VPN versus Remote Desktop Connection

pgordon

New member
Local time
12:50 PM
Messages
39
Do I need to establish a VPN connection from home to the office network before I can establish a remote desktop connection? If not, what is the point of a VPN connection?
 

My Computer My Computer

At a glance

Windows 7AMD Athlon(tm) II x2 2153.00 GB (2.75 GB usable)
Computer Manufacturer/Model Number
Hewlett-Packard Compaq Presario/CQ5218F
OS
Windows 7
CPU
AMD Athlon(tm) II x2 215
Memory
3.00 GB (2.75 GB usable)
Other Info
64-bit Operating System
Well a VPN connection is nothing more than an authentication into your work private network. At home you are basically on your ISP's network which is like a public network. To go into your work's network you need to "VPN in".

Once you are on your work network, any machines that has Remote Desktop enabled, will allow you to RDP to it. Unless there are futher restrictions from your work's security which locks down access to machines on the network, you should be right to RDP in.
 

My Computer My Computer

At a glance

Windows 7 Ultimate 64BitGenuineIntel Intel(R) Core(TM) DuoCore T2400 ...2.00 GBMobile Intel(R) 945 Express Chipset
Computer Manufacturer/Model Number
Lenovo ThinkPad T60
OS
Windows 7 Ultimate 64Bit
CPU
GenuineIntel Intel(R) Core(TM) DuoCore T2400 @ 1.83GHz
Motherboard
Intel(R) 82801G (ICH7 Family)
Memory
2.00 GB
Graphics Card(s)
Mobile Intel(R) 945 Express Chipset
Sound Card
SoundMAX Integrated Digital HD Audio
Monitor(s) Displays
ThinkPad Display
Screen Resolution
1400x1050
Hard Drives
100Gb SATA
Keyboard
Standard Keyboard
Mouse
HID-compliant Mouse
Internet Speed
Cable Broadband - 54Mbps
Other Info
Intel(R) PRO/1000 PL Network Connection
11a/b/g Wireless LAN Mini PCI Express Adapter
Can I "VPN in" through a VPN routher serving as a RD Gateway at the office, or do I need to devote one of the office computers to being a RD Gateway?
 

My Computer My Computer

At a glance

Windows 7AMD Athlon(tm) II x2 2153.00 GB (2.75 GB usable)
Computer Manufacturer/Model Number
Hewlett-Packard Compaq Presario/CQ5218F
OS
Windows 7
CPU
AMD Athlon(tm) II x2 215
Memory
3.00 GB (2.75 GB usable)
Other Info
64-bit Operating System
Usually there is a VPN software that need to install on your machine, every work place has there means of providing their employees with VPN access. Have you talked to your work IT for into on this?
 

My Computer My Computer

At a glance

Windows 7 Ultimate 64BitGenuineIntel Intel(R) Core(TM) DuoCore T2400 ...2.00 GBMobile Intel(R) 945 Express Chipset
Computer Manufacturer/Model Number
Lenovo ThinkPad T60
OS
Windows 7 Ultimate 64Bit
CPU
GenuineIntel Intel(R) Core(TM) DuoCore T2400 @ 1.83GHz
Motherboard
Intel(R) 82801G (ICH7 Family)
Memory
2.00 GB
Graphics Card(s)
Mobile Intel(R) 945 Express Chipset
Sound Card
SoundMAX Integrated Digital HD Audio
Monitor(s) Displays
ThinkPad Display
Screen Resolution
1400x1050
Hard Drives
100Gb SATA
Keyboard
Standard Keyboard
Mouse
HID-compliant Mouse
Internet Speed
Cable Broadband - 54Mbps
Other Info
Intel(R) PRO/1000 PL Network Connection
11a/b/g Wireless LAN Mini PCI Express Adapter
We're using Shrew Soft, and when I run Shrew Soft and follow IT's directions, I can get the message "tunnel enabled," but I still can't establish a remote desktop connection. After I get the "tunnel enabled" message, I follow the directions for establishing a remote desktop connection, but I get the message that the office computer is not part of the network, suggesting that the tunnel failed. Suggestions?
 

My Computer My Computer

At a glance

Windows 7AMD Athlon(tm) II x2 2153.00 GB (2.75 GB usable)
Computer Manufacturer/Model Number
Hewlett-Packard Compaq Presario/CQ5218F
OS
Windows 7
CPU
AMD Athlon(tm) II x2 215
Memory
3.00 GB (2.75 GB usable)
Other Info
64-bit Operating System
Well i did say it depend on the machine at your work. If it does not have remote assistance enabled, how are you going to to RDP in? Or if the machine is offlined or not on the network etc.
 

