Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

VNC/SSH to home blocked from work

New to Debian (Or Linux in general)? Ask your questions here!
Post Reply
Message
Author
MEMEs
Posts: 9
Joined: 2018-08-15 12:17

VNC/SSH to home blocked from work

#1 Post by MEMEs »

Hi there,

I can't seem to get into a vnc or ssh to my debian system connection coming from work, i think the the route to my home ip address is blocked for security.
I can however connect to my windows machine at home over vnc with a login service from jump desktop.
When I try to connect to my system using a hotspot over a mobile hotspot everything just works fine so this should indicate my system is working fine.

Can anyone please explain to me how this is possible ? And how i can achieve such a connection over internet ?

I do know these kind of questions fall under the 'noob' category, I however have no idea what keywords I need to search for, this makes searching really difficult.
I've been thinking about this problem on and off for months now but can seem to figure out how to achieve to get my connection going.

Thank you in advance, and sorry for the stupid question.

pcalvert
Posts: 1939
Joined: 2006-04-21 11:19
Location: Sol Sector
Has thanked: 1 time
Been thanked: 2 times

Re: VNC/SSH to home blocked from work

#2 Post by pcalvert »

Have you configured your router to allow incoming connections on the relevant port(s)?

Phil
Freespoke is a new search engine that respects user privacy and does not engage in censorship.

MEMEs
Posts: 9
Joined: 2018-08-15 12:17

Re: VNC/SSH to home blocked from work

#3 Post by MEMEs »

Hi there Phil.

Thank for the reply! Yes I have done so, I can connect to my system from other networks that are not my home. Ive tried mobile hotspots, and coffeeshops etc, they all work.
Only my job wifi (eduroam) gives me problems. Even eduroam Networks at other universities work. My job just has a really aggressive firewall and the IT people behind the service desk don't understand their system so they can't help me.

Thanx in advance

pcalvert
Posts: 1939
Joined: 2006-04-21 11:19
Location: Sol Sector
Has thanked: 1 time
Been thanked: 2 times

Re: VNC/SSH to home blocked from work

#4 Post by pcalvert »

Did you try configuring your router to listen on a higher port number? For example, some people configure the router to listen on 2222, or 10022, etc., for SSH.

Also here's another possible solution:
https://anydesk.com/

It's free for personal use.

Phil
Freespoke is a new search engine that respects user privacy and does not engage in censorship.

MEMEs
Posts: 9
Joined: 2018-08-15 12:17

Re: VNC/SSH to home blocked from work

#5 Post by MEMEs »

Hi there phil,

I've configured the router to forward both ssh and vnc on a different port, if that's what you mean. However, why should the size of the port number matter ?
If I am able to connect to my system on the other side of the globe for both ssh and vnc, that should mean my system and router are set up correctly right ?

I will check out anydesk thank you!

User avatar
GarryRicketson
Posts: 5644
Joined: 2015-01-20 22:16
Location: Durango, Mexico

Re: VNC/SSH to home blocked from work

#6 Post by GarryRicketson »

why should the size of the port number matter ?
The port numbers, are the port number, they do not have anything to do with sizes:
Post by pcalvert » 2019-03-21 21:50
Did you try configuring your router to listen on a higher port number? For example, some people configure the router to listen on 2222, or 10022, etc., for SSH.
My job just has a really aggressive firewall ----snip----
If they do not want to permit that type of connection from their system, then you need to respect that,
---snip--- i think the the route to my home ip address is blocked for security.
the IT people behind the service desk don't understand their system so they can't help me
Or they don't want to give you the key's for a reason, I think they probably do know what they are doing, and they have security reasons for not allowing the type of connection you are trying to make to your home. So since they don't want to give the key, you are looking for a way to break in and do what you want, but any way, if what you are trying to do is legal,and conforms to the work places security rules, then you should try to work with them, not against them.

MEMEs
Posts: 9
Joined: 2018-08-15 12:17

Re: VNC/SSH to home blocked from work

#7 Post by MEMEs »

Well, i agree on that. But doesn't it defeat the purpose if i can connect to the windows machine, while not being able to connect to my debian machine?

They do allow connection over vnc using some sort of login token (of the windows jump desktop login application), while banning it without the token. So in my poinion im not voiding any policy?

User avatar
GarryRicketson
Posts: 5644
Joined: 2015-01-20 22:16
Location: Durango, Mexico

Re: VNC/SSH to home blocked from work

#8 Post by GarryRicketson »

The token thing might be the solution, but if it only works on windows, then I am not sure what you can do, sounds like you need to figure out a way to make the token work for linux as well, and use the token.
How does this login token work ? Is it some kind of usb device ?
My bank has a usb login token, that is required if one wants to use their online PC services, and for me that is the problem, it is MS windows specfic/only and can not be used on my PC, because I do not use any windows, or ms products,..guess that would be another topic though, but sounds similar,
Did you try the "anydesk" software ?

Anyway, the main point, on the ports, those are not sizes, but port numbers, the number tells it which port to use.
Probably there is a way to resolve this, I remember years back, with a USB broadband device, and I needed certain details, to get it working on linux, when I talked to a so called tech person, they said it would only work on ms windows, they did not know what they were talking about, and eventually I still was able to get it working on linux, often when the so called professional IT techs hear the word linux, they throw up a wall, and do not even look for possible solutions,

pcalvert
Posts: 1939
Joined: 2006-04-21 11:19
Location: Sol Sector
Has thanked: 1 time
Been thanked: 2 times

Re: VNC/SSH to home blocked from work

#9 Post by pcalvert »

MEMEs wrote: I've configured the router to forward both ssh and vnc on a different port, if that's what you mean. However, why should the size of the port number matter ?
If they are blocking the ports you are trying to use, then using different ports may work. Most likely, though, they are only allowing outbound traffic on certain ports and disallowing everything else.
MEMEs wrote: If I am able to connect to my system on the other side of the globe for both ssh and vnc, that should mean my system and router are set up correctly right ?
Yes. However, you may still need to "tweak" the configuration so you can connect from work.

Phil
Freespoke is a new search engine that respects user privacy and does not engage in censorship.

TonyT
Posts: 575
Joined: 2006-09-04 11:57

Re: VNC/SSH to home blocked from work

#10 Post by TonyT »

Most likely the work firewall disallows direct connections to IP addresses and requires fully qualified domain names only. I have run into this situation before. You'll need to use a service like no-ip or another dynamic dns service to be able to connect.

User avatar
pylkko
Posts: 1802
Joined: 2014-11-06 19:02

Re: VNC/SSH to home blocked from work

#11 Post by pylkko »

The eduroam network has a minimal set of services that they require participating networks to allow. Well, at least the claim so, but I don't know how well they police these...
https://www.eduroam.us/node/96

ssh should always work, but VNC is not listed, meaning that it is entirely up to the institution if they want to allow it. By using X forwarding you should be able to run X programs without the entire desktop so that's not much of an issue

Edit: forgot to mention, but since vpn likely is allowed you might want to consider serving the ssh and vnc over a vpn tunnel. It's more safer than just port forwarding in any case

MEMEs
Posts: 9
Joined: 2018-08-15 12:17

Re: VNC/SSH to home blocked from work

#12 Post by MEMEs »

Hi there,

thanx all for the massive replies!!! Sorry for the late reply, hectic time at work.

- Unfortunately anydesk did not work, the connection is blocked.
- I have tried a wide range of different commonly used ports, they are all blocked.
- connecting via VPN in the middle (PIA) does work, but that does really slow down the traffic speed and makes VPN not fun to work with. I've recently discovered PIA also has proxy, could that be a solution ?
- The 'token' that is used when i connect to my windows computer is the jumpdesktop VNC (proxy?) server i think. I now think the connection to windows works because the jumpdesktop server is used as a proxy (since i log in the app rather than inputting my IP info). When i connect to to jumpdesktop using my ip info the connection is rejected, this is a direct connection so this proxy idea might really be worth it.
- (why do i use jumpdesktop (rather than eg realvnc)? jump allows me to use a vpn connection with a bluetooth citrix mouse on my ipad)
- a vpn tunnel to my home also does not work unfortunately. This might be a clue that my IP address is not in the list of verified servers and is thereby blocked ?
- of course i always use a condom on the internet when needed! :) I'm however only using vnc for some gimp, python and latex work, so no condom needed here (i might still do that after i get the basic connection working however)

Thank you thank you thank you!

MEMEs
Posts: 9
Joined: 2018-08-15 12:17

Re: VNC/SSH to home blocked from work

#13 Post by MEMEs »

TonyT wrote:Most likely the work firewall disallows direct connections to IP addresses and requires fully qualified domain names only. I have run into this situation before. You'll need to use a service like no-ip or another dynamic dns service to be able to connect.
I think this could be the problem, your posted solution i however something i have never looked into, do you maybe know a useful guide to get me started in this topic ?
Either way i'm gonna devote a couple of hours researching this, thanx!

Does connecting tough a proxy also solve this problem ?

Post Reply