User profile for user: Gerben Wierda
Gerben Wierda Author
User level: Level 2
303 points

What is needed in terms of network protocols to have a good ARD experience?

I am running the latest ARD and the latest ARD agents on a couple of Macs.


Some of these are laptops that may be off site. I've set it up that they connect to the home LAN using L2TP. On the home LAN, they get a IP address in the range of the home LAN.


When I do that, I can control these computers (which is the most important) but I cannot send commands and ARD also doesn't see them properly. In other words VNC works, but that is all. ARD doesn't display the ARD Agent version for instance and it does not detect the name of the computer.


I think I know that multicast doesn't travel across the VPN (and thus Bonjour doesn't), so that may be it. But I also found out that I had to open up the firewall's 5900 port in two directions to make VNC work. So, I wonder if there is a description somewhere (not Apple's simple list of protocols) what is needed exactly to make ARD fully functional.


Aside: I have control over my DNS and each computer that connects via VPN has a fixed IP address (no pool), so theoretically, I could add things to my DNS to make it work.

iMac, macOS High Sierra (10.13.6), Core i7, 27"

Posted on Sep 19, 2018 1:25 PM

Reply

Similar questions

1 reply
User profile for user: MrHoffman
MrHoffman
Community+ 2025
User level: Level 10
144,749 points

Sep 19, 2018 2:36 PM in response to Gerben Wierda

This question is largely unrelated to ARD. This question is a more generic remote access question, and how that all ties into LAN-local traffic such as Bonjour. Which means you use a VPN and preferably into a VPN server embedded in the firewall and not a VPN server running in some internal host. (Or you run wide-open and with random folks poking at your systems, of course. That would be bad.)


Having the VPN server in the firewall avoids the basic conflict between NAT—which wants to mask the internal addresses—and a VPN—which wants to identify the target addressees. That also means the VPN server is usually available when you need it, such as when some internal host system is down.


You’ll want to use disparate subnets on your internal network, which means avoiding 192.168.0.0/24 and 192.168.1.0/24.


Internal systems at dynamic addresses will require you to know the target IP address, either directly or by having the target host use dynamic DNS.


Internal systems at static addresses can be accessed by DNS name, so long as the system running the VPN client is using the internal DNS of the target network and does not reference any DNS servers off the target LAN. If it’s a few computers on a small private network, program the DHCP server to issue static addresses, or manually configure the target systems to use static addresses.


And no, Ethernet multicast traffic such as Bonjour doesn’t typically get transmitted over a VPN, it’s LAN local. There have been some hacks, however.


Here, I’d go with static addresses for VPN-inbound traffic, though. Or configure and use ssh and push commands that way, of course.

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

What is needed in terms of network protocols to have a good ARD experience?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up