My Computer My Computer

At a glance

Windows 7 Ultimate 64BitGenuineIntel Intel(R) Core(TM) DuoCore T2400 ...2.00 GBMobile Intel(R) 945 Express Chipset
Computer Manufacturer/Model Number
Lenovo ThinkPad T60
OS
Windows 7 Ultimate 64Bit
CPU
GenuineIntel Intel(R) Core(TM) DuoCore T2400 @ 1.83GHz
Motherboard
Intel(R) 82801G (ICH7 Family)
Memory
2.00 GB
Graphics Card(s)
Mobile Intel(R) 945 Express Chipset
Sound Card
SoundMAX Integrated Digital HD Audio
Monitor(s) Displays
ThinkPad Display
Screen Resolution
1400x1050
Hard Drives
100Gb SATA
Keyboard
Standard Keyboard
Mouse
HID-compliant Mouse
Internet Speed
Cable Broadband - 54Mbps
Other Info
Intel(R) PRO/1000 PL Network Connection
11a/b/g Wireless LAN Mini PCI Express Adapter
I know that the office computer is on, that power saving is disabled, and that remote assistance is enabled on the office computer. In fact, I can RDP into my computer within the office LAN (i.e., I can RDP from one office computer to another office computer). Still, I can't get from my home computer to my office computer, despite being told that a tunnel is enabled. I'm stumped. Any other ideas?
 

My Computer My Computer

At a glance

Windows 7AMD Athlon(tm) II x2 2153.00 GB (2.75 GB usable)
Computer Manufacturer/Model Number
Hewlett-Packard Compaq Presario/CQ5218F
OS
Windows 7
CPU
AMD Athlon(tm) II x2 215
Memory
3.00 GB (2.75 GB usable)
Other Info
64-bit Operating System

My Computer My Computer

At a glance

Windows 7 Ultimate 64BitGenuineIntel Intel(R) Core(TM) DuoCore T2400 ...2.00 GBMobile Intel(R) 945 Express Chipset
Computer Manufacturer/Model Number
Lenovo ThinkPad T60
OS
Windows 7 Ultimate 64Bit
CPU
GenuineIntel Intel(R) Core(TM) DuoCore T2400 @ 1.83GHz
Motherboard
Intel(R) 82801G (ICH7 Family)
Memory
2.00 GB
Graphics Card(s)
Mobile Intel(R) 945 Express Chipset
Sound Card
SoundMAX Integrated Digital HD Audio
Monitor(s) Displays
ThinkPad Display
Screen Resolution
1400x1050
Hard Drives
100Gb SATA
Keyboard
Standard Keyboard
Mouse
HID-compliant Mouse
Internet Speed
Cable Broadband - 54Mbps
Other Info
Intel(R) PRO/1000 PL Network Connection
11a/b/g Wireless LAN Mini PCI Express Adapter
Thank you.
 

My Computer My Computer

At a glance

Windows 7AMD Athlon(tm) II x2 2153.00 GB (2.75 GB usable)
Computer Manufacturer/Model Number
Hewlett-Packard Compaq Presario/CQ5218F
OS
Windows 7
CPU
AMD Athlon(tm) II x2 215
Memory
3.00 GB (2.75 GB usable)
Other Info
64-bit Operating System
Nps, see how you go, reply with results k :)
 

My Computer My Computer

At a glance

Windows 7 Ultimate 64BitGenuineIntel Intel(R) Core(TM) DuoCore T2400 ...2.00 GBMobile Intel(R) 945 Express Chipset
Computer Manufacturer/Model Number
Lenovo ThinkPad T60
OS
Windows 7 Ultimate 64Bit
CPU
GenuineIntel Intel(R) Core(TM) DuoCore T2400 @ 1.83GHz
Motherboard
Intel(R) 82801G (ICH7 Family)
Memory
2.00 GB
Graphics Card(s)
Mobile Intel(R) 945 Express Chipset
Sound Card
SoundMAX Integrated Digital HD Audio
Monitor(s) Displays
ThinkPad Display
Screen Resolution
1400x1050
Hard Drives
100Gb SATA
Keyboard
Standard Keyboard
Mouse
HID-compliant Mouse
Internet Speed
Cable Broadband - 54Mbps
Other Info
Intel(R) PRO/1000 PL Network Connection
11a/b/g Wireless LAN Mini PCI Express Adapter
No luck.

