Windows equivalent to a Linux product?

Byron Clark byron at theclarkfamily.name
Tue Dec 20 21:20:15 MST 2005


On Fri, Dec 09, 2005 at 11:43:29AM -0700, Gabriel Gunderson wrote:
> On Fri, 2005-12-09 at 09:39 -0700, Kenneth Burgener wrote:
> > 
> > If you have the option, I would recommend Windows Remote Desktop over 
> > RealVNC and TightVNC, as it performs much better, plus it has some
> > sort of encrypted stream, where RealVNC (free) does not.
> 
> I like RDP and use it when needed in a private subnet, but I like VNC
> for ease when outside of the network and going through a gateway.
> 
> me <-> Internet <-> gw.somedomain.tld <-> host1.somedomain.tld
> 
> In that case I run:
> vncviewer  --via=gw.somedomain.tld  host1
> 
> And all I have to do is have port 22 open for ssh and have an account on
> the gateway.  If I want another host inside the private subnet I just
> change it to:
> vncviewer  --via=gw.somedomain.tld  host2
> 
> I found that unless you want to set up tunnels ahead of time or do port
> forwarding with iptables, you can't get the same behavior from RDP.  If
> you have 150 hosts on the private subnet it's not really that practical
> or desirable to forward ports to each computer or to manually set up
> tunnels.
> 
> With the "via" option the traffic is encrypted with ssh while over the
> Internet but unencrypted on the private network.  Not really that great
> but acceptable in many cases.
> 
> If I knew a way to do the same thing with RDP I would use it
> exclusively.  Any ideas?

Just figured how to do something very similar with rdesktop and some
helper programs.

For this example, let's assume that the machines you want to connect to
are all on the 192.168.12.0/24 subnet.  The gateway machine will be
gw.somedomain.tld and will be able to see the 192.168.12.0/24 subnet.

1 - Install rdesktop
2 - Install openssh (you already had this, right?)
3 - Install dante (the client portion, dante-client on debian)
4 - Add the following lines to /etc/dante.conf
route {
    from: 0.0.0.0/0 to: 192.168.12.0/24 via: 127.0.0.1 port = 1337
    protocol: tcp udp
    proxyprotocol: socks_v4 socks_v5
    method: none
}
5 - Connect to the gateway: ssh -l username gw.somedomain.tld -D 1337
6 - Run remote desktop like this: socksify rdesktop 192.168.12.14
7 - Connect to another remote desktop: socksify rdesktop 192.168.12.15

Why it works: You are using ssh to create a SOCKS proxy on port 1337 of
your local machine.  dante uses LD_PRELOAD to turn any application into
a SOCKS aware app.  The route says that anything the dante library sees
going to the 192.168.12.0/24 subnet will use the SOCKS proxy created by
ssh.  Using socksify before the rdesktop command runs rdesktop with the
dante LD_PRELOAD magic.  

Yes it's a bit more cumbersome, but there is the benefit of not having
to install vnc on all the machines you want to connect to.

-- 
--------------------------------+-----------------------------------
Byron Clark                     |       http://www.byronandannie.net
byron at theclarkfamily.name       |      http://bits.byronandannie.net 
--------------------------------+-----------------------------------
GnuPG Fingerprint: 0365 6979 6C3E BC0C 56C0 FB7F 12B3 75DD 042B EA68

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://plug.org/pipermail/plug/attachments/20051220/a6d9a4c4/attachment.bin 


More information about the PLUG mailing list