Remote Screen Sharing (VNC) from outside of my LAN

Question

Remote Screen Sharing (VNC) from outside of my LAN

I often have to connect to my parents' Macs to help them out with various things. I commute between two cities and stay with them when I'm there.

(I set up a dynamic hostname with DynDNS to point to our router, which defaults to port 443, which on the home network is reserved for the QNAP NAS that's set up. I set the router up to be reachable at port 455 but I'm not sure if it is successfully sending IP address updates to DynDNS. I don't see a way to check if it is. DynDNS seems to require a paid account for that functionality and my routers log is also not very helpful. In short, I'm having trouble getting the whole dynamic DNS thing to work reliably with our router, which is otherwise a great little box: a Fritz!Box Fon WLAN 7390).

I use Jolly's Fast VNC ( http://goo.gl/UmllQ) to connect to a personal server and that works wonderfully, but then there the details are taken care of for me by my provider and I just have to type in the details.

What I'd really love is something like Edovia's Screens ( http://www.edovia.com/)... except for the Mac rather than the iPhone/iPad (though I do own an iPhone copy of it and it's wonderful).

We do share a MobileMe subscription in the family, but that's not very helpful here either.

So far, we've used iChat, Skype screen sharing and I often end up using TeamViewer because of its speed and near non-existant setup.

My goal is to find a way to connect to my parents' Macbooks even when they are not around so I can help them out with problems while they may not even be around. The key here is that I want to be able to control their screens without needing any action on their part.

Suggestions for the simplest possible way to do this are very welcome.

Macbook Pro, Mac OS X (10.6.7)

Posted on Mar 30, 2011 4:03 PM

Reply

Answer 1

ajduguid

Level 3

650 points

Mar 30, 2011 4:31 PM in response to colliderofhadrons

I like [RealVNC|http://www.realvnc.com> because you can get a client and server application for all the major OSes so it doesn't matter who is using what. It isn't as optimal as Screen Sharing but you can have an encrypted connection which saves messing about with ssh tunnels if you're a little paranoid. I use it to connect to my own machines and others that I look after. The encrypted refers to the enterprise version but it's pretty cheap.

Reply

Answer 2

Asatoran

Level 4

2,532 points

Mar 30, 2011 4:40 PM in response to colliderofhadrons

Perhaps consider [LogMeIn|https://secure.logmein.com>. You control the remote Windows PC or Mac with a web browser. Unlike VNC/Screen Sharing, there's no need to do any port forwarding, and no issues with dynamic IP addresses. I use this with my mother's Mac Mini.

It's free for up to 10 computers, so give it a try. There is also an iPhone/iPad app to do the remote control, although the app is not free.

Reply

Answer 3

Mar 30, 2011 4:58 PM in response to colliderofhadrons

I actually did set up LogMeIn on my mom's Mac and was quite impressed by it. It worked reliably and had a great set of features. It set up a LogMeIn Pro trial automatically when I was trying it out, so I thought that I would lose the screen sharing access once the trial expired. Guess I got something wrong... it's free for up to 10 computers?

You're right that there is a free LogMeIn version, of course. I just checked here: https://secure.logmein.com/comparisonchart/comparisonFPP.aspx

I think that's as close as I'll get in answering this question. Thanks!

Reply

Answer 4

BobHarris

Level 9

56,933 points

Mar 30, 2011 5:04 PM in response to colliderofhadrons

If you leave TeamViewer running in the background, and configure it properly, you can connect without your parents being around.

As previously mentioned, you can use LogMeIn.com, again keeping the LogMeIn server running all the time on your Parent's system.

If you have MobileMe, why doesn't Back-to-My-Mac work? It should be just what you need. It is suppose to allow you to access a Mac back home without your needing to be there, plus it is a secure connection method.

You could setup Hamachi on your Parent's Mac and your own, then use Mac OS X Screen Sharing across the Hamachi VPN
<http://www.macupdate.com/app/mac/36286/logmein-hamachi>

The hard way is setting up port forwarding for port 5900 on your Parent's router, turning Screen Sharing on your Parent's Mac. Then using Finder -> Go -> Connect to server -> vnc://dyndns.name. If you do use this approach, you want to set the Screen Sharing -> Preferences -> encrypt all network traffic. Make sure you have a good password on your parent's Mac.

Reply

Answer 5

Mar 30, 2011 5:10 PM in response to BobHarris

I didn't know TeamViewer could be set up to be accessible without a second user having to be around to give me the session ID and password. I wonder if it's worth looking into that if LogMeIn Free with its server always running is a perfectly acceptable solution? Any advantages to using TeamViewer's solution?

We do have MobileMe. I was under the impression that the way Back to my Mac works is that it will show you YOUR remote Macs in the Finder's sidebar. You know, ones that you're also logged in with YOUR MobileMe credentials. We all use our own, unique MobileMe accounts. Am I missing something?

I could deal with the port forwarding and DynDNS but I'll have to set that up to remotely administer my router and NAS, which is turning out to be quite the pain. So if I can simplify, I will. LogMeIn or TeamViewer will do the trick just fine.

Thanks for the explanation, though!

