Bienvenido! - Willkommen! - Welcome!

Bitácora Técnica de Tux&Cía., Santa Cruz de la Sierra, BO
Bitácora Central: Tux&Cía.
Bitácora de Información Avanzada: Tux&Cía.-Información
May the source be with you!

Friday, September 14, 2012

VPN related

Virtual Private Network (VPN) is the technology that you can use to access the office or home network remotely and securely over the Internet, so that the communication data is protected from sniffing or hijacking by hackers.
When the VPN connection is established between 2 parties (between a VPN client and VPN gateway or between 2 VPN gateways), a secured virtual tunnel will be created with capability to encrypt the data (so no hacker can see the data content), preserve data integrity (no data change during transmission) and ensure the communication only happen between that 2 authenticated parties.
There are 2 common types of virtual private network, which are remote access VPN and site-to-site VPN.
Remote Access VPN
Remote access VPN is very common VPN service that you can set up in your office or home network. It can be implemented by setting up a VPN gateway or server and you can connect to it by using VPN client from other locations. If not, you can also subscribe to VPN service provided bya VPN provider for similar secure access too.
As you can see from the diagram below, whether at airport, library, restaurant or other public hotspots, the user can launch VPN connection by using VPN client on the computer and connect to VPN gateway. Whenever the user computer sends the data, the VPN client software encrypts that data before sending it over the Internet to the VPN gateway at the edge of the destination network. Once the VPN gateway receives the data, it decrypts the data and sends the packet to the destination computer in its private network (office or home network), after that the destination computer will encrypt the returning data as well.
The remote access VPN is supported by L2F, PPTP, L2TP and IPsec tunneling protocols.
Sometimes if the user uses the web browser instead of VPN client to connect to VPN gateway, we call this type of VPN as SSL VPN.
Remote Access VPN Network Diagram
Site-to-Site VPN
Site-to-site VPN is the VPN connection established between 2 VPN gateways that reside in 2 different networks over the Internet, so that both networks’ computers can exchange data securely. There is no VPN client needed on user computers. The VPN connection will be established between both VPN gateways. Both VPN gateways will encrypt and decrypt the communication data to ensure the security and integrity of data.
The site-to-site VPN can be supported by IPsec tunnel mode, PPTP, L2TP over IPSec tunneling protocols. Interesting? You can also take a look on these VPN products to get more info!
Site-to-Site VPN Network Diagram
Related Articles: TeamViewer review
TeamViewer is a free tool that makes it incredibly easy to set and use a VPN connection; a Virtual Private Network that lets you take complete control of another PC from your own computer, whether they're separated by a soda can or a continent (and as long as both machines are running TeamViewer). It enables two-way connections in which users can flip control back and forth. TeamViewer also lets you hold virtual meetings with multiple participants (again, they all must have TeamViewer installed). With a name like TeamViewer, you'd expect it to be an enterprise-ready tool, and you'd be right: TeamViewer's robust simplicity is what happens when multiple users of vastly different skills need to use software. After a while, the bugs get squashed pretty firmly. But TeamViewer is free to non-commercial users. That means you can use it to access your work and home PCs remotely, of course. But you can also install it on your mom's PC (for example) and provide tech support from home.
We installed and opened TeamViewer on two Windows 7 PCs; one a 64-bit desktop, the other a 32-bit netbook. TeamViewer provides a user name and password for each machine. You simply need to enter each machine's numbers in the other to create a connection. The host PC's screen displays the remote PC's desktop in a window, and the host machine's mouse and keyboard control the remote PC's counterparts. We could open folders, files, and programs; run processes; and change settings: anything we could do with the remote machine's own controls, we could do from our main PC's controls, too, with TeamViewer. We tried the Meeting tool, too, but since we had TeamViewer installed on just two PCs, our pool of invitees was a bit small. TeamViewer offers some useful options; for instance, you can limit it to file transfers if you don't need total control.
TeamViewer is simply the easiest tool of its type we've used, and a far cry from the VPN apps of not so long ago. And it can cut down on the phone tag when friends and family need tech support!

Publisher's Description

From TeamViewer:

Would you like to help friends or acquaintances with their computer problems from a remote location or have them help you? Do you want to make large files available to others - quickly and easily? Or would you like to show your desktop to someone at a remote location? In these and many other cases, TeamViewer is the perfect freeware for you. Use TeamViewer free of charge as a personal user and benefit from its extensive capabilities: remote control of computers, transfer of files, working online with others in a team, starting instant online meetings or scheduling your meetings in advance, communicating via VoIP or video, chatting or presenting online. TeamViewer is easy to use and secure (and trouble-free behind firewalls, proxy servers and NAT routers). Test it yourself: Download TeamViewer (without registration). Your first connection will be up and running in two minutes.

