How to access the pc through web address?

[michael]

Dear all,

I just want to understand this, what all things are required to achieve below setup?

Let say,I type mypclab6.com in web address from anywhere and it opens a windows where it asks for login name & password and once I enter it, it shows my desktop computer in web browser itself to access all my pc contents?

I am sure, I will require a static public IP then domain (mypclab6.com) name to get resolved to that IP address, but what next..

Please advice.

Thanks

 

[R-T-B]

You will need some sort of remote desktop solution. I've had good luck with RealVNC in a commercial setting but it can be a bit expensive.

You don't neccesarily need a static ip. You can use a dynamic one with a dynamic DNS provider such as No-IP.

Then you set up port forwarding on your firewall. In RealVNC's case the port would be port 5900 TCP/UDP. Firewall instructions differ.

 

[Kursah]

If you want a yourdomain.com address, then you need to pay for a domain at a domain registrar, and manage the DNS to point to your IP address(es). A static IP makes sense in this situation, but it isn't necessarily required.

You could point the domain DNS to a a DynamicDNS service (I use Duckdns.org) to direct domain traffic to your dynamic IP. You could also just use a service like DuckDNS.org to host a subdomain (yourdomain.duckdns.org) and use it's DNS services, all for free. If you use DynamicDNS services you don't have to purchase a static IP address, and if you have a compatible router that can make a job to send an update (I use DNS-O-Matic.com on my PFSense) or have a PC/server/system running a small program and online frequently enough you can use them to check in with the dynamic DNS service automatically to make sure your DNS record is always pointing at the correct IP address.

Once you get that sorted, now you have an address pointing to your IP, but you still have to allow a connection to your system. RDP would work for this, but I really wouldn't suggest you open port 3389 on your router and forward it to any of your systems...that's such a common entry point for brute force attacks.

Rather, setup an encrypted connection with certs, a VPN server hosted by a router or server on your network, I like using OpenVPN. You'd set it up as a road warrior VPN (device to router) to give your devices secure access to your LAN from almost anywhere you have Internet access. At least as long as the bandwidth is there and they're not extra restrictive on traffic filtering. This might sacrifice some performance as encryption requires processing overhead, though less impactful on newer-ish systems and well worth the effort.

Beyond that you could then use Windows RDP to remote onto the system on your network, its basic but quick and easy. I have this method (Dynamic DNS, OpenVPN, RDP) available through my PFSense router, and it works quite nicely.

Another option that doesn't care so much what public IP address you have is a remote service with unattended access capabilities (so you don't need someone sitting at the PC you're remoting on to let you on it). There's all sorts, Teamviewer, LogMeIn, ConnectWise, Anydesk, GoToMyPC, Splashtop, various versions of VNC as mentioned above, and many more. Each has a pro/con and usually costs money if you want more than basic access, some need more knowledge and understanding of networking and protocols, some cost money to even be able to use, etc.

 

[TheoneandonlyMrK]

You will need some sort of remote desktop solution. I've had good luck with RealVNC in a commercial setting but it can be a bit expensive.

You don't neccesarily need a static ip. You can use a dynamic one with a dynamic DNS provider such as No-IP.

Then you set up port forwarding on your firewall. In RealVNC's case the port would be port 5900 TCP/UDP. Firewall instructions differ.

I use Google's remote desktop ,it requires a sign in and a per pc pin number you set so it's secure ,free and easy to use, i have a lot of pcs linked to my phone via this.

 

[MatGrow]

There is tools such as TeamViewer.
But it requires access from PC side and need to be installed there.

 

[Mindweaver]

If you want a yourdomain.com address, then you need to pay for a domain at a domain registrar, and manage the DNS to point to your IP address(es). A static IP makes sense in this situation, but it isn't necessarily required.

You could point the domain DNS to a a DynamicDNS service (I use Duckdns.org) to direct domain traffic to your dynamic IP. You could also just use a service like DuckDNS.org to host a subdomain (yourdomain.duckdns.org) and use it's DNS services, all for free. If you use DynamicDNS services you don't have to purchase a static IP address, and if you have a compatible router that can make a job to send an update (I use DNS-O-Matic.com on my PFSense) or have a PC/server/system running a small program and online frequently enough you can use them to check in with the dynamic DNS service automatically to make sure your DNS record is always pointing at the correct IP address.

Once you get that sorted, now you have an address pointing to your IP, but you still have to allow a connection to your system. RDP would work for this, but I really wouldn't suggest you open port 3389 on your router and forward it to any of your systems...that's such a common entry point for brute force attacks.

Rather, setup an encrypted connection with certs, a VPN server hosted by a router or server on your network, I like using OpenVPN. You'd set it up as a road warrior VPN (device to router) to give your devices secure access to your LAN from almost anywhere you have Internet access. At least as long as the bandwidth is there and they're not extra restrictive on traffic filtering. This might sacrifice some performance as encryption requires processing overhead, though less impactful on newer-ish systems and well worth the effort.

Beyond that you could then use Windows RDP to remote onto the system on your network, its basic but quick and easy. I have this method (Dynamic DNS, OpenVPN, RDP) available through my PFSense router, and it works quite nicely.

Another option that doesn't care so much what public IP address you have is a remote service with unattended access capabilities (so you don't need someone sitting at the PC you're remoting on to let you on it). There's all sorts, Teamviewer, LogMeIn, ConnectWise, Anydesk, GoToMyPC, Splashtop, various versions of VNC as mentioned above, and many more. Each has a pro/con and usually costs money if you want more than basic access, some need more knowledge and understanding of networking and protocols, some cost money to even be able to use, etc.

You can stop brute force attacks by setting your account lockout threshold in group policy. Example: user types their password wrong 3 times and then it locks the user out or lock them out for a period of time. Also, if his router/firewall has it he could mask his 3389 port as another port. I like your options as well, buddy.

 

[neatfeatguy]

TeamViewer works just fine as long as you can install it on the computer you need to remote into. You can then set a password for TeamViewer on the computer you need to remote into. Then, from any other computer/device you have TeamViewer installed on, you simply need the ID code that was assigned to the remote computer and then the password. You can use this program free if you're not using it for commercial/business use.

Other remote programs I've used over the years:
Radmin
UltraVNC
LogMeIn

I don't recall if the ones I've listed require a licence purchase or have a free trial, it's been a long while since I used them. I just tend to stick with TeamViewer.

 

[michael]

Would like to know what are below features offred by this high end router specially by Synolgy RT2600ac router?



1. What is this feature on synology router

https://www.synology.com/en-global/srm/feature/vpn_plus

https://www.synology.com/en-global/products/RT2600ac

Does it simply allow to access our pc remotely over internet without installing any s/w?

Hi guys.. I know about team viewer but i do not want to use this, i want direct access to my pc through web address..