Original of this article you can find here: https://total.germanov.dev/blog/how
Introduction
In this post, we discuss a simple topic: how to connect to a remote computer from your local computer from different locations, either from the same room or from another continent. We start from the basics, sorry if it seems too simple and primitive for you, but it's required to make this discussion complete and to meet the title.
"Connect to a remote computer" - what does it mean?
To answer this, need to clarify what need to know to connect to the remote computer. It's obvious, that we need to know an address to connect to - the address that computer has in a network of your local computer. The "network" in this case is either your office or home local network or Internet. We limit our discussion to TCP/IP networks only, so, in this case, we need to know the IP address of the remote computer and it should be in the same network as your local host.
However, is it enough to connect? It depends on what do you want as a result of this connection. In one case, you can connect to see files of the remote computer, in another case you can connect to see and control the GUI desktop of it, or, for example, a Web interface of the remote computer if it has it. All these things are network services of the remote computer. Consequently, here is an answer to a question from a title: connect to remote computer = connect to required networked service or services of the remote computer. Keeping this in mind, let's return again to a question of what is required to know to connect to the remote computer.
Earlier we found that in order to connect to the remote computer, we need to know its IP address and have access to it. But then we clarified that a single remote computer may have several network services to connect to. So, how to connect to different services, having only a single address? Obviously, it's impossible, that is why need to have a second address in addition to IP - an address of network service. In TCP/IP networks, the address of network service is defined as a port and this is defined as a number in a range from 1 to 65535. The server process of each network service binds to some port number during the start. For example, if remote Mac has a remote GUI desktop service, then it usually runs on port 5900. Also, if a remote computer has a web interface, then it usually works on port 80, or on 443 sometimes. Here we say "usually", because it is not always true. On the one hand, there is a convention that exists about standard port numbers for each service, but in fact, a system administrator of the remote computer can run any service on any port. That is why, it's required to know exactly, which port each remote service runs. So, at the current stage, this is what we have to know to connect to the remote computer:
- An IP-address of the remote computer.
- A port number of service, to which required to connect.
However, even this is not enough. In addition, it's required to know, which software to use to connect to each service - a client software, which works according to a protocol of remote service. Clients for some services integrated into an operating system, clients for other services need to be downloaded and installed. For example, when you open a remote Windows computer to access its files, then Windows Explorer implicitly runs a client, which works on CIFS protocol (Common Internet File System). This client connects to a CIFS service that runs on port 445 of the remote computer to get a list of files from it. Similarly, if you need to connect to a Web interface of the remote computer, you can use Web-browser as a client, to connect to port 80 or 443 of the remote computer, using HTTP or HTTPS protocol. Also, to connect to a remote desktop on macOS, then this service is usually running on port 5900 and it works on VNC protocol. To connect to it, it's required to use an external client application, like RealVNC or UltraVNC. However, if you need to connect to a standard remote desktop service, running on a Windows computer, then it's highly likely that it works on RDP protocol on port 3389.
Finally, using all this info, we can completely confirm, what is required to connect to a remote computer:
- You have to know an IP address of the remote computer.
- You have to use proper client software to connect to the required remote network service.
- You have to know the port number of the remote service to connect to. However, if the service works on a standard port for that service, then the client usually selects and connects to this port automatically, using only the IP address. But it does not mean that port is not used.
So, when we know what to do, it's time to understand how to do this, how to set up access to a remote computer depending on its location.
Connection in local network
In the following part of the post we will assume a remote computer, which provides a remote access to its GUI desktop and has a Web interface. Technically speaking, we assume that it runs a VNC server on port 5900 and a Web server on port 8080.
As a first sample, we will use a configuration with a local network in which both remote and local computers are on the same network and connected to each other via an Ethernet switch or Wi-Fi router. They both have IP addresses on the same subnet. The remote computer has an address 192.168.1.2, the local computer has an address 192.168.1.3.
To set up this connection need to do almost nothing because the computers "see" each other without any setup. The only thing that needs to do is to have or install appropriate client software to connect to the network services of the remote computer. In this case, to connect to the remote desktop service, need to install and use VNC-client, like RealVNC or UltraVNC. When connecting, need to set 192.168.1.2:5900 as an address to connect to (perhaps it's no need to specify port 5900, because it's a default VNC port). Connection to a Web interface of the remote computer is even simpler. You just have to type http://192.168.1.2:8080 in the URL string of a web browser to open that web interface. Please note that we assume that the webserver runs on non-standard port 8080. If it was standard port 80, then you may not specify it in the URL string, the same as you usually do not specify the port when opening websites on the Internet. However, it does not mean that the port does not use in those cases.
Connection via Internet
It's time to complicate the configuration and assume that our two computers are located in different offices. Both offices are connected to the Internet, but computers do not have direct access to each other.
Computers and networks do not usually connect directly to the Internet. They usually connect via routers, as shown in the previous diagram. Like any device connected to the Internet, they have IP addresses, but they are most likely dynamic and not public. It is not possible to connect to these routers from the Internet. Accordingly, below we will consider various methods of setting up a connection to a remote computer 192.168.1.2 via the Internet.
Option 1: Buy a public IP address and set up port forwarding
This is the first thing that can come to mind: rent a public IP-address from the provider, such as for example 33.44.55.66 . At this address, the router will be visible from the Internet and it will be possible to connect to it.
However, this way you only get access to the router itself and to the services (ports) that are open on it, and not to the computers that are on its network. To get access to computers, or rather to their ports through the router, you need to configure "port forwarding" . For example, set up a rule that when accessing port 8080 on the router, these requests will be redirected to port 8080 of 192.168.1.2.
There is no single method to do this that could be described. Each router has its own specific control panel, which has an interface for port forwarding. Using this interface, you can configure rules for each port. In our case, we need to configure rules for ports 8080 and 5900 of the computer with the address 192.168.1.2. The port numbers on the router do not need to match the port numbers on the destination computer. For example, you can configure forwarding from the router port 8081 to the computer port 8080, or the router port 5901 to the computer port 5900. However, it is more convenient to specify the same ports, if possible, if they are free on the router.
As a result, with this setup, in order to connect from the local computer to the desktop of the remote computer, you need to use the address 33.44.55.66:5900 in the VNC client. Then, to connect to the Web interface, you need to type in the Web-browser http://33.44.55.66:8080. Thus, requests will be redirected from the Internet through the external IP address of the router to the corresponding ports on the remote computer. This may sound simple, but this solution has one major problem. Not only you can connect to the address 33.44.55.66, but also anyone else in the world, and therefore you need to seriously think about protecting all open ports. This method has other disadvantages as well:
- Not all providers are able to provide a public IP address
- You need to pay for this periodically.
- Not all routers have an intuitive interface for configuring port forwarding.
- The remote office should have a specialist who knows how to configure port forwarding and make sure that the settings are not lost and the forwarding works after the router is rebooted.
Option 2. Tunneling through an external server
If it is not possible to obtain a public IP address and set the router as a server on the Internet, then you can use another server on the Internet and exchange data with a remote computer through it. To do this, you need to have a server on the Internet with a public IP address that both computers see and configure port forwarding from this server to the remote computer. However, this is not the same port forwarding as described in the previous section. This is called "tunneling" and is configured differently. To do this, software such as SSH or Stunnel must be installed on the remote computer and on this external server to create tunnels. Then, using the remote computer, you create one tunnel for each service you want to access. This operation creates a channel from the specified port on the remote computer to the specified port of the server on the Internet.
This configuration assumes that the server on the Internet has an address of 33.44.55.66, as in the previous example, and has server-side OpenSSH (SSHD) installed on it. Accordingly, the SSH client part is installed on the remote computer and it has access to the server (either with a password or with an SSL certificate). Then, the remote computer creates tunnels for ports 8080 and 5900 to the server. When creating a tunnel for port 8080, port 1021 is opened on the server, and when creating a tunnel for port 5900, port 1022 is created on the server (you can open any free ports on the server). To create such two tunnels, you need to run the following commands on the remote computer and ensure that they are automatically executed every time the computer boots (otherwise, after a reboot, the tunnels will stop working):
ssh -f -N -R 1021:localhost:8080 <login>@33.44.55.66
ssh -f -N -R 1022:localhost:5900 <login>@33.44.55.66
Having such tunnels, in order to connect to the desktop on the remote computer, you need to launch the VNC client on the local computer and specify 33.44.55.66:1022 in the connection settings, and in order to connect to the Web interface on the remote computer, you need to use the Web browser specify http://33.44.55.66:1021.