Logmein or Teamviewer? (2009)
The computer that is acting as the server, does it have Windows Firewall (or equivalent) turned on, and is that also got the VPN port open?
For IP address, I'd suggest you get a static IP at home, then setup a domain name to point to it, such as, and enter this as your server address.
With a VPN, you need to pull the large file across the connection before any processing can be done to it. I know most myob biz basics files are about 20-50mb.
Anyhow with a remote desktop, the processing is done on the remote computer, and a picture of the result is sent across the link. For older programs that dont use any modern database system like sql and they talk to the file directly, it can be a time consuming process working over a vpn. Remote desktop is much better suited for this.

Basically the VPN transfers your whole company file across the -slow- and -expensive- link to your client computer, just to process a quick and simple query. 
The remote desktop (RDP) or teamviewer / logmein will run the program on the remote computer, and allow you to control it. It only sends keystrokes and mouse movements back to your office computer, and that inturn just sends back small images. It also can cache commonly used images such as a picture of your start menu or desktop to save on bandwidth. A more common system of this is called a Terminal Server - I administer about 200 workstations that log into servers (in a similar way to yours) to access a company database application. It uses very little bandwidth because of the screen image caching and database files themselves do not need to be sent to remote clients - Just pictures of the program. 
Teamviewer as you have found will work very well. I use it to administer remote workstations for some of my smaller business customers.
You are not doing anything wrong with a VPN, its just slow and expensive and the teamviewer gives you the same end result, with less bandwidth used and its faster. 
Your next issue that you may encounter will be printing. 
You can easily print with the program running locally on your laptop and accessing the file via the vpn. The local program will generate the print and send it to an attached printer just like any other program on your laptop. 
With teamviewer, the program is running on the remote computer / server and so it doesnt see your local printer as attached to the pc. To get around this, you will need to install a program called PDF Creator and email printouts to your local pc from the server computer, or investigate something called microsoft remote desktop which works similar to teamviewer but when you connect to a server computer, your local printers are added and print jobs are sent virtually through the remote desktop connection. Microsoft remote desktop is built into XP Pro and upper versions of vista and win7. The client program is built into xp home/pro/all vista and all 7.

You can use Remote Desktop as suggested - but you will need to configure a port forward on your router. I use Logmein in some of my PCs at home. It requires no port configuration. You can remote access/control your PC without having to configure shares, firewall, etc.
Hamachi is a VPN and you will have FILE access. I suggested Logmein, which is the remote access and you will have remote control of the PC - very different things.
I'd agree your VPN issue is most likely to be related to the IP address or perhaps a firewall issue,  VPN hosts really need a fixed IP address to simplify day to day usage / management.
For client support/access I use a mix of VPN,  Microsoft Remote Desktop and Teamviewer depending on the client.  
I've found I can achieve the most consistently reliable connections both within NZ and NZ/Australia using Teamviewer & Remote Desktop.  
While my VPN connection does work reasonable well most of the time,  I've often experienced brief dropouts which have caused corrupt files etc.
I often connect to a client in country Victoria and they use a Satellite/Dial-up hybrid connection which has good download but very poor upload and despite that it still is quite usable with Teamviewer (it will not work using a VPN).
Maybe a dumb response, but is the router suitable for VPN ? 
The other thing that springs to mind is that I make sure that ports TCP 1723, UDP 500, 10701 are open.
Rather than doing the port forwarding yourself by using port 1723 does the modem have a list of applications that you can just choose and it does all the port forwarding for you?
If it does look for VPN or PPTP and select that.
As pointed out in an earlier post PPTP VPN does require more than just port 1723 to be forwarded, the router also needs to support VPN passthrough.
How It Works
HideIPVPN provides an encrypted tunnel between your computer and our servers across the United States, Canada and Europe.
As you probably know by now, "Your IP is Your ID".
With our Premium VPN your IP address is hidden and your data is safe.
The only IP addresses seen by the outside world while browsing with HideIPVPN are those of our servers.
This also allows you to view websites you otherwise can't, such as Facebook, Youtube, Pandora, Skype, Hulu, and the BBC Player.
With HideIPVPN your ISP is not able to monitor and control your online communications and browsing activity.
All traffic is encrypted and no website URLs, videos, e-mails or downloads are seen by your ISP.
To sum up, a Premium VPN (HideIPVPN) is capable of protecting you while browsing the Internet and also allows you to unblock geo-restricted websites.
Why VPN? 
Provides a layer of security and anonymity
Protects you by hiding your real IP address
Secure connection between your PC and the Internet (128-2048bit)
Access sites restricted to US and UK residents
Anonymous Internet Surfing Security for Hotspot Wireless Access Users
Unblock all VOIP Applications include Skype
Hamachi ( provides a very easy setup for a VPN, after setting up your server, you'll just need to configure your router to open up the applicable ports.
Check out

No comments: