type of ssh tunnelling from XP (machine A) to 
my static-IP-24/7-high-bandwidth-CentOS server (machine B) and then further 
to my laptop (machine C, Fedora 10) located elsewhere (possibly behind 
another NAT, I can't know in advance). I have root access for all three 
machines (A, B and C). Of course, all three are on different LANs.

However, I have never done anything like this before, so I wonder what is the 
best method of creating such a setup?

One of my ideas was to make some script on A which would connect to B once 
every 15 minutes or so, look for a flagfile, and if present, initiate 
connection with C directly or through B if necessary. That means, if I want 
access from C to A, I ssh from C to B and create a flagfile, wait 15 minutes 
or so, and a rdesktop (or vnc or other) appears on my laptop. In theory.

Or is there some other XP-tool that might do what I want out of the box? 
However, it need be absolutely automatic, there will be nobody around to do 
anything locally on A once I leave it.

Another idea I had was to have machine A running as a virtual machine on a 
CentOS host (vmware or such would suffice). Then I could easily configure the 
above A-to-B-to-C scenario, shutdown the virtual A, pull its hard disk file 
to C, start it locally, perform maintenance, push it back to host A and run 
it again as a vm. But this is highly complicated, takes too much time and 
bandwidth, so I hope something simpler is available.

Yet another idea is to ask A's ISP to provide a static IP for that machine,
or
to forward some available port to A, which could be used by rdesktop in some 
customized fashion. But the ISP may refuse such requests, and I need a robust 
solution.

Yet even another idea is to put another CentOS machine (D) between A and A's
ISP (create a local LAN). Then initiate ssh -X connection from C to D 
(somehow, via flagfile scenario or such), and then rdesktop from D to A over 
a local LAN.

The main problem is NAT, if machine A had a world-accessible IP, I would just 
rdesktop from C to A, but alas, it doesn't... :-(

Any suggestions about the best way of doing this?

Thanks, :-)
Marko

OpenVPN.

Tim Nelson
Systems/Network Support
Rockbochs Inc.
(218)727-4332 x105

----- "Marko Vojinovic" <vvmarko at panet.co.yu> wrote:
> Sorry for an off topic post, but a lot of you folks are sysadmins here
> or 
> there, and just might have a suggestion... ;-)
> 
> I have a WinXP machine that is to be unattended for a period of 3
> years (yes, 
> I know, it sounds ridiculous, but still...). What I need is remote
> access to 
> it to perform regular system maintenance, virus cleanups, occasional
> software 
> installations, reboots, config changes, etc.
> 
> Of course, rdesktop would do it, or vnc server or something else. The
> problem 
> is that this machine is behind a NAT, and I cannot access it remotely
> from 
> outside (and I need access from whereever on the planet I may happen
> to be).
> 
> Basically, I need to setup some type of ssh tunnelling from XP
> (machine A) to 
> my static-IP-24/7-high-bandwidth-CentOS server (machine B) and then
> further 
> to my laptop (machine C, Fedora 10) located elsewhere (possibly behind
> 
> another NAT, I can't know in advance). I have root access for all
> three 
> machines (A, B and C). Of course, all three are on different LANs.
> 
> However, I have never done anything like this before, so I wonder what
> is the 
> best method of creating such a setup?
> 
> One of my ideas was to make some script on A which would connect to B
> once 
> every 15 minutes or so, look for a flagfile, and if present, initiate
> 
> connection with C directly or through B if necessary. That means, if I
> want 
> access from C to A, I ssh from C to B and create a flagfile, wait 15
> minutes 
> or so, and a rdesktop (or vnc or other) appears on my laptop. In
> theory.
> 
> Or is there some other XP-tool that might do what I want out of the
> box? 
> However, it need be absolutely automatic, there will be nobody around
> to do 
> anything locally on A once I leave it.
> 
> Another idea I had was to have machine A running as a virtual machine
> on a 
> CentOS host (vmware or such would suffice). Then I could easily
> configure the 
> above A-to-B-to-C scenario, shutdown the virtual A, pull its hard disk
> file 
> to C, start it locally, perform maintenance, push it back to host A
> and run 
> it again as a vm. But this is highly complicated, takes too much time
> and 
> bandwidth, so I hope something simpler is available.
> 
> Yet another idea is to ask A's ISP to provide a static IP for that
> machine, or 
> to forward some available port to A, which could be used by rdesktop
> in some 
> customized fashion. But the ISP may refuse such requests, and I need a
> robust 
> solution.
> 
> Yet even another idea is to put another CentOS machine (D) between A
> and A's 
> ISP (create a local LAN). Then initiate ssh -X connection from C to D
> 
> (somehow, via flagfile scenario or such), and then rdesktop from D to
> A over 
> a local LAN.
> 
> The main problem is NAT, if machine A had a world-accessible IP, I
> would just 
> rdesktop from C to A, but alas, it doesn't... :-(
> 
> Any suggestions about the best way of doing this?
> 
> Thanks, :-)
> Marko
> 
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos

On Fri, Jan 9, 2009 at 3:41 PM, Marko Vojinovic <vvmarko at panet.co.yu>
wrote:
> Sorry for an off topic post, but a lot of you folks are >sysadmins here
or
> there, and just might have a suggestion... ;-)
> I have a WinXP machine that is to be unattended for a >period of 3 years
(yes,
> I know, it sounds ridiculous, but still...). What I need is >remote
access to
> it to perform regular system maintenance, virus >cleanups, occasional
software
> installations, reboots, config changes, etc.
We have 3 boxes with WinXP Home Edition on them. Two are dual boot,
with CentOS 5.2 (32 bit).  There is something in WinXP Home Edition,
to allow remote access. I assume the Professional version has it too.
Before you get more complex, I suggest that you read up on what that
permits you to do. Glad you do not need the box to  be up for 3 years,
without a reboot! :-)
Hopefully, the HW will not fail.. ...

Marko Vojinovic wrote:
> Sorry for an off topic post, but a lot of you folks are sysadmins here or 
> there, and just might have a suggestion... ;-)
> 
> I have a WinXP machine that is to be unattended for a period of 3 years
(yes,
> I know, it sounds ridiculous, but still...). What I need is remote access
to
> it to perform regular system maintenance, virus cleanups, occasional
software
> installations, reboots, config changes, etc.
> 
> Of course, rdesktop would do it, or vnc server or something else. The
problem
> is that this machine is behind a NAT, and I cannot access it remotely from 
> outside (and I need access from whereever on the planet I may happen to
be).
> 
> Basically, I need to setup some type of ssh tunnelling from XP (machine A)
to
> my static-IP-24/7-high-bandwidth-CentOS server (machine B) and then further
> to my laptop (machine C, Fedora 10) located elsewhere (possibly behind 
> another NAT, I can't know in advance). I have root access for all three
> machines (A, B and C). Of course, all three are on different LANs.
> 
> However, I have never done anything like this before, so I wonder what is
the
> best method of creating such a setup?
Set up an openvpn tunnel from the remote unattended machine to the 
centos box.  If you can set up port-forwarding on it's NAT router, you 
may be able to originate this connection either way.  If you can't, use 
a keep-alive setting on the natted side to make sure the connection 
stays active.  Then you can either do the same on the laptop with 
appropriate routing or you can run freenx on the Centos server and 
connect to it with the nomachine NX client on the laptop.  In the latter 
scenario you would run rdesktop or vncviewer on the Centos server but 
the display would be on the laptop.

-- 
   Les Mikesell
    lesmikesell at gmail.com

Well use Radmin 2.2 for the server and
Wine and Radmin 3 for the Client....
Works fine for me

-- 

Franklin S Werren admin at chautauqualake.net
www.chautauqualake.net

Confidentiality Note:  This email and any attachments are confidential and may
contain privileged information intended for the addressee(s) only. If you are
not the intended recipient, please notify us immediately and remove the email
and any attachments from your system without storing, disclosing or copying all,
or any part of it. The content of this email and attachments may contain data
that falls within the scope of the Data Protection Act 1998. The unauthorized
opening, use, recording, disclosure, copying or alteration of this message is
strictly forbidden under the Data Protection Act 1998.
 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: admin.vcf
Type: text/x-vcard
Size: 960 bytes
Desc: not available
URL:
<http://lists.centos.org/pipermail/centos/attachments/20090109/dfd64280/attachment-0004.vcf>

Marko Vojinovic wrote:
> Sorry for an off topic post, but a lot of you folks are sysadmins here or 
> there, and just might have a suggestion... ;-)
>
> I have a WinXP machine that is to be unattended for a period of 3 years
(yes,
> I know, it sounds ridiculous, but still...). What I need is remote access
to
> it to perform regular system maintenance, virus cleanups, occasional
software
> installations, reboots, config changes, etc.
A simple to use tool is available from  http://www.logmein.com. The free
version of logmein should do what you want.
Or they do "Hamachi" for Windows and Linux which will create a
"personal" VPN for you, which means you can then use rdesktop direct
to
the XP machine.

Of course, there's no guarantee these services will be around in 3 years
time....

