Like the rest of you we have our Canopy elements, VDSL switches, etc on private IP’s. To manage these devices when outside the network we RDP to a Windows server (or VNC to a Linux box) and then use the browser on the server to access elements.
But another way is to VPN to the server. With a VPN connection my laptop or desktop is just another machine on the network allowing me to manage Canopy devices without the need for the RDP. I can also use CNUT remotely.
Just thought I’d share that.
I don’t know if you can or not - but has anyone tried using Hamatchi to do anything like that?
I overheard some friends talking about using it over the internet to play LAN games on video games.
Could you do the same thing for your network?
Jerry,
Are you using the PPTP VPN integrated into Routing & Remote Access as your VPN? You and I seem to use the same remote access methods.
I like the RDP a little better becuase its a bit quicker, but I actually prefer the VPN because of the encryption.
I’m just using the VPN clinet built into XP. I’m connecting to a Windows 2003 Server
Just lightening the talks … 
To access the management web interface only of the canopy device I use automatic proxy url address (http://my.webserver/proxy.pac) in my web browser. I have a small web server as well as proxy server with auth .which sits between by canopy private and public network. Where ever I am i just type the host name of my canopy gear in my web browser , and its web management interface comes up after auth. in my proxy.
public-network---->my.webserver(80)/my.proxy(3128)<—canopy network (172.16.x.x)
The proxy.pac contains simple function :
function FindProxyForURL(url, host)
{
if ( (isInNet(host, “172.16.0.0”, “255.255.0.0”) ) )
{return “PROXY my.proxy:3128”;}
return “DIRECT”;
}
Jerry, I do the same as you are thinking. I VPN (ssh tunnel) to a machine, and then use VNC over that connection to access the remote terminal so I can have webgui access to the radios.
Now, everything aside…
The best way is to not solely rely on RDP from MS. There are numerous exploits available that would allow an attacker to potentially cause issues.
http://www.google.com/search?hl=en&q=mi … tnG=Search
That should keep one busy for a while reading on the subject of RDP exploits.
The issues have been patched, but I still do not place 100% trust in Microsoft’s patches.
Standard security practice dictates that one open a VPN connection to a VPN concentrator (end-point). Doing this, allows the tunnel to terminate BEFORE it reaches your machines, thus allowing any network protection utilities (IDS, IPS, intelligent firewalls, etc) to inspect the traffic traveling over the VPN. This prevents dirty clients in the field from potentially wreaking havoc on the network. This method is not the cheapest, but I think in this discussion it should be pointed out.
You know how police officers have to check their piece at the jailers doorway? It keeps incidents from happening. Kind of the same idea (yeah that was a lame analagy I know but it was the best i could think of).
Just my .000000000000002 cents worth.
I’m using hamachi as VPN to my Canopy network temporarily right now. Works pretty well.
Maybe I didn’t explain it right, I’m not using RDP anymore. Now I just open the VPN session to the server, no need to RDP or use VNC.
The pages load alot faster and I can use my local applications like Firefox, CNUT, telnet, and ping from my machine, not a Remote Desktop.