First, I run Shrew Soft VPN Access Manager. I click on connect for "My-Office-PC" connection, and I eventually get the message "tunnel enabled."

Second, I run Remote Desktop Connection, and I get the message: Remote Desktop can't find the computer "My-Office-PC."

When I run RDC on a different computer at the office, I able to remote into "My-Office-PC," but when I do the same thing from home, I get the error message above, even through I have "tunnel enabled" and I use the same RDC settings that were successful on the office LAN. Suggestions?
 

My Computer My Computer

At a glance

Windows 7AMD Athlon(tm) II x2 2153.00 GB (2.75 GB usable)
Computer Manufacturer/Model Number
Hewlett-Packard Compaq Presario/CQ5218F
OS
Windows 7
CPU
AMD Athlon(tm) II x2 215
Memory
3.00 GB (2.75 GB usable)
Other Info
64-bit Operating System
A VPN is actually a secure, encrypted pathway ("tunnel") from one machine to another. All data through the tunnel is protected. An RDP connection would traverse the tunnel. So under normal conditions the VPN must be up, then start the RDP.

In your case the tunnel may be up but not configured correctly. When Shrewshoft says the tunnel is established, can you ping any device on the other side? If not the tunnel isn't right. You can be authenticated but if the VPN client and Server parameters don't match *perfectly* you won't pass anything through the tunnel.

What VPN server are you using?
 

My Computer My Computer

At a glance

W7 Ultimate 64bit W7 Premium 64bit W7 Premium...Athlon 64X2 5000+4GBATI X1300
Computer Manufacturer/Model Number
Dell C521
OS
W7 Ultimate 64bit W7 Premium 64bit W7 Premium 32bit WXP Home 32bit
CPU
Athlon 64X2 5000+
Motherboard
Dell
Memory
4GB
Graphics Card(s)
ATI X1300
Sound Card
On Board
Monitor(s) Displays
Dell 19" Flat
Screen Resolution
1280x1024
Hard Drives
500GB Western Digital Caviar Green
Mouse
Microsoft Wireless Intellimouse Explorer 2.0
Internet Speed
SBC DSL - 6Mbps
I was able to ping the DNS (WAN1) IP Address with success. Thus, I have "tunnel enabled" and I can ping the DNS. But when I try to establish a remote desktop connection, I get the following message:

"The remote connection was not made because the attempted VPN tunnels failed. The VPN server might be unreachable. If this connection is attempting to use an L2TP/IPsec tunnel, the security parameters required for IPsec negotiation might not be configured properly."

I am not sure what is meant by "VPN server." I am using a VPN router (Linksys RV042) put in Gateway Mode. Suggestions?
 

My Computer My Computer

At a glance

Windows 7AMD Athlon(tm) II x2 2153.00 GB (2.75 GB usable)
Computer Manufacturer/Model Number
Hewlett-Packard Compaq Presario/CQ5218F
OS
Windows 7
CPU
AMD Athlon(tm) II x2 215
Memory
3.00 GB (2.75 GB usable)
Other Info
64-bit Operating System
The Linksys is the VPN server. A VPN tunnel is a point to point connection. The IP Address of the connection is probably the Linksys so that makes it the server.

Where is the WAN1 interface you refer to? Is it on the Linksys? Since the PC you want to RDP to is most likely on the other side of the Linksys (inside interface), that's where you need to be able to ping. If you can ping the inside interface or any PC on the inside the VPN tunnel is probably ok. If you can only ping the outside (WAN1 I'll bet), then you're not getting through the router. What kind of VPN connection is it? IPSec? PPTP?
 

My Computer My Computer

At a glance

W7 Ultimate 64bit W7 Premium 64bit W7 Premium...Athlon 64X2 5000+4GBATI X1300
Computer Manufacturer/Model Number
Dell C521
OS
W7 Ultimate 64bit W7 Premium 64bit W7 Premium 32bit WXP Home 32bit
CPU
Athlon 64X2 5000+
Motherboard
Dell
Memory
4GB
Graphics Card(s)
ATI X1300
Sound Card
On Board
Monitor(s) Displays
Dell 19" Flat
Screen Resolution
1280x1024
Hard Drives
500GB Western Digital Caviar Green
Mouse
Microsoft Wireless Intellimouse Explorer 2.0
Internet Speed
SBC DSL - 6Mbps
First, you're being very helpful. Thank you.