Cheers

D

On Friday 09 January 2009 21:41, Marko Vojinovic wrote:
> I have a WinXP machine that is to be unattended for a period of 3 years
> (yes, I know, it sounds ridiculous, but still...). What I need is remote
> access to it to perform regular system maintenance, virus cleanups,
> occasional software installations, reboots, config changes, etc.
Ok, so the main choices are openvpn, radmin, logmein and hamachi. I'll look 
into all of them and take it from there.

Thanks to everyone for advice! ;-)

Best, :-)
Marko

Marko Vojinovic wrote:
> Sorry for an off topic post, but a lot of you folks are sysadmins here or 
> there, and just might have a suggestion... ;-)
>
> I have a WinXP machine that is to be unattended for a period of 3 years
(yes,
> I know, it sounds ridiculous, but still...). What I need is remote access
to
> it to perform regular system maintenance, virus cleanups, occasional
software
> installations, reboots, config changes, etc.
>
> Of course, rdesktop would do it, or vnc server or something else. The
problem
> is that this machine is behind a NAT, and I cannot access it remotely from 
> outside (and I need access from whereever on the planet I may happen to
be).
>
> Basically, I need to setup some type of ssh tunnelling from XP (machine A)
to
> my static-IP-24/7-high-bandwidth-CentOS server (machine B) and then further
> to my laptop (machine C, Fedora 10) located elsewhere (possibly behind 
> another NAT, I can't know in advance). I have root access for all three
> machines (A, B and C). Of course, all three are on different LANs.
>
>   

if this remote XP machine is behind a NAT server that you can log onto 
with SSH, then, from your local machine...

    ssh -L 3390:private-ip-of-remote-XP-machine:3389 
username at ip-or-hostname-of-remote-NAT-server

and use rdesktop (or XP MSTSC.EXE) to connect to localhost:3390 which 
will be forwarded over the SSH tunnel to the remote XP machine's RDP 
service. (Remote Desktop Protocol)



or, if this remote NAT is some sort of appliance router (linksys etc), 
setup a port forward on said router to forward inbound TCP port XXXX to 
ip-of-XP-machine:3389
and connect your rdesktop/mstsc.exe to ip-of-nat-server:XXXX

Windows remote desktop uses a fairly secure challenge/handshake 
authentication protocol, so as long as all accounts on said remote XP 
box have reasonably strong passwords, this is more secure than some 
might think.   Its certainly more secure than plain vanilla VNC

On Saturday 10 January 2009 22:48, you wrote:
> I am confused by your description. Do you mean you have Machine A and
> Machine B and you want to be able to access both of them at any time
> over the next three years from Machine C but you could be behind a
> firewall with machine C i.e. I assume you will be traveling and that's
> the reason so you never know what network you will be coming out of?
No, the main problem is that A is behind my ISP's NAT. I want to access it 
from C (yes, I'll be travelling a lot and C might be just about anywhere). 
But the problem is that since A is behind a NAT, the connection must be 
initiated from A's side to C. Also, since C might be behind some other NAT, 
the connection must be initiated from C's side to A. This simply cannot work
simultaneously, so I tried to make use of my public server B which can be 
used as a "bridge" between A and C. So, A connects to B, C connects to
B, and
then A and C communicate. Roughly speaking...

That was my initial idea, but seems too complicated to work out, so I asked 
for a possible easier alternative. :-)
> Or if want your own set up you could of course for example run some
> sort of remote access service like VNC and just pay for a static IP
> for Machine A from its ISP and set up Port Forwarding for VNC
That would be the most obvious solution, if only the ISP were willing to give 
me a static IP. But they are not. :-(
> (or if 
> you don't want to pay use http://www.no-ip.com/ and use their free dns
> service where you can create a free dns name for use with dynamic
> ip's. You just install their software on Machine A and it will login
> to No-IP.info and check your ip is still current and if not update it
> like if your IP changes because your dsl line drops for a minute and
> you get a knew ip?).
Hmmm... This is interesting. I'll look up to www.no-ip.com, but I think that
such dns trick may work only with public IP numbers. And A's IP is of type 
10.0.*.* which is a no-go, afaik.

However, I might ask the ISP to provide me with a public IP. It could still be 
dynamic, but public rather than local, and in that case the trick with the 
dns just might work... ;-)

Thanks for the pointer!

