VNC/SSH to home blocked from work

New to Debian (Or Linux in general)? Ask your questions here!

VNC/SSH to home blocked from work

Postby MEMEs » 2019-03-21 20:26

Hi there,

I can't seem to get into a vnc or ssh to my debian system connection coming from work, i think the the route to my home ip address is blocked for security.
I can however connect to my windows machine at home over vnc with a login service from jump desktop.
When I try to connect to my system using a hotspot over a mobile hotspot everything just works fine so this should indicate my system is working fine.

Can anyone please explain to me how this is possible ? And how i can achieve such a connection over internet ?

I do know these kind of questions fall under the 'noob' category, I however have no idea what keywords I need to search for, this makes searching really difficult.
I've been thinking about this problem on and off for months now but can seem to figure out how to achieve to get my connection going.

Thank you in advance, and sorry for the stupid question.
MEMEs
 
Posts: 9
Joined: 2018-08-15 12:17

Re: VNC/SSH to home blocked from work

Postby pcalvert » 2019-03-21 20:34

Have you configured your router to allow incoming connections on the relevant port(s)?

Phil
“Property is the fruit of labor; property is desirable; it is a positive good
in the world. That some should be rich shows that others may become
rich, and hence is just encouragement to industry and enterprise.”
— Abraham Lincoln
pcalvert
 
Posts: 1862
Joined: 2006-04-21 11:19
Location: Sol Sector

Re: VNC/SSH to home blocked from work

Postby MEMEs » 2019-03-21 21:44

Hi there Phil.

Thank for the reply! Yes I have done so, I can connect to my system from other networks that are not my home. Ive tried mobile hotspots, and coffeeshops etc, they all work.
Only my job wifi (eduroam) gives me problems. Even eduroam Networks at other universities work. My job just has a really aggressive firewall and the IT people behind the service desk don't understand their system so they can't help me.

Thanx in advance
MEMEs
 
Posts: 9
Joined: 2018-08-15 12:17

Re: VNC/SSH to home blocked from work

Postby pcalvert » 2019-03-22 02:50

Did you try configuring your router to listen on a higher port number? For example, some people configure the router to listen on 2222, or 10022, etc., for SSH.

Also here's another possible solution:
https://anydesk.com/

It's free for personal use.

Phil
“Property is the fruit of labor; property is desirable; it is a positive good
in the world. That some should be rich shows that others may become
rich, and hence is just encouragement to industry and enterprise.”
— Abraham Lincoln
pcalvert
 
Posts: 1862
Joined: 2006-04-21 11:19
Location: Sol Sector

Re: VNC/SSH to home blocked from work

Postby MEMEs » 2019-03-22 09:09

Hi there phil,

I've configured the router to forward both ssh and vnc on a different port, if that's what you mean. However, why should the size of the port number matter ?
If I am able to connect to my system on the other side of the globe for both ssh and vnc, that should mean my system and router are set up correctly right ?

I will check out anydesk thank you!
MEMEs
 
Posts: 9
Joined: 2018-08-15 12:17

Re: VNC/SSH to home blocked from work

Postby GarryRicketson » 2019-03-22 13:00

why should the size of the port number matter ?

The port numbers, are the port number, they do not have anything to do with sizes:
Post by pcalvert » 2019-03-21 21:50
Did you try configuring your router to listen on a higher port number? For example, some people configure the router to listen on 2222, or 10022, etc., for SSH.


My job just has a really aggressive firewall ----snip----

If they do not want to permit that type of connection from their system, then you need to respect that,
---snip--- i think the the route to my home ip address is blocked for security.


the IT people behind the service desk don't understand their system so they can't help me
Or they don't want to give you the key's for a reason, I think they probably do know what they are doing, and they have security reasons for not allowing the type of connection you are trying to make to your home. So since they don't want to give the key, you are looking for a way to break in and do what you want, but any way, if what you are trying to do is legal,and conforms to the work places security rules, then you should try to work with them, not against them.
User avatar
GarryRicketson
 
Posts: 5877
Joined: 2015-01-20 22:16
Location: Durango, Mexico

Re: VNC/SSH to home blocked from work

Postby MEMEs » 2019-03-22 14:15

Well, i agree on that. But doesn't it defeat the purpose if i can connect to the windows machine, while not being able to connect to my debian machine?

They do allow connection over vnc using some sort of login token (of the windows jump desktop login application), while banning it without the token. So in my poinion im not voiding any policy?
MEMEs
 
Posts: 9
Joined: 2018-08-15 12:17

Re: VNC/SSH to home blocked from work

Postby GarryRicketson » 2019-03-22 14:51

The token thing might be the solution, but if it only works on windows, then I am not sure what you can do, sounds like you need to figure out a way to make the token work for linux as well, and use the token.
How does this login token work ? Is it some kind of usb device ?
My bank has a usb login token, that is required if one wants to use their online PC services, and for me that is the problem, it is MS windows specfic/only and can not be used on my PC, because I do not use any windows, or ms products,..guess that would be another topic though, but sounds similar,
Did you try the "anydesk" software ?

