7 Replies Latest reply: Apr 10, 2010 9:11 AM by Glyph
Glyph Level 1 Level 1 (60 points)
Hi Guys,

I'm hoping someone can help out, I'm quite desperate here.

I am about to head overseas for three weeks, and need to leave my Mac running, so that I can log into it remotely using a PC. My Mac, is a MacBook Pro, and the PC I will be using is an Asus EEE PC. I will need to do simple things like grab files, open PDFs and run a few applications from time to time on the Mac.

I have a billion 7404VGP router that my Mac will be plugged into, using an ADSL connection. I have a dynamic IP address so I have setup a DynDNS account.

I have read countless tutorials, and posted to a few different sites, but I can not get any consistency in responses or guidance on how to set this up properly. It's killing me.

Am I correct in understanding that VNC is the best method to do this? I'm being told that I also need to open all sorts of ports on the router. Some say I need to 'SSH', others say I need to 'VPN'. I'm quite technically literate but I'm lost in all the protocols and variations people are saying I need to use.

So far, I have setup the following:

*On the Mac:*
- Enabled 'Screen Sharing' in OS X System Preferences > Screen Sharing
- Specified a password for 'VNC viewers may control the screen' within Screen Sharing settings
- Setup a DynDNS account, and created a custom name (ie myname.dyndns.org)

*On the Billion Router*
- Setup the DynDNS configuration so that when the IP address changes it tells the server
- Under Virtual Server, I have added a port forwarding entry as follows:
Schedule: Always On
Application: DynDNS
Protocol: TCP
External Port: 80 to 80
Redirect Port 80 to 80
Internal IP Address: This is where I think I need guidance. I have to select the IP associated with my MAC address, so the IP is 192.168.1.4.

This is as far as I have gotten. I have installed a VNC viewer on the PC, and tried to login using the IP address that shows up in my DynDNS account, but nothing is working.

What am I doing wrong? Can somebody kindly explain (or direct me to), a straight english step by step process of how I can get this going? Any guidance is appreciate it.

Thanks so much.

MacBook Pro 3.06Ghz, 4Gb, 500Gb 7200RPM HD, iPhone 3GS 16GB, Mac OS X (10.6.3)
  • Glyph Level 1 Level 1 (60 points)
    Funny you mentioned it. After making my post I stumbled across a reference to LogMeIn, so I just setup an account and tested it. It's quite amazing. Took all of 5mins and worked perfectly.

    However, what is the speed difference and security difference compared to using the traditional method of VNC? Why would a person use VNC compared to LogMeIn? LogMeIn is browser based, so I assume it will be more limited and sluggish compared to using a VNC client?
  • BobHarris Level 6 Level 6 (15,380 points)
    I am about to head overseas for three weeks, and need to leave my Mac running, so that I can log into it remotely using a PC. My Mac, is a MacBook Pro, and the PC I will be using is an Asus EEE PC. I will need to do simple things like grab files, open PDFs and run a few applications from time to time on the Mac.

    The grabbing of files is going to complicate things a little bit, as now you want 2 things, not just one.
    I have a billion 7404VGP router that my Mac will be plugged into, using an ADSL connection. I have a dynamic IP address so I have setup a DynDNS account.

    I have read countless tutorials, and posted to a few different sites, but I can not get any consistency in responses or guidance on how to set this up properly. It's killing me.

    Am I correct in understanding that VNC is the best method to do this? I'm being told that I also need to open all sorts of ports on the router. Some say I need to 'SSH', others say I need to 'VPN'. I'm quite technically literate but I'm lost in all the protocols and variations people are saying I need to use.

    VNC is a way to control the Mac remotely. But grabbing files will require something else, which is most likely why you got some suggestions for ssh, and/or VPN.

    I'm going to suggest TeamViewer Screen Sharing and File Transfer utility (free for personal use).
    <http://teamviewer.com/index.aspx>

    The advantage of TeamView is that you can both control the screen and you can grab files all in one package.

    Just make sure you fully test your setup before leaving.

    However, if you want to pursue VNC, I'll add comments below.
    So far, I have setup the following:

    *On the Mac:*
    - Enabled 'Screen Sharing' in OS X System Preferences > Screen Sharing
    - Specified a password for 'VNC viewers may control the screen' within Screen Sharing settings

    This should be a strong password.
    - Setup a DynDNS account, and created a custom name (ie myname.dyndns.org)

    So far so good
    *On the Billion Router*
    - Setup the DynDNS configuration so that when the IP address changes it tells the server
    - Under Virtual Server, I have added a port forwarding entry as follows:
    Schedule: Always On
    Application: DynDNS
    Protocol: TCP
    External Port: 80 to 80
    Redirect Port 80 to 80
    Internal IP Address: This is where I think I need guidance. I have to select the IP associated with my MAC address, so the IP is 192.168.1.4.