Reply

Answer 6

Asatoran

Level 4

2,532 points

Mar 30, 2011 5:23 PM in response to colliderofhadrons

When the LogMeIn Pro trial ended, it should have dropped you down to a free account. (Primarily just limiting the Pro account to not allow file transfer or remote printing.)

As the others have mentioned, Teamviewer or MobileMe should fit your needs as well, although I don't normally use them.

Reply

Answer 7

Mar 30, 2011 6:11 PM in response to Asatoran

While we're here.. can someone clarify about Back to my Mac?

I thought that for Back to my Mac to work you need:

- at least two Macs
- both of which are connected to the SAME MobileMe account in system settings
- and have Back to my Mac turned on, of course

This helps when both Macs are yours... but it doesn't do a whole lot when you want remote access to someone ELSE's Mac on which you are not logged in with YOUR MobileMe credentials.

Reply

Answer 8

BobHarris

Level 9

56,933 points

Mar 30, 2011 6:43 PM in response to colliderofhadrons

I didn't know TeamViewer could be set up to be accessible without a second user having to be around to give me the session ID and password. I wonder if it's worth looking into that if LogMeIn Free with its server always running is a perfectly acceptable solution? Any advantages to using TeamViewer's solution?

The free LogMeIn account does NOT allow file transfer. The free for personal use TeamViewer does.

LogMeIn server hides in the background, so it is less likely your parents will Quit LogMeIn.com, were as TeamViewer looks like just another app, so they might Quit from it to get it out of the way.

Of course if you need to transfer a file (or 2), you could use DropBox.com for that, and it is a very easy way to transfer files between systems. Or you could store the file on your MobileMe account in a public place, then via LogMeIn copy the file from your public space into your Parent's Mac(s). Or your could use LogMeIn to start TeamViewer, and then use TeamViewer to transfer the file.

Basically once you can start applications on your Parent's Mac(s), you can use any number of utilities for transferring data.

We do have MobileMe. I was under the impression that the way Back to my Mac works is that it will show you YOUR remote Macs in the Finder's sidebar. You know, ones that you're also logged in with YOUR MobileMe credentials. We all use our own, unique MobileMe accounts. Am I missing something?

Yes, all the Macs would need to use the same MobileMe account. Do you all really need separate accounts? Maybe a Family account.

I could deal with the port forwarding and DynDNS but I'll have to set that up to remotely administer my router and NAS, which is turning out to be quite the pain. So if I can simplify, I will. LogMeIn or TeamViewer will do the trick just fine.

Port forwarding is a once and done thing for your parent's router. It allows you to get to their Macs from outside their home. It should have nothing to do with remote admin, or your router and NAS. Also once you can Screen Share your parent's Mac, you can then use that Mac to talk from the inside to their router. Although one must be very careful about making router config changes as one "Oops" and you could loose your remote access, and have to visit Mom and Dad to get physical access 🙂

By the way, I've been using VNC/Screen Sharing and AFP file sharing over ssh tunnels in conjunction with port forwarding on the destination router for years. I do this, even though it is more work, because it was available long before most of the above services were available, and because it has a lot more flexibility once you know how to use it. Oh yea, I'm also a Unix software developer and spend a lot of time using ssh anyway 🙂

Reply

Answer 9

Richie66

Level 1

0 points

Sep 15, 2011 6:21 AM in response to colliderofhadrons

On my Router I have forwarded the 5902 port to the mac of my choice port 5900.

You can adjust this to be any number as long as you do not take another applications port.

So you could create a forward for each machine you wished to connect to and select different port so as not to have conflict.

You then may use any platform you have a VNC viewer for to connect to the machines after creating a secure SSH tunnel.

This example uses SSH but you could use Putty on a PC OS if you dont have cygwin installed or any other platform that has SSH installed.

1) In Terminal: "ssh -N -f -L 5902:localhost:5900 user@remotehost"

2) In Finder: Choose the "Go > Connect to Server..." menu item (Cmd-K), then enter: "vnc://remotehost:5999"

Found and Stolen from the web:) use this handy shell script to secure vnc through a tunnel:

#!/bin/sh

## script to make ssh tunnel connect to vnc host specified in

## first argument

##

## Jan 02, 2004 - W Penn - creation

## May 15 2005 - W Penn - command arguments added converted for vnc

## Jun 10 2005 - some dude named ward - process management added

##

LOCAL_PORT=5902;

TARGET_HOST=127.0.0.1;

TARGET_PORT=5900;

TUNNEL_HOST="$1";

echo "opening tunnel";

ssh -L $LOCAL_PORT:$TARGET_HOST:$TARGET_PORT -f -N $TUNNEL_HOST;

echo "Local port $LOCAL_PORT used";

echo "opening vnc client";

open -a /Applications/JollyFastVNC.app/;

clear;

TUN=`lsof -i:$LOCAL_PORT -Fp | head -1| sed s/p//`;

echo IMPORTANT: Leave this Terminal window open during your VNC session.;

echo When you finish your VNC session, press the ENTER key in this window.;

echo This will manually close down your SSH tunnel to the remote computer.;

read answer;

clear;

kill $TUN;

echo SSH tunnel closed. You now can close this Terminal window.;

save with your favorite text editor (I call mine svnc) and chmod u+x to make it executable then, if the file is in your path, you can fire up your secure tunnel by typing:

Reply