Sunday, December 27, 2009

Howto setup Remote Desktop over Internet, Dynamic DNS

Recently, I was helping a few friends to remote desktop into their machines over the internet, and was annoyed at the amount of work and explaining required, so I'm putting together this simple guide to ease the process of me having to explain everything, and hopefully get the most complete and simple guide out there on the web. 

***Disclaimer***
This guide will show you how to connect to your computer using windows remote desktop and port 3389. I do NOT recommend this if you are worried about security. I may add other options later to this guide.
******
 Essentially, this guide will show you how to remote desktop into your computer over the internet. First, before you go through all of the trouble, let me inform you of Log Me In which essentially does the same thing... with better encryption and the free version has many useful features, and works on more operating systems.  However, this tutorial also covers mapping a free (or purchased) hostname to dynamic DNS, which has other benefits such as setting up your own webserver.

There are six simple steps that need to be done to achieve remote desktop over the internet:
1.  Ensure your Operating System has the capability.
2.  Enable remote desktop.
3. Ensure the host's firewall is properly configured.
4. Setup port forwarding on the host router.
5. Enabling Internet access.
6.  If you have a dynamic IP, setup DDNS (dynamic DNS)
7. Configure automatic DDNS updates.

First, lets take a look at the most common setup you will be working with:
Essentially, you will be attempting to remote desktop to a remote computer through your (typically) home router, to the internet, through the remote router, and to the remote desktop.
Operating System Compatibility
First you need to ensure that your operating system supports remote desktop (aka terminal services).  The desktop versions of the Windows operating system support remote desktop, as well as many of more feature-heavy versions of windows, such as Ultimate.  Windows Home Edition does not support remote desktop as a server. However, Windows HE does have a Remote Desktop Client, which enables it to connect to a remote desktop.  As well, almost all linux distros have the ability to connect to remote desktop sessions.
Enabling Remote Desktop
Enabling remote desktop is quite simple.  The screenshot below shows how to enable remote desktop on Windows 7, which should be very similar to Windows Vista.  Essentially, right-click on My Computer, select properties, and look for "Remote".
Then, just enable remote desktop.  Another important step to take is to enable the appropriate users access to remote desktop.  By default, the administrator already has access to remote desktop.  Your computer is now set up to receive remote desktop connections!  If you have another computer in the same LAN, you can go ahead and test this to see if this works.. if not, you will have to complete the next step!
Host Firewall Configuration
If you are unable to connect, you may have a problem with your firewall.  In Windows, these settings should be found in the control panel, under "System and Security".  Ensure that "Remote Desktop" is enabled and allowed.
Port Forwarding on the Host Router
However, enabling remote desktop on the host machine will be very unproductive (get it?) without enabling port forwarding on your router.  Port forwarding essentially tells your router that when an external request is made for port 3389 (the remote desktop port) it should forward that request to a certain IP Address, specifically the one that is hosting remote desktop.  Connecting to your router to make this configuration is quite easy.  Look on your router itself.. there should be a default IP address (something like 192.168.1.1 or 10.10.10.1) on the router for you to use to connect.  As well, there should be a default username and password.  Next, direct your browser there by typing http://[IP ADDRESS], i.e. http://192.168.0.1 and logging in using the username and password.  (Hint: if you are still using your default username and password I highly recommend you change it. It is very insecure.)  Once you log on, you will need to go through your menus until you find something called "Port Forwarding".  Once you find that, you will need to forward port 3389 to your computer, so you can connect to it from a remote machine.
However, to do so you need to determine the IP address of your computer.  The easiest way to do that is to run ipconfig on your computer. To do so, hit the start button and (on Windows XP and earlier, select Run) type cmd.exe in the command prompt, and hit enter.  This should bring up a black command command prompt.  Type "ipconfig" into the command prompt and hit enter.  Next, look for Local Area Connection, and IP address, or IPv4 address.  This  is the address you will enter into the port forwarding address on your router.   

Next you need to ensure that remote desktop is working in the LAN before we attempt to connect over the internet. You will need another computer in the same LAN (behind the same router) to attempt to connect to the computer.  To do so, you will once again bring up the run prompt, (or in Windows Vista and 7 in the search box) type mstsc and press enter.  This will bring up a window that looks similar to the one shown 
below.  In the computer box, you need to enter the IP address of the remote computer you wish connect to.  After you enter the IP address and hit connect, you will be prompted to enter your username and password to connect.  After you login, you should see your desktop and be able to interact with it remotely!
Next, we need to make sure we can replicate this effect over the internet.



Setting up Internet Access
To access your computer over the internet you need to have some way to find your computer in the vast maze of the internet.  To do this you need to know your external IP address.  Just like your router assigns IP addresses to your computers, you internet provider assigns IP addresses to all of it's subscribers.  To access your computer, you need to know your external IP address.  The simplest way to find your external IP address is to visit IP Chicken where your IP address will be shown.  However, many providers, for various reasons, give out dynamic ip addresses, which will change periodically, which will render your ability to connect to your computer limited to until your IP address changes.  Fortunately, there is a way to rectify the situation.
Setting up Dynamic DNS
To rectify a dynamic DNS problem, you need an easy way to link your changing IP address to an unchanging address.  This can be done with a web address using dynamic dns. (DNS is a service that converts and IP address (77.200.65.70 for example) to a web address).  To do this, you need a dynamic dns service such as DynDNS.  DynDNS is the most popular service for this, but there are others.  Once you have an account at DynDNS, you can add a host, and it will allow you to choose from several options for a hostname.  For example, my hostname from dynDNS is http://deranjer.is-a-geek.com.

Automatically updating Dynamic DNS
After setting up your hostname, you need to set up a way for your IP updates to reach dynDNS.  This is done one of two ways.  You can run an updater that runs on your computer and sends updates to dynDNS, or you can set up dynDNS to run on your router.  Most modern routers have an option for setting up a dynamic IP updater directly from the router. Just choose your service, enter your username and password, and you should be good to go.  If your router does not support this, download the dynamic IP updater program and run that on your computer, and that should keep it updated.  Now you should be able to remote desktop into your home computer using your website address (sometimes it takes a little while for the DNS updates to cascade all the way down, so if you are unable to reach it sometimes just waiting will clear that problem up).

This concludes the guide for remote desktop over Internet.  Happy remote desktoping!

7 comments:

  1. 人必須心懷希望,才會活的快樂,日子才過得充實,有意義,有朝氣,有信心。........................................iphone聊天室

    ReplyDelete
  2. For someone with a degree in Network Security I'm quite surprised to see you recommended folks setup their environments with very little security. A brief discussion of encrypted tunnels would have been simple and appropriate.

    ReplyDelete
  3. Taken from the post:

    ***Disclaimer***
    This guide will show you how to connect to your computer using windows remote desktop and port 3389. I do NOT recommend this if you are worried about security. I may add other options later to this guide.
    ******

    ReplyDelete
  4. Good how-to guide for remote desktop software, I wish I had seen this when I was setting mine up - it would have made the process a whole lot smoother.

    ReplyDelete
  5. Very useful post on accessing a PC remotely. DynDNS is no longer free. dynu.com is a good free alternative.

    ReplyDelete