    The port numbers are wrong. Port 80 is for a web server. VNC uses port 5900.

    Did you have to manually enter that IP address when you setup the port forwarding? Or does the router have some way of locking into your Mac?

    I ask, because of your Mac's IP address is assigned via DHCP, then it is possible the router could change the address it gives to the Mac on a power failure restart, but the port forwarding might be locked into 192.168.1.4.

    So if the router needs to have a stable IP address for port forwarding, then you might want to configure the Mac with a fixed IP address (preferably one outside of the routers DHCP assignment range), then use that fixed IP address with port forwarding (always test any configuration change such as this).

    Oh yea, you are configuring your Mac to automatically reboot when power is restored (System Preferences -> Energy Saver -> Options -> Restart automatically after power failure
    This is as far as I have gotten. I have installed a VNC viewer on the PC, and tried to login using the IP address that shows up in my DynDNS account, but nothing is working.

    As mentioned, you need to forward port 5900 for VNC.
    What am I doing wrong? Can somebody kindly explain (or direct me to), a straight english step by step process of how I can get this going? Any guidance is appreciate it.

    Port forwarding port 5900 should do the trick.

    However, at this point you only have screen sharing. You can do stuff to your Mac, but you can not transfer files via this connection.

    This is where suggestions for ssh come in (or you could go back to my TeamViewer idea ).

    Ssh can offer remote terminal login (PuTTY is a very good Windows Terminal emulator). Ssh can also offer scp (ssh cp) and sftp (ssh ftp) services, both of which can be used to transfer files to and from the Mac securely over the internet.

    The easiest PC/Mac file transfer while traveling, would be to find a good Windows sftp GUI application. There are a bunch of them for the Mac so there must be 4 or 5 times as many Windows GUI sftp clients. A Google "windows sftp gui client" search should come up with a few.

    OK, getting ssh working.

    Enable System Preferences -> Sharing -> Remote Login.

    Now on your router, Port Foward port 22, the ssh port.

    Now you should be able to fire up a Windows sftp GUI client, and access your Mac via your DynDNS.org name. The username and password will be your Mac's account short name and password. If you do not know your short name, you can find this via System Preferences -> Accounts

    Summary:
    o Forward port 5900 for VNC
    o Forward port 22 for ssh
    o Enable Remote Login on the Mac
    o You have already enabled Screen Sharing, and specified a VNC password (goodness).
    o Configure the Mac so it will reboot in case of a power failure.
    o Make sure the router will still be able to port foward 5900 and 22 after a power failure, either because it locks into the Mac, or because you have given the Mac a fixed IP address.

    Now test the heck out of this, from a coffee shop or a friends house.

    Even if you configure VNC and ssh, I would suggest also trying TeamView so you have a "Plan B".
  • BobHarris Level 6 Level 6 (15,380 points)
    However, what is the speed difference and security difference compared to using the traditional method of VNC?

    The speed of your internet connection will affect your performance more than LogMeIn or VNC.

    As for security. LogMeIn.com is fully encrypted. VNC is not encrypted. VNC can be tunnelled over a ssh connection, but that is yet another layer of complexity (note: I frequently use ssh tunnelled VNC connections, but I went through the setup pain log ago when there were not many alternatives).
    Why would a person use VNC compared to LogMeIn? LogMeIn is browser based,

    Free LogMeIn.com does not do file transfer (or at least the last time I check, it was a for pay option). You did say you wanted to transfer files.

    When I used LogMeIn.com between 2 Macs, the browser implementation run on the Mac was sluggish, however, you can get the job done.

    LogMeIn.com does NOT need you to open any ports in your router. And it does not need a Dynamic DNS name.
    so I assume it will be more limited and sluggish compared to using a VNC client?

    Since you will be using a PC, LogMeIn.com use a DirectX viewer from within IE, so the performance is better when used from a PC. But again, you mileage may vary, especially depending on the speed of your internet connection (both at home and where you are connecting while on the road).

    TeamView.com will allow you to also transfer files (free for personal use).

