Want to setup machine on public static IP

[sammy]

Hi Guys,

Good day!

I want to setup my machine on public IP so that it can be accessed from any where in the world through Internet.

1. I asked about such static public IP to my Internet provider, he says that any IP address that starts with 74.*.*.* is static IP, thats means when I start my PC it dials in automatically to get IP and if it gets
74.*.*.* IP address that's means it static IP until I logout.

2.So can I setup my VMware server on that IP address just to check whether it works ? Will it work?

3. I want to build VMware server on Windows 7 machine and then install 4 to 5 virtual machines on that like Solaris, Linux. just like test lab.

Thanks.

 

[Kursah]

You should use a VPN service so your traffic is managed and encrypted to your home network.

What are you using as a gateway/firewall? That should be giving out IP addresses to your virtual machines and connected devices rather than you connecting a PC directly to your modem. You are really asking for it if you have no filtering beyond the standard Windows firewall. It is fine as a supplement, but you need a gateway firewall between your LAN and WAN.

You want to be very careful allowing outside traffic in, so an encrypted VPN tunnel makes sense here. I would look into IPSec or OpenVPN. OpenVPN will probably be the easiest option, I recommend doing it under Linux (Ubuntu or Debian) or pfSense though. You could actually host the OpenVPN server as a VM once you get your VM core up. You will have to learn how to handle virtual NICs and switches, but that's pretty easy stuff to manage and there's a ton of articles and YouTube videos out there you can watch.

I run a PC (see my system specs) with home-grade parts as my Server 2012 R2 GUI core Hyper-V host. I run anywhere between 6-8 VM's on it, including a pfSense OpenVPN server.

Even if your public IP isn't static, you can use a Dynamic DNS service like Afraid.org and then use DNS-O-Matic.com to link it to your IP address and update the A-record for your DDNS address...I do that and run a script on my EdgeRouter Lite to automatically update. You can also run an app on Windows/Linux/Mac OSes iirc.

 

[sammy]

"You should use a VPN service so your traffic is managed and encrypted to your home network."

What kind of VPN software I can use? Is it free?

"You want to be very careful allowing outside traffic in, so an encrypted VPN tunnel makes sense here. I would look into IPSec or OpenVPN. OpenVPN will probably be the easiest option, I recommend doing it under Linux (Ubuntu or Debian) or pfSense though."

I want my Host machine to be Windows 7 then how can setup encrypted VPN tunnel under
Linux (Ubuntu or Debian) ?

What is your Hosting machine /software? Is it 2012 R2 GUI core Hyper-V host? I am not familiar with this.

This is very interesting but need to try/learn about it ->"Even if your public IP isn't static, you can use a Dynamic DNS service like Afraid.org and then use DNS-O-Matic.com to link it to your IP address and update the A-record for your DDNS address...I do that and run a script on my EdgeRouter Lite to automatically update. You can also run an app on Windows/Linux/Mac OSes iirc."
Does this mean that we don't require to buy Static Public IP?

 

[Kursah]

Look up OpenVPN, it is free...this isn't a service you'd buy to connect out, but rather a service you would host and connect to from outside your network. Then you could have secure connections to your workstation from the Internet by providing keys and credentials to those you want to provide access.

There's a lot you need to learn before you go doing anything here, I would recommend looking into OpenVPN and reading up more on virtualization in general.

Windows Server 2012R2 is a Windows-based server OS, Hyper-V is the default virtualization client hosted on that OS...or native client I should say. Works well for my needs. VMWare is also great, Virtualbox is another option, Xen is another good option, and some users also go for KVM for virtualization. There's no easy answer to any of your questions if you don't have the technical know-how already on how to spool up a VM, manage your gateway/router/firewall, etc.

You don't need to buy a static IP if you use a DDNS service, some are free like Afraid.org, some cost money like DynDNS.

For more VPN info, I just recently created a post with links that I'll link you to: http://www.techpowerup.com/forums/threads/vpn-noobie.220462/#post-3424454

Hope that helps!

 

[sammy]

*Kursah, You mean to say I can go back home do some setting with afraid.org and keep the PC ON and come back to office and access my home PC, is that possible ? or simple ?

 

[Kursah]

Yes, you keep your home PC on, setup your router/firewall to either act as the VPN server or your PC or virtual machine on PC to act as the VPN server, and then depending on what version you create, be it PPTP, L2TP, IPSec, OpenVPN, etc. etc. you will use the appropriate credentials and/or keys and/or software to connect from a remote location (Office).

 

[sammy]

Yes, you keep your home PC on, setup your router/firewall to either act as the VPN server or your PC or virtual machine on PC to act as the VPN server, and then depending on what version you create, be it PPTP, L2TP, IPSec, OpenVPN, etc. etc. you will use the appropriate credentials and/or keys and/or software to connect from a remote location (Office).

Let me try!

 

[qubit]

You are really asking for it if you have no filtering beyond the standard Windows firewall.

Yeah you're not kidding! That machine would likely be rooted inside half an hour.

Ultimately, any internet-facing server is under constant threat, so there's no set it and forget it solution. Constant monitoring for suspicious behaviour and system logs is required. This security issue is exactly why I don't make my data available over the internet, as convenient as that would be, not even in read only mode.

 

[Kursah]

I have no problem doing encrypted VPN tunnel access like IPSec or OpenVPN that requires keys or tokens along with credentials...but some form of packet inspection and monitoring should be enabled and regularly checked if said tunnel is going to be active 24/7.

The safest route as qubit said is to not do it at all. But where's the fun in that? Especially in a home lab. at least in my case its for a home lab.

 

[sammy]

Well, I saw lot of videos on dynamic dns and how to do that, but I would like to have environment like everything opens through web browser just like console and not with RDP.

 

[jaggerwild]

Sammy, see you are getting stuff done and almost solved your need!

 

[OneMoar]

you don't need a vpn todo this,and connecting direct over ip via a web-browser is asking to get hacked
use a DNDNS server or just use team-viewer

 

[remixedcat]

I suggest something like Meraki Systems manager for remote desktop access. It uses the VNC method and it's free. It also randomly generates a password each connection attempt, so it's super secure.Also no need for VPNs or having holes open. The agent by default will run on startup, so no user interaction is needed once executed.

Sample screenshot from one of my systems:

1)Note it keeps inventory of all systems that have the agent
2)It keeps location data in case your system gets stolen or violates a geofence you define
3)It keeps performance data like CPU/RAM/HDD/ETC
4)It keeps a connection log
5)It allows for management of installed applications
6)Also has quick power controls and other commands
7)Has a full remote desktop connection tab with a built in viewer in browser or has both links and credentials for other VNC apps. I recommend Tight VNC viewer.