There are many resources to read more about configuring SSH for tunneling, here, for example.
Stunnel allows you to achieve approximately the same result, but is configured in a slightly different way, through configuration files. We will not list them here, you can find a lot of information about this on the Internet, find examples of configurations at https://www.stunnel.org/.
However, this method also has a number of disadvantages:
- After this configuration, the remote computer and its ports become available from the Internet not only to you, but also to anyone else. Therefore, you need to take care of securing your network services with passwords or other methods available for those services.
- You need to have a server on the Internet, with the ability to install tunneling software on it.
- You need to have specialists who will set up a server on the Internet with tunneling software and will keep it running.
- In a remote office, you need to have specialists who can create and run tunnels, as well as monitor their performance.
To get rid of these shortcomings, we created Total Controller, and further, it will be described how these problems are solved in this product.
Option 3: Using Total Controller
Total Controller also uses tunneling to organize access to remote services, but it works differently. Total Controller consists of two applications:
- Total Controller Manager - installed on the local computer.
- Total Controller Agent - installed on a remote computer.
It is very easy to download and run these components, you can do it here.
After you do this, you get something like this:
As you can see, Total Controller Manager is running on the local computer, and Total Controller Agent on the remote computer. Also, there are no Internet servers or public IP addresses because they are not needed. Total Controller will allow you to create tunnels directly from the local computer to the remote one. Using the Web interface of Total Controller Manager, you create a tunnel that connects the port on the remote computer to the port on the local computer (and not to the server's Internet port). Let's explain how this happens step by step.
- After starting Total Controller Agent on the remote computer, you open Total Controller Manager on the local computer. At the same time, a control panel opens, where you see a list of connected remote hosts and an Interface for creating tunnels on each of them:
- To create a tunnel, click the "Add Service" button and specify the connection parameters. In the following example, we connect port 8080 on the remote computer to port 1021 on the local computer:
- Next, you can connect port 5900 to port 1022:
The result is the setting shown in the following diagram:
The main difference of this method from all the previous ones is that no external addresses and servers are used. To connect to a remote service, you connect to a port open on the local computer. Accordingly, to connect to the desktop of a remote computer, you need to open a VNC client and specify that it connects to port 1022 of the same local computer, and to connect to the Web interface of a remote computer, you need to type http://localhost:1021 in your browser. This removes all the disadvantages of the past methods:
- You do not need to contact your provider for a public IP address and configure servers on the Internet, because all addresses and ports required for connection are open only on your local computer.
- There is no need to worry about security because there are no addresses or ports visible from the Internet. All ports are open only on your local computer, which only you have access to.
- You do not need to configure anything on the remote computer and have specialists in the remote office who can forward ports or create tunnels. You do all the configuration yourself from your local computer using the Total Controller Manager web interface, which then communicates with the Total Controller Agent on the remote computer to create tunnels without human intervention. Anyone can launch Total Controller Agent on a remote computer - you just need to double-click on the file and that's it.
In addition, as soon as you close the Total Controller Manager on your local computer, the tunnels are also closed, when you reopen it, they are automatically created again. This ensures that they only exist when they are needed and that there is no way to use them without your participation.
Conclusion
I hope this post has clarified the topic of connecting to a remote computer. Almost all the main methods were considered (except, perhaps, the organization of a VPN network, since for such a simple task as connecting to one computer it is unreasonably difficult to configure). When you connect to a remote computer, you connect to the network services that are running on it.
However, the last question remains: what if no network services are running on the remote computer? How to connect to it if there is no way to start any services? Total Controller has a solution for that case too. Total Controller Agent launched on a remote computer includes three network services that start automatically:
- Remote console (command line) , which by default runs on port 2222.
- VNC Remote Desktop which runs by default on port 5901.
- Remote file manager. This is a web application that runs on port 8081 by default and can be opened with a browser.
Thus, even if nothing is installed on the computer you want to manage, you can launch Total Controller Manager, configure tunnels to standard services with just one "Add Standard Services" button, and access most of the functions of the remote computer, namely: you can run commands on it, work on its desktop and exchange files with it.
If this post seemed interesting to you, share it on social networks using the buttons below so that your friends who are interested in the topic of remote control can also read it, and, possibly, learn something new.
Top comments (0)