Anyway, the main point, on the ports, those are not sizes, but port numbers, the number tells it which port to use.
Probably there is a way to resolve this, I remember years back, with a USB broadband device, and I needed certain details, to get it working on linux, when I talked to a so called tech person, they said it would only work on ms windows, they did not know what they were talking about, and eventually I still was able to get it working on linux, often when the so called professional IT techs hear the word linux, they throw up a wall, and do not even look for possible solutions,
User avatar
GarryRicketson
 
Posts: 5877
Joined: 2015-01-20 22:16
Location: Durango, Mexico

Re: VNC/SSH to home blocked from work

Postby pcalvert » 2019-03-22 23:15

MEMEs wrote:I've configured the router to forward both ssh and vnc on a different port, if that's what you mean. However, why should the size of the port number matter ?

If they are blocking the ports you are trying to use, then using different ports may work. Most likely, though, they are only allowing outbound traffic on certain ports and disallowing everything else.

MEMEs wrote:If I am able to connect to my system on the other side of the globe for both ssh and vnc, that should mean my system and router are set up correctly right ?

Yes. However, you may still need to "tweak" the configuration so you can connect from work.

Phil
“Property is the fruit of labor; property is desirable; it is a positive good
in the world. That some should be rich shows that others may become
rich, and hence is just encouragement to industry and enterprise.”
— Abraham Lincoln
pcalvert
 
Posts: 1862
Joined: 2006-04-21 11:19
Location: Sol Sector

Re: VNC/SSH to home blocked from work

Postby TonyT » 2019-03-23 10:42

Most likely the work firewall disallows direct connections to IP addresses and requires fully qualified domain names only. I have run into this situation before. You'll need to use a service like no-ip or another dynamic dns service to be able to connect.
TonyT
 
Posts: 574
Joined: 2006-09-04 11:57

Re: VNC/SSH to home blocked from work

Postby pylkko » 2019-03-23 13:20

The eduroam network has a minimal set of services that they require participating networks to allow. Well, at least the claim so, but I don't know how well they police these...
https://www.eduroam.us/node/96

ssh should always work, but VNC is not listed, meaning that it is entirely up to the institution if they want to allow it. By using X forwarding you should be able to run X programs without the entire desktop so that's not much of an issue

Edit: forgot to mention, but since vpn likely is allowed you might want to consider serving the ssh and vnc over a vpn tunnel. It's more safer than just port forwarding in any case
User avatar
pylkko
 
Posts: 1596
Joined: 2014-11-06 19:02

Re: VNC/SSH to home blocked from work

Postby MEMEs » 2019-03-30 09:00

Hi there,

thanx all for the massive replies!!! Sorry for the late reply, hectic time at work.

- Unfortunately anydesk did not work, the connection is blocked.
- I have tried a wide range of different commonly used ports, they are all blocked.
- connecting via VPN in the middle (PIA) does work, but that does really slow down the traffic speed and makes VPN not fun to work with. I've recently discovered PIA also has proxy, could that be a solution ?
- The 'token' that is used when i connect to my windows computer is the jumpdesktop VNC (proxy?) server i think. I now think the connection to windows works because the jumpdesktop server is used as a proxy (since i log in the app rather than inputting my IP info). When i connect to to jumpdesktop using my ip info the connection is rejected, this is a direct connection so this proxy idea might really be worth it.
- (why do i use jumpdesktop (rather than eg realvnc)? jump allows me to use a vpn connection with a bluetooth citrix mouse on my ipad)
- a vpn tunnel to my home also does not work unfortunately. This might be a clue that my IP address is not in the list of verified servers and is thereby blocked ?
- of course i always use a condom on the internet when needed! :) I'm however only using vnc for some gimp, python and latex work, so no condom needed here (i might still do that after i get the basic connection working however)

Thank you thank you thank you!
MEMEs
 
Posts: 9
Joined: 2018-08-15 12:17

Re: VNC/SSH to home blocked from work

Postby MEMEs » 2019-03-30 09:02

TonyT wrote:Most likely the work firewall disallows direct connections to IP addresses and requires fully qualified domain names only. I have run into this situation before. You'll need to use a service like no-ip or another dynamic dns service to be able to connect.


I think this could be the problem, your posted solution i however something i have never looked into, do you maybe know a useful guide to get me started in this topic ?
Either way i'm gonna devote a couple of hours researching this, thanx!

Does connecting tough a proxy also solve this problem ?
MEMEs
 
Posts: 9
Joined: 2018-08-15 12:17


Return to Beginners Questions

Who is online

Users browsing this forum: No registered users and 7 guests

fashionable