Second, I am not able to ping my office computer on the other side of the router. I tried using both my office computer LAN IP and my office computer LAN IP with the listening port added. Both timed out.

The WAN1 port is attached to the router. Thus, the topology is as follows:

HomePC >> {{{Internet}}} >> DSLModem(Bridged) >> VPNRouter >> Switch >> OfficePC

All computers are using Windows 7 Professional. If I try to use the native VPN client, I set the connection to automatically cycle through four protocols: PPTP, L2TP/IPsec, SSTP, and IKEv2. I end up with the same error message.

I have multiple devices on the inside of the router, so I set my office computer (I'll call "My-PC") to listen to a particular port (I'll call "12345") and made all the necessary (I think) adjustments. I just checked my notes for the VPNRouter setting. Here are the settings (with changes to protect the innocent):

Router

Model - Linksys RV042Firmware - 1.3.12.19-tm (Feb 13 2009 13:03:21)ConfigurationLAN IP - 11.22.33.1Subnet Mask - 255.255.255.0WAN1 IP - 99.888.777.66PPPoE[email protected]passwordconnect on demandMTU - autoWAN2 - obtain an IP automaticallyMTU - autoMode - GatewayRIP - disabledDNS (WAN1) - 222.444.3.66DDNS - offDMZ Host - disabledPrivate IP Address - 11.22.33.1Port Range ForwardingTCP 12345~12346 to 11.22.33.111UDP 12345~12346 to 11.22.33.111TCP 3389~3389 to 11.22.33.111Port TriggeringTCP 12345~12345;3389~3389]UPnP Function - noOne-to-One NAT - disabledDHCP Server - enabledMy-PC - 11.22.33.111Printer-Host - 11.22.33.116Partner1-PC - 11.22.33.103Partner2-PC - 11.22.33.108SNMP enabledDiagnostic - pingFirewall - enabledSPI - enabledDoS - enabledBlock WAN Request - enabledRemote Management - Port 80HTTPS - enabledMulticast Pass Through - enabledPorts 12345~12346 allowed to 11.22.33.111 (TCP)Ports 12345~12346 allowed to 11.22.33.111 (UDP)Port 1723 allowed to any destinationVPN Tunnel Group No. 1WAN1Local Security Group Type - subnetIP Address - 192.168.1.0Subnet Mask - 255.255.255.0Remote Client - shrew.netIPSec SetupIKE with Preshared keyPhase 1Group 2AES-256SHA1Perfect Forward Secrecy28800Phase 2Group 2AES-256SHA1Preshared Key - FakeKey3600Aggressive Mode - yesCompress - noKeep-Alive - yesAH Hash Algorith MD5 - noNetBIOS broadcast - yesNAT Traversal - yesVPN Client AccessMy-VPN - activeVPN Pass ThroughIPSec Pass Through - enabledPPTP Pass Through - enabledL2TP Pass Through - enabledPPTP Server - enabledRange Start - 11.22.33.200Range End - 11.22.33.204User - MyVPNPPTP (FakeVPNPassword)

Any ideas?
 

My Computer My Computer

At a glance

Windows 7AMD Athlon(tm) II x2 2153.00 GB (2.75 GB usable)
Computer Manufacturer/Model Number
Hewlett-Packard Compaq Presario/CQ5218F
OS
Windows 7
CPU
AMD Athlon(tm) II x2 215
Memory
3.00 GB (2.75 GB usable)
Other Info
64-bit Operating System
When you said you changed the port numbers the Office PC listened to is that for RDP? You shouldn't need to do that. A VPN makes the remote PC look like it's directly connected to the local LAN. In fact you shouldn't need to change any ports at all. That may be part of the problem.

Can you ping any other device on the office LAN?
 

My Computer My Computer

At a glance

W7 Ultimate 64bit W7 Premium 64bit W7 Premium...Athlon 64X2 5000+4GBATI X1300
Computer Manufacturer/Model Number
Dell C521
OS
W7 Ultimate 64bit W7 Premium 64bit W7 Premium 32bit WXP Home 32bit
CPU
Athlon 64X2 5000+
Motherboard
Dell
Memory
4GB
Graphics Card(s)
ATI X1300
Sound Card
On Board
Monitor(s) Displays
Dell 19" Flat
Screen Resolution
1280x1024
Hard Drives
500GB Western Digital Caviar Green
Mouse
Microsoft Wireless Intellimouse Explorer 2.0
Internet Speed
SBC DSL - 6Mbps
Because I am using a VPN router instead of box with WinServer2008R2, I thought I needed to change each office computer to listen to a unique port. For our purposes, my office computer is set to listen to Port 12345. The other office computers are set to listen to other ports. I thought I addressed this problem with port forwarding and port triggering. On my office computer, the Registry line item was originally set to listen to 3389, and I changed it to 12345. I then configered the forwarding and triggering settings on the router as follows:

Port Range Forwarding
TCP 12345~12346 to 11.22.33.111
UDP 12345~12346 to 11.22.33.111
TCP 3389~3389 to 11.22.33.111

Port Triggering
TCP 12345~12345;3389~3389

(With 11.22.33.111 representing my office computer's LAN IP Address.) Thoughts?
 

My Computer My Computer

At a glance

Windows 7AMD Athlon(tm) II x2 2153.00 GB (2.75 GB usable)
Computer Manufacturer/Model Number
Hewlett-Packard Compaq Presario/CQ5218F
OS
Windows 7
CPU
AMD Athlon(tm) II x2 215
Memory
3.00 GB (2.75 GB usable)
Other Info
64-bit Operating System
Once the tunnel is set, the router will (should) assign an IP address to your VPN client so that it can route packets to the local LAN. I have a VPN setup similar to this and never had to change any ports.

VPN's are *very* picky and the settings on the server and client must match. You need to tell the Shrewsoft VPN what network it will be connecting to. It looks like your inside network is 11.22.33.0/24 (255.255.255.0) so that's what you'd configure in the Shrewsoft VPN client.
 

My Computer My Computer

At a glance

W7 Ultimate 64bit W7 Premium 64bit W7 Premium...Athlon 64X2 5000+4GBATI X1300
Computer Manufacturer/Model Number
Dell C521
OS
W7 Ultimate 64bit W7 Premium 64bit W7 Premium 32bit WXP Home 32bit
CPU
Athlon 64X2 5000+
Motherboard
Dell
Memory
4GB
Graphics Card(s)
ATI X1300
Sound Card
On Board
Monitor(s) Displays
Dell 19" Flat
Screen Resolution
1280x1024
Hard Drives
500GB Western Digital Caviar Green
Mouse
Microsoft Wireless Intellimouse Explorer 2.0
Internet Speed
SBC DSL - 6Mbps
To answer your earlier question, I am not able to ping any computer or printer inside the router.

I want to make sure I understand: The "VPN Client" is my home computer. Correct? Whereas the "Shrewsoft VPN Client" is something different?

Also, I don't understand "/24" in your description of the network as "11.22.33.0/24 (Subnet Mask 255.255.255.0)." I just looked at the configurations for the Shrew Soft connection. I'm not sure which setting should be changed. Here are some possibilities:

Local Host Address
DNS Server Address
Maintain Persistent Security Associations (Topology entry)
 

My Computer My Computer

At a glance

Windows 7AMD Athlon(tm) II x2 2153.00 GB (2.75 GB usable)
Computer Manufacturer/Model Number
Hewlett-Packard Compaq Presario/CQ5218F
OS
Windows 7
CPU
AMD Athlon(tm) II x2 215
Memory
3.00 GB (2.75 GB usable)
Other Info
64-bit Operating System
The VPN client would be the Shrewsoft VPN software on your home PC.

Sorry, the "/24" refers to the subnet mask: 255.255.255.0 which is a 24 bit mask.

There should be something in the Shrewsoft setup that tells it what remote network it's to connect to. Not to be confused with the router's outside address. It's the inside network where the router will send the packets from your home PC. Remember, the VPN is a tunnel. The tunnel itself terminates at the router's outside interface but packets *inside* the tunnel need to get to the inside interface.
 

My Computer My Computer

At a glance

W7 Ultimate 64bit W7 Premium 64bit W7 Premium...Athlon 64X2 5000+4GBATI X1300
Computer Manufacturer/Model Number
Dell C521
OS
W7 Ultimate 64bit W7 Premium 64bit W7 Premium 32bit WXP Home 32bit
CPU
Athlon 64X2 5000+
Motherboard
Dell
Memory
4GB
Graphics Card(s)
ATI X1300
Sound Card
On Board
Monitor(s) Displays
Dell 19" Flat
Screen Resolution
1280x1024
Hard Drives
500GB Western Digital Caviar Green
Mouse
Microsoft Wireless Intellimouse Explorer 2.0
Internet Speed
SBC DSL - 6Mbps
Back
Top