Be Excellent To Each Other

A few years ago I used to have to access a place I did some work for via VPN. Their router wasn't anything special but allowed you to simply and easily create a VPN account by just specifying a username and password. You could then simply VPN to to the router and become part of the network.

Although my own router claims to support VPN in reality it looks like it does little more than act as a pass through. You can create VPN's but can't specify logins or passwords. So presumably it just acts as a redirector to another box that deals with VPN.

Currently I have one box that I sometimes enable VNC on to remotely access it. I do this via NAT and I understand that this is terribly insecure. I am also going to need to access the Mac from time to time and I'm not happy just leaving a VNC connection open with no more security than a password.

So do I ditch the router for one that can support VPN? Or do I start using this SSH thing people keep on talking about.

I just need a secure and reliable way to login into the network. Anyone have any experience?

Cheers.

Depends on exactly what you want it to do really. If a command line will suffice, go ssh.

I need full VNC.

Then don't go ssh.

If you can set up so you can SSH to your mac via the internet you can use that connection to do something called port forwarding which will allow you to VNC into your mac behind the router.

SSH by default is no more secure than having VNC accessible via user name / password as that's SSH's default authentication too.

Unlike VNC you can enable RSA / DSA authentication with SSH which is a lot more secure.

So what I'd advise is get SSH working with either RSA or DSA keys then read up on port forwarding with SSH and forward VNC's port to your local machine.

http://www.logmein.com any help?

Logmein.com is excellent but is merely a universal VNC or Remote Desktop rather than true VPN. It might be enough.

VNC over SSH

Your client/servers may support this anyway. I've used it before, but not set it up myself, sorry.

edit: oops, that should be VNC over, not VPN over.

I guess the best way might just be to ditch the router and get something that can properly support VPN users in it's own hardware without any other hardware needed. Presumably that means getting a business class router as opposed to the domestic one that I have at the moment.

A VPN-serving router is going to cost mucho dineros. You can do this for free, and CUS is right, VNC over SSH is probably the easiest way. What OS is on this box you are trying to connect to, what OS are you using to connect from, and what are you trying to achieve once you are logged in there? I can walk you through it.

Yeah. But when the machine goes tits up you get screwed. I prefer hardware solutions to software solutions as when the software goes down you then have to do a 80 mile round trip. + I may need to access more than 1 box (and it could really get messy once you start to consider the Mac may be running virtual machines).

There's no way the people who had the router I used to access paid much money as the company had no money (they lost money hand over fist each and every month). I seem to remember the brand was a Draytek.

I've just spent a couple of hours researching and this looks like the modern equivelent:

http://www.draytek.co.uk/products/vigor2820.html

Retails for about £120 which would pay for itself in petrol within a month frankly.

I'm still trying to work out if it can do what the one I used to do could. The one I used to use simply had an admin page which allowed you to specify a username and a password. You could then VPN in and the whole shebang was remarkably solid.

Yeah, as CUS said - VNC over SSH. With pre-shared keys, if it's not too much of a faff.

I've used a few Draytek routers -- they are very good but I'd be surprised if that is an actual VPN endpoint. The spec sheet only mentions "VPN dial in/out support" and then doesn't describe anywhere what the protocol is or anything and that seems odd to me. I am prepared to be proven wrong of course.

Can you describe the setup a bit more, with regards to type of connection, computer OS, etc?

The connection is needed into a Mac, a PC and a Linux box at the moment. From a Windows box as the client but perhaps also a Mac in the future.

The router we used to use did indeed have a VPN endpoint. I'm going to try and find out the model.

Just had a word with my mate who used to manage the VPN I used to login to. It was a Draytek 2600, and he now uses Draytek 2800's and Draytek 2820's to manage VPN's across a whole load of sites.

And he confirms they manage the VPN connection for you. He also knows another company who also use the Drayteks.

So I guess the Draytek is the proper hardware answer.

Fair enough then, I stand corrected; that's pretty cheap for what it is. In general I've been impressed with the Draytek models I've used, the firm I used to work at had an ISP sideline for SMBs and we used Draytek routers on the client's side exclusively.

My mate said that when he started to purchase the Drayteks, the only other routers that had the same features were the Cisco's. There was no way they could afford them though.

I have a Draytek 2800. It is a fantastic router, and it does indeed have a whole bank of options for setting up VPN stuff. However, I have thus far failed to get it working, so if you have any luck let me know how you did it. I'm trying to get VPN access for the same reason - controlling my home Mac via VNC.

Presumably you have a decent VNC server? The one built into OSX doesn't support screen compression so trying to use it across the net is rather like watching a loading screen draw itself on my CPC.

I think the server mentioned to me on the Apple forums was called "Vine". Costs about 15 quid but supports screen compression so is far far faster. At the moment it's actually quicker to VNC into the PC and then VNC that into the Mac as the Mac and PC are on the same network, but the PC will compress the image.

Had no success connecting to the network, so I didn't get as far as accessing VNC. However, I think part of the problem was that I was using my iPhone as the VPN client. I think I should probably get the connection working on a normal client with Draytek's Smart VPN thingy before trying to set up my phone - I can't tell at the moment if the problem is the router setup or the phone setup.

If I can get it working, though, I'll be able to VNC into my Mac using my phone from anywhere there's an open WiFi network.