    If you are willing to pay for a service, then you can also consider GoToMyPC.com. They have a long history of providing remote access, so their remote screen sharing performance may be even better than other options.

    I would suggest that if performance is important, you try as many as you can from a coffee shop before leaving. I also suggest you have a "Plan B" and maybe even a "Plan C". When you can not be there, you want to make sure you can get to your Mac. After all it is bad enough you are leaving it behind, but the to loose access would be tragic

    See my other reply about getting VNC working, as well as sftp up and running.
  • Glyph Level 1 Level 1 (60 points)
    Bob thankyou for your helpful and educational responses. This is invaluable.


    The grabbing of files is going to complicate things a little bit, as now you want 2 things, not just one.


    I think I can forsake the need to transfer files, because I guess I can just email them to myself from the Mac? That keeps things simple and solves that issue.

    I'm going to suggest TeamViewer Screen Sharing and File Transfer utility (free for personal use).
    <http://teamviewer.com/index.aspx>


    I'll look into this. It sounds like LogMeIn with the addition of allowing me grab files.


    Did you have to manually enter that IP address when you setup the port forwarding? Or does the router have some way of locking into your Mac?


    No it has a link that says 'candidates'. When I click on it, it pops a window that shows the MAC addresses of connected computers. I can only choose one these, I can't manually enter a different IP address.


    I ask, because of your Mac's IP address is assigned via DHCP, then it is possible the router could change the address it gives to the Mac on a power failure restart, but the port forwarding might be locked into 192.168.1.4.


    Yes I had the same concern. I've noticed over the last few days trying to set this up that the IP would keep changing like you said, depending on which computers I had on the network.

    So if the router needs to have a stable IP address for port forwarding, then you might want to configure the Mac with a fixed IP address (preferably one outside of the routers DHCP assignment range), then use that fixed IP address with port forwarding (always test any configuration change such as this).


    Can you guide me on how I would give my Mac a fixed IP address?

    Oh yea, you are configuring your Mac to automatically reboot when power is restored (System Preferences -> Energy Saver -> Options -> Restart automatically after power failure


    Yes I have that setup too.

    As mentioned, you need to forward port 5900 for VNC.
    Port forwarding port 5900 should do the trick.


    Ok I'll try that.

    Ssh can offer remote terminal login (PuTTY is a very good Windows Terminal emulator). Ssh can also offer scp (ssh cp) and sftp (ssh ftp) services, both of which can be used to transfer files to and from the Mac securely over the internet.


    I see, so this is the option I would choose if I wanted the ability to open a secure tunnel and transfer files, otherwise I could just stick with the vanilla VNC.

    Enable System Preferences -> Sharing -> Remote Login.
    Now on your router, Port Foward port 22, the ssh port.


    Would this be TCP/UDP?

    Now you should be able to fire up a Windows sftp GUI client, and access your Mac via your DynDNS.org name. The username and password will be your Mac's account short name and password. If you do not know your short name, you can find this via System Preferences -> Accounts

    Summary:
    o Forward port 5900 for VNC
    o Forward port 22 for ssh
    o Enable Remote Login on the Mac
    o You have already enabled Screen Sharing, and specified a VNC password (goodness).
    o Configure the Mac so it will reboot in case of a power failure.
    o Make sure the router will still be able to port foward 5900 and 22 after a power failure, either because it locks into the Mac, or because you have given the Mac a fixed IP address.


    Ok I'll go through these steps and test it all again.

    Even if you configure VNC and ssh, I would suggest also trying TeamView so you have a "Plan B".


    You are completely right. At this point the LogMeIn approach is my Plan B and that gives me some confidence to know I won't be left stranded. I'd still like to get the direct VNC + SSH working if I can. Mainly because of the security and file transfer ability and also since I have invested a lot of time searching and testing it, it would be good to know that I have solved it.
  • BobHarris Level 6 Level 6 (15,380 points)
    Did you have to manually enter that IP address when you setup the port forwarding? Or does the router have some way of locking into your Mac?


    No it has a link that says 'candidates'. When I click on it, it pops a window that shows the MAC addresses of connected computers. I can only choose one these, I can't manually enter a different IP address.

    That is good. That would mean your router is locking onto the ethernet or WiFi MAC (Media Access Control) address, which does not change. So you should not need a fixed IP address on your Mac.
    Can you guide me on how I would give my Mac a fixed IP address?

    Because your router lockes onto your Mac's MAC address, you should not need a fixed IP address.