Best, :-)
Marko

> That was my initial idea, but seems too complicated to work out, so I asked
> for a possible easier alternative. :-)
> 
Might be to easy an alternative.

http://www.gotomypc.com

on 1-9-2009 12:41 PM Marko Vojinovic spake the
following:
> Sorry for an off topic post, but a lot of you folks are sysadmins here or 
> there, and just might have a suggestion... ;-)
> 
> I have a WinXP machine that is to be unattended for a period of 3 years
(yes,
> I know, it sounds ridiculous, but still...). What I need is remote access
to
> it to perform regular system maintenance, virus cleanups, occasional
software
> installations, reboots, config changes, etc.
> 
> Of course, rdesktop would do it, or vnc server or something else. The
problem
> is that this machine is behind a NAT, and I cannot access it remotely from 
> outside (and I need access from whereever on the planet I may happen to
be).
> 
> Basically, I need to setup some type of ssh tunnelling from XP (machine A)
to
> my static-IP-24/7-high-bandwidth-CentOS server (machine B) and then further
> to my laptop (machine C, Fedora 10) located elsewhere (possibly behind 
> another NAT, I can't know in advance). I have root access for all three
> machines (A, B and C). Of course, all three are on different LANs.
> 
> However, I have never done anything like this before, so I wonder what is
the
> best method of creating such a setup?
> 
> One of my ideas was to make some script on A which would connect to B once 
> every 15 minutes or so, look for a flagfile, and if present, initiate 
> connection with C directly or through B if necessary. That means, if I want
> access from C to A, I ssh from C to B and create a flagfile, wait 15
minutes
> or so, and a rdesktop (or vnc or other) appears on my laptop. In theory.
> 
> Or is there some other XP-tool that might do what I want out of the box? 
> However, it need be absolutely automatic, there will be nobody around to do
> anything locally on A once I leave it.
> 
> Another idea I had was to have machine A running as a virtual machine on a 
> CentOS host (vmware or such would suffice). Then I could easily configure
the
> above A-to-B-to-C scenario, shutdown the virtual A, pull its hard disk file
> to C, start it locally, perform maintenance, push it back to host A and run
> it again as a vm. But this is highly complicated, takes too much time and 
> bandwidth, so I hope something simpler is available.
> 
> Yet another idea is to ask A's ISP to provide a static IP for that
machine, or
> to forward some available port to A, which could be used by rdesktop in
some
> customized fashion. But the ISP may refuse such requests, and I need a
robust
> solution.
> 
> Yet even another idea is to put another CentOS machine (D) between A and
A's
> ISP (create a local LAN). Then initiate ssh -X connection from C to D 
> (somehow, via flagfile scenario or such), and then rdesktop from D to A
over
> a local LAN.
> 
> The main problem is NAT, if machine A had a world-accessible IP, I would
just
> rdesktop from C to A, but alas, it doesn't... :-(
> 
> Any suggestions about the best way of doing this?
> 
> Thanks, :-)
> Marko
There is an application based on VNC called teamviewer that can be set to
start automatically and points to a central server so that you can always find
the system. It crosses NAT easily and can be set with a fixed password.

Maybe it will help you.



-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
URL:
<http://lists.centos.org/pipermail/centos/attachments/20090111/806777c2/attachment-0004.sig>

On Monday 12 January 2009 03:36, Scott Silva wrote:
> on 1-9-2009 12:41 PM Marko Vojinovic spake the following:
> > I have a WinXP machine that is to be unattended for a period of 3
years
> > (yes, I know, it sounds ridiculous, but still...). What I need is
remote
> > access to it to perform regular system maintenance, virus cleanups,
> > occasional software installations, reboots, config changes, etc.
>
> There is an application based on VNC called teamviewer that can be set to
> start automatically and points to a central server so that you can always
> find the system. It crosses NAT easily and can be set with a fixed
> password.
Ok, thanks, I'll look at teamviewer as well.

For the record, yesterday I investigated all options so far mentioned in the 
thread (except for teamviewer, of course), and found that openvpn is actually 
the best way to go, for me at least. Other tools are also not bad, but some 
are not cost-free (or have a trial-only period), some fail over NAT, and some 
just don't feel robust enough (this is just a personal feeling, of course).

Openvpn is completely cost-free (and also open-source), very well documented 
and gives a very large amount of control in how to setup the virtual network. 
And it doesn't depend on third-party servers, just me and myself 
involved. ;-) In fact, it seems that most of other tools use openvpn in the 
background, and just automate the configuration and installation, and 
dumb-down the vpn flexibility in the process.

Not to say they don't work or are not good at what they do, it's just my
gut-feeling that they are not "serious" enough. I feel they may have
too many
points of failure, where openvpn has less.

So, it will eventually be openvpn or teamviewer (if it is good enough for my 
taste).

Big thanks to all of you! :-)

Best, :-)
Marko