« Henry Earl | Main | Microsoft Releases 'Data Protection Manager' »
April 14, 2005
Remote Desktop for XP
Windows XP has a feature called Remote Desktop that allows you to take control of your computer from a remote PC via the internet.
Microsoft has step-by-step instructions for getting it up and running. But, unfortunately, I haven't been successful at getting it to work for me so far. I assume that my problem is related to the firewall(s) between the two computers.
I'm supposed to establish a VPN connection to my desktop before connecting using Remote Desktop. But, I get a "721 error" when I attempt to connect using VPN. Seems somewhat similar to the problems described here:
http://www.tek-tips.com/viewthread.cfm?qid=717845&page=1
So, I set up a VPN server on my desktop as described here:
http://www.onecomputerguy.com/networking/xp_vpn_server.htm
But, I'm still getting the 721 error attempting to connect the PC remotely from a different subnet outside of the firewall(s).
So, I made changes to the Linksys Router based on this:
http://www.smallnetbuilder.com/Sections-article49-page1.php
Then, I went to Shields Up at Gibson Research Center to verify that port 1723 was open and that I could receive ping requests.
So, from work, I am now able to ping my ip address successfully:
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\>ping 66.250.22.136
Pinging 66.250.22.136 with 32 bytes of data:
Reply from 66.250.22.136: bytes=32 time=102ms TTL=134
Reply from 66.250.22.136: bytes=32 time=87ms TTL=134
Reply from 66.250.22.136: bytes=32 time=72ms TTL=134
Reply from 66.250.22.136: bytes=32 time=76ms TTL=134
Ping statistics for 66.250.22.136:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 72ms, Maximum = 102ms, Average = 84ms
However, I'm still not able to establish a VPN connection. I get the error message:
"Error 721: The remote computer did not respond."
I created a new VPN connection icon, but still get the same results. So, my best guess at this point is that possibly my ISP is blocking my TCP traffic on port 1723, which is required by Microsoft's PPTP protocol. I'll send them an email and ask them.
My ISP replied that they're not blocking traffic on port 1723. So, will try establishing a VPN connection from my neighbor's house to see if that works.
I was able to establish a VPN connection into my PC from my neighbor's house, but was unable to get Remote Desktop to function. So then, I tried to run Remote Desktop from my laptop. I was able to run Remote Desktop and connect to my server over my wireless LAN, however I had to specify my Computer Name (instead of a TCP/IP address).
So, apparently, my router is not allowing Remote Desktop traffic to pass through. So, I added port forwarding for port 3389 using TCP protocol in my router configuration.
This explains how to force Remote Desktop traffic to use a different port, as the port 3389 is supposedly a target of hackers:
http://www.dslwebserver.com/main/fr_index.html?/main/sbs-remote-desktop-change-port.html
Then, I tried from work, and got Remote Desktop to work by putting in my static IP address for the Computer Name. Success! Unfortunately, I'm not able to establish a VPN connection from work. So, this must be due to a firewall here a)at Wispertel or b)here at work, as I am able to establish a VPN connection from my neighbor's house.
But, what I find most interesting, is how Virutal Private Network(VPN) relates to Remote Desktop. Microsoft indicates that a VPN connection should be established before using Remote Dekstop, however, I was able to run Remote Desktop without a VPN, so I'm not clear what the deal is. Is VPN optional? If so, what are the benefits of using it? Reportedly the RDP protocol is secure, but how secure is it? Is it less secure than VPN? The Remote Desktop Protocol(RDP) uses port 3389, but Microsoft's PPTP VPN Protocol uses port 1723. If I establish a VPN connection, how can I direct Remote Desktop to utilize the VPN connection? If it truly does use the VPN connection, shouldn't I be able to stop Port Forwarding on the router to Port 3389 and only use Port 1723 for the Remote Desktop over VPN?
Tonight, I decided to get the Remote Desktop to use a different port, as 3389 is somewhat of a security risk. So, I went into the Linksys router configuration and forwarded a different port (say port 4000) to port 3389. (Hint: I didn't use port 4000. I'm not telling what port I'm using. It's a secret.)
So now, to connect to the Remote Desktop server, when you specify a computer name or IP address, just end it with a ':4000' to specify a port other than 3389. Tomorrow, I'll get to see if it actually works.
Many companies have firewalls that restrict access to the internet. To prevent circumvention of the firewalls, many companies block the creation of Virtual Private Network(VPN) tunnels out of the firewall. They do this by restricting TCP traffic on port 1723, which is required by Microsoft's PPTP VPN protocol. One suggestion to breach the firewall without the use of a VPN tunnel is to create a Remote Desktop Protocal(RDP) tunnel. RDP uses RSA Security's RC4 cipher, a stream cipher designed to efficiently encrypt small amounts of data with 128 bit keys. Because RDP operates over port 3389, it is often open for RDP/TCP traffic.
RDP can be used to remotely control the desktop of another Windows XP Pro machine, effectively circumventing the firewall.
Posted by Peenie Wallie on April 14, 2005 at 2:56 PM
Comments
I need to connect to internet using VPN connection, because i'm using Upstream that using VPN, but the 1723 Port was closed by my ISP, could i open it remotely ?
Please gimme a comment.
Thank You
Posted by: Yanuar Ridho Hidayat on August 3, 2005 at 7:45 AM
Very helpful article! I was looking for info. on changing the port Remote Desktop uses and this hit the spot. :)
Posted by: Anonymous on August 4, 2005 at 8:49 AM
Posted by: spascho on March 7, 2009 at 9:52 AM