    Also note, that the fixed IP address is only between your router and your Mac. That fixed IP address is not going to be visible outside your home. So you still need your Dynamic DNS name to find your router while you are away from home.

    If you really want to play with fixed IP addresses on your Mac, you would first look at your router and find the DHCP address range it uses. Then choose an IP address just outside that range as your fixed IP address (for example if the DHCP range is 192.168.1.2 thru .100, then you choose 192.168.1.101 (or up to around .250'ish). This part was just an information search, you do not need to change anything (at this time) on the router.

    Now you would go to System Preferences -> Network -> Advanced -> TCP/IP
    Configure IPv4: Using DHCP with manual address
    Enter the fixed IP address you choose.
    Apply your changes.

    Back on the router, you may (or may be not) need to adjust your port forwarding to take into account the new fixed IP address. However, I suspect that your router, having locked into the MAC address will already have detected your IP address change, and adjusted the port forwarding accordingly. But it is best to check.
    Ssh can offer remote terminal login (PuTTY is a very good Windows Terminal emulator). Ssh can also offer scp (ssh cp) and sftp (ssh ftp) services, both of which can be used to transfer files to and from the Mac securely over the internet.


    I see, so this is the option I would choose if I wanted the ability to open a secure tunnel and transfer files, otherwise I could just stick with the vanilla VNC.

    Yes. Since you have already mastered getting a Dynamic DNS name, and port forwarding, enabling ssh access is not that difficult. It is just a matter of enabling the sharing preference, port 22 forwarding, and getting a Windows sftp GUI client, which should be easy ot obtain.
    Enable System Preferences -> Sharing -> Remote Login.
    Now on your router, Port Foward port 22, the ssh port.


    Would this be TCP/UDP?

    Ssh is a TCP based protocol, but nothing will be hurt if you enable UDP as well. Whatever is easier.
    You are completely right. At this point the LogMeIn approach is my Plan B and that gives me some confidence to know I won't be left stranded. I'd still like to get the direct VNC + SSH working if I can. Mainly because of the security and file transfer ability and also since I have invested a lot of time searching and testing it, it would be good to know that I have solved it.

    As currently discussed. LogMeIn.com, TeamViewer.com, and the ssh based sftp file transfers would all be encrypted and secure. However, VNC is not an encrypted protocol.

    If VNC being unencrypted bothers you, I would use it as a "Plan B" and depend on LogMeIn.com or TeamViewer.com for screen sharing. TeamViewer.com and/or sftp for file transfer.

    If you really want to use VNC (maybe because you have gotten it working and find you like it better for the kind of work you will be doing remotely), then if you have the time to work out the wrinkles, you might try setting up ssh tunnels for VNC. Or leave this as a future exercise

    On your Windows system, you install PuTTY. Using PuTTY you make an ssh tunnels for VNC. If you do a Google search for "putty vnc tunnel", you will find examples of setting up a secure ssh tunnel that you can use with VNC so you have a secure encrypted VNC connection. Just make sure you adjust the example port numbers so they fit your situation.

    The basic idea is that ssh will make some local Windows port your end of an encrypted tunnel that ssh will deliver to a specified port on the destination system, and anything the destination port sends will be tunneled back to the specified local port.

    So if you have configured a VNC tunnel between your Windows and Mac systems, then on the Windows system when you want to connect to the VNC server, you make a connection to localhost:5902, where 5902 is the local port choosed to be the local end of the tunnel. While I said 5900 is the standard VNC port number, that is for the server, and if you happened to be running a VNC server on your Windows system, then choosing 5900 as the local port would conflict with your imaginary Windows VNC server. So the local port is choosen to be a port less likely to be used by something else. Also you could have several VNC tunnels setup to multiple system, so you would need unique local port numbers for each tunnel. I've been known to have tunnels going to my Mom's Mac, my Wife's Mac, and a Mac mini in the back bedroom, so I have different local port numbers associated with each tunnel.

    Hopefully, you will have sufficent backup plans, and you will have configured your home systems so they survive a power failure, so you will always have a way to connect to your home from the road.
  • Glyph Level 1 Level 1 (60 points)
    Bob, thanks again for this. You are an asset to these forums. I'm going to try the SSH approach over the next couple of days and see how I go. I leave for OS on Wednesday, and I'll be going with a sense of relief knowing that I have the remote access situation well covered. Perhaps I'll post back after I get back and share any feedback. I'll be remotely accessing my mac from literally across the globe - I'll be in Italy, my Mac will be in Australia.