Thursday, September 14, 2006

UVNC + SC + Hamachi = Bliss?

So I've been feeling a little bit guilty. If Dad needs his pc worked on, he brings it down when he comes into town and I can work on it. If local friends need support, I'm a pizza away from dropping in. If my in-laws need help, I'm less than an hour away.

But if Mom needs help with her computer? Well, she can hope that my brother is passing through town, she can hope for me to made the odd trip past San Antonio, or she can pay a local computer guy to take a look and fix it. That's what she recently did.

Since I do help desk support from time to time, I'm pretty good talking most users down from the skies of PC troubles, but sometimes, you just have to see the screen. At work we have remote-desktop tools that are quite handy.

At home? There are a few solid options.

LogMeIn is a web-based service that has gotten some pretty strong positive reviews. It supports a basic, free remote desktop support function and has higher level support features for paid cost.

GoToMyPC is a fee-based service that can be handy.

Fog Creek's Copilot is another fee-based service.

If one of the computers is running XP Professional, you can set up Microsoft's Remote Desktop Connection sessions.

But what if these might just not be an option for you? Is there anywhere else you can turn that might be relatively easy enough to walk a non-techie through to get started, but be both secure and powerful enough for you to do your job. And it must be able to handle firewall and router issues with relative ease.

I had seen an article by Gina Trapani some time ago posted on LifeHacker: Geek to Live: How to control your home computer from anywhere. In this article, she outlines how to set up a Virtual Network Computing (VNC) server on your home pc and then use it to connect to a target pc, to control remotely. Pretty easy stuff, but you have to be willing to compromise on security and firewalls and routers might cause configuration complexities. I've used a derivation on this at work with the free and open source program TightVNC when all other methods failed.

Last week, Gina expanded on this theme and posted a new article called Geek to Live: Tech support with UltraVNC SingleClick. In this wonderful guide, she shows how to use SingleClick UltraVNC to create a custom packaged UltraVNC server tied to a static IP address you specify. Then you just (basically) send them your custom package as a single exe file and turn your UltraVNC listening viewer on. When your target gets the file, they run it and it connects to your listener and, vollia! Remote session is in order! No need to tell your crew how to find an IP address or anything techie like that. Gina's guide is dead-easy to follow, so I don't want to repeat anything she has already done so wonderfully.

But, if you are like many home users, you don't have a static IP address you can depend on. And if you sit behind a router, it might get even more complex. Add to that the possibility that your sessions might not be secure unless you decide to set up encryption. You could go with a dynamic DNS solution but maybe all this talk doesn't sound so easy after-all.

What to do?

Enter Hamachi. Hamachi (free) allows you to very easily and very securely set up a virtual private network (VPN) that assigns your pc its own Hamachi-based IP address that remains static to you. So you get an easy to set up VPN, your own static IP address to use as long as you have this installed on your computer, and an encrypted network that (once firewalls are set to allow the traffic) can handle your networking needs. Not a bad deal. Even if your ISP rotates your local IP address dynamically, your Hamachi address will stay the same. Stability is a good thing.

First install Hamachi on your own computer. Accept the defaults during installation and take the brief tutorial. I didn't set mine to run as a service at startup. I did have to ensure I enabled the "Magic" option under System settings as well as unchecked the "Do not use Universal Plug and Play" box. I also made sure two security checkboxes "Block vulnerable Microsoft Windows services" was also not checked.

Then with my static Hamachi IP in hand, I coded the SingleClick text file like Gina explains with my Hamachi IP address, and went ahead and used port 5500. I zipped up the text file and uploaded it to the SC server, then downloaded the resulting exe package. This is what I sent out.

Next I had to get Hamachi installed on my test machine. That was pretty easy to walk someone through over the phone. I prefer to reboot the user's machine first, but Hamachi didn't require it after installation.

Next I changed my HelpDesk.exe file to helpdesk.txt to get it past the email/anti-virus filters and mailed it off to my target pc user.

They saved it and renamed it back to an exe extension.

I launched my Hamachi session and set up a network session.

I had my target user fire up Hamachi, tell their firewall to allow the Hamachi traffic to pass, then had them join my Hamachi network. We were connected. Test text chat and pinging seemed to work fine.

(Note: It took me a while to figure out how to get my own firewall to work with Hamachi, Jetico is pretty tough.)

Next I had the user fire up the HelpDesk.exe file that contained the UltraVNC SC remote server with my Hamachi IP hard-coded into it. They clicked the launch-line and a few moments later, I was greeted on my pc with a request to accept a session from their remote server! I did and we were cooking!

As Gina says, the nice thing about this is you just have to make the file once. Then just get it to your user and get the Hamachi application installed and working on their pc. There are still some layers of tech complexity to it, but it is secure and pretty easy to do.

Some good places I had to read up to put all the pieces together were:

Hamachi combined with VNC in the Hamachi Discussion Forums,

I can take over your computer! on Sean Terney's Web Log

Steve Gibson and Leo LaPorte's Security Now Podcast transcripts:

Episode #18, Hamachi Rocks

Episode #19: VPNs Three: Hamachi, iPig, and OpenVPN

And quite a few of the comments left on Gina's original postings.

So is Hamachi the "cat's meow" in security? I'm not educated enough to make a final call on that one. There are lots of folks that seem to fall into different camps over it. From what I've read (so far) it seems sufficiently secure and reliable to meet my infrequent needs. Although, I'd be open to checking out if OpenVPN or iPig could handle this task as well. I haven't tried them in this configuration so I can't say how they might compare or would work.

In all honesty, it took me a fair bit of trial and error to get past my firewall and router. I use and set up VPN's at work occasionally, but that type of networking mojo isn't really my piece of cake--at heart, I'm a desktop and local network support guy. But in the end I didn't have to enable any port-forwarding on my router and I had to ensure I didn't miss (block) any of either system's firewall activity challenge requests. Once I got past all that I was home free.

So either way you go, a web-based provider service or with a custom-rolled VPN, client-server package. Options are now available to put remote desktop support in the reach of most users--and the family help-desk staff that support them. And there are quite of lot of helpful and skilled gals and guys on the Web to make troubleshooting and getting it all set up that much easier to accomplish.

I know I appreciate the work they've done!

--Claus

No comments: