I am not an expert on VPN but have some experience using CheckPoint VPN SecureClient. VPN is Virtual Private Network the operative word being Private. When your server creates a VPN client connection with your work LAN it becomes part of the LAN through this tunneled connection. To understand what happens from the VPN client, open the Device Manager and look at the installed network adapters and you should see one for your VPN client. Open network properties and you will see the VPN virtual network adapter and its TCP/IP protocol settings are bound to your physical network adapter.
When you make a VPN client connection to the work LAN, the virtual adapter takes over the TCP stack as a software abstraction layer which takes control of the physical adapter. It is at this point that VNC drops out because you are no longer on the same logical network. If I use CheckPoint's VPN SecureClient at my house I can no longer see my home LAN PC's or network shares and vice versa. This is by design! How secure would your work LAN be if you (or anyone else) could get to your work LAN resources from a non-tunneled machine on your home network because of your local topology? Not very! For this reason, I abandoned using VPN into the office LAN. Is there a way around this? Yes, you can run VPN clients on both of your machines to the same firewall and/or VPN appliance on your work LAN and then VNC between your PC's. I've done it and it works. However, because of the firewall rules that must be traversed and the fact that all your packets now go from PC to PC on your LAN via the internet and the VPN firewall it is painfully slow. The real solution is to make sure you can get through port 23 on your firewall, run a SSH server on your work desktop and connect with putty (SSH client) from home. If you want you can run this from your server as basically a persistent connection and VNC into the server VNC session form your primary to operate the remote session. I do something similar all the time where I VNC from home to my work PC then VNC from there to workstations running Solaris (Sparc). The connection speeds are very good and the internet connection is compressed and encrypted through the SSH tunnel. Some potential caveats for this: willingness of your network admin -- you ideally should have a fixed private IP address that NATs to a dedicated public IP address and DHCP just won't cut it here. You can also use a port mapping so that you use SSH to some arbitrary high port number that gets mapped to port 23 on your work desktop. You then specify that high port number and the firewall IP address to open the tunnel to your desktop. I hope this long-winded discussion is helpful. Regards, Glenn Lovitz >-----Original Message----- >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] >Behalf Of S-C DePiero >Sent: Thursday, June 05, 2003 8:06 PM >To: [EMAIL PROTECTED] >Subject: RE: Controlling a remote VNC Server accessing a VPN > > >Just a "bump" - would really appreciate any assistance on this one. > >-----Original Message----- >From: S-C DePiero [mailto:[EMAIL PROTECTED] >Sent: Sunday, June 01, 2003 8:32 PM >To: '[EMAIL PROTECTED]' >Subject: Controlling a remote VNC Server accessing a VPN > > >I'm running UltraVNC Viewer and Server on a home LAN. On my primary PC >I am using Viewer to access another LAN PC running the Server. On this >Server PC I run corporate Nortel VPN software to connect to my >company's >network (until recently the Server box was my primary). My UltraVNC >connection operates successfully without a hitch, until I connect the >Server PC to the VPN. At that time the UltraVNC connection is lost and >I can no longer access the Server PC. The VPN connection is >established >successfully (I know that, because I've added a monitor to the Server >PC). I would prefer to access the corporate VPN via the UltraVNC >connection, instead of installing the - fairly invasive - >software on my >primary PC. > >Why does the VPN crash the VNC connection? Is there a way to >workaround >this? > >THANKS! >_______________________________________________ >VNC-List mailing list >[EMAIL PROTECTED] >To remove yourself from the list visit: >http://www.realvnc.com/mailman/listinfo/vnc-list _______________________________________________ VNC-List mailing list [EMAIL PROTECTED] To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
