Script to check tunnel status periodically on Windows

This post is delayed for more than 10 months because I forgot about it. Sorry about that.

To improve the availability of the reverse-tunnel, we would check up the status periodically via Scheduled Tasks. Now, we need to write a batch script and add it into Windows.

First, the script I wrote:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
@ECHO OFF

SET _SERVER={Server ip}
SET _PORT={Server port}

SET _SERVICE={Your service name installed in Windows}

:TUNNEL_CHECK
start /MIN /B netstat.exe -nav -p TCP | FIND /C "%_SERVER%:%_PORT%" | FIND "1" > nul 2>&1
IF ERRORLEVEL 1 CALL :TUNNEL_RESTART
EXIT /B

:TUNNEL_RESTART
start /MIN /B net stop %_SERVICE%
start /MIN /B net start %_SERVICE%

Actually, I’m a newbie of batch script in Windows and the script may be ugly. The script first defined some variables we will use later: the destination server’s ip and port, and the service name we installed in Windows.

The main function is TUNNEL_CHECK. We start a command without creating a new window (/B) or minimizing it (/MIN). For netstat.exe, we list all active connections numerically (-an) and filtered with TCP only (-p TCP). Then we count the lines (/C) matched to our server string by FIND. We will restart the service if there is error exist. Otherwise, exit the program.

Second, we shall add this script into Windows. Open the the configure window via: Start > All Programs > Accessories > System Tools > Scheduled Tasks. Then create a new task with the script. I’ll list the settings when editing the task.

In the Schedule tab of the task, we need two schedules. One is Run at system startup and another one is ran periodically: In my settings, the script is a Repeat task for every 1 hour and its duration is 23 hours. The tasks itself is Scheduled as Daily from 12:00 AM every 1 Day.

Generally speaking, this script will run at system start-up, and every hour of every day. To avoid any problem, I uncheck all boxes in the Settings tab. Another note is to set up the task ran as a valid user. This step will make it run at system start-up successfully. If the user is password-protected, we shall also set the password.

It’s all the details of my checking script. Enjoy it. 🙂

SSH Tunnel and Auto-login with Plink and Puttygen

The first part to finish my own Remote Desktop environment is to established a reverse tunnel connection. And by the way, to use auto-login without a plain-text password shown on command line.

First, to established a ssh tunnel, the command and corresponding arguments are:

plink -ssh -2 -R {dest pc ip}:{dest pc port}:{local pc ip}:{local pc port} -l {username} -i {ppk file} {remote pc tunnel ip}

This command indicate that we construct a Reverse tunnel with version 2 protocol from SSH. We will also bind a tunnel of the two specific ip:port pair. And we use auto-login method with the key-pair file (-i) which was generated from PuttyGen.

The references for common ssh and the specific server setting is at Reverse Tunneling. It is more important for the GatewayPort and the ClientAliveInterval settings. The detail will be shown in the later articles.

Second, to the automatic login strategy, the hint is to use PuttyGen, which also provided by the same vendor of Putty. The reference is Use PuTTYgen to generate a private/public key pair. And the short brief steps are listing:

1. Open PuttyGen, and generate your own DSA or RSA key-pair.

2. You can input the phrase for protecting the saved private key-pair file.

3. Copy the text in the public key section and paste it into your server, the ~/.ssh/authorized_keys file (one key per line).

4. Use plink/putty to check the auto-login function.

Now, the reverse tunnel connection established. The next step is to make it as a start-up service.

Remote desktop behind NAT on Windows

My network accessing rights in the rental hosting is behind NAT. What IPs we have are all private (192.168.x.x). Although we can use SSH to build a tunnel (even reverse tunnel) to bind the port for remote accessing and ignore the effects of NAT, there are many issues need to be solved.

The whole view of my chosen configuration is:

HOME (192.168.x.x) <– NAT <–> NETWORK <–> DEST_TUNNELED (LINUX)

And here I list the problems I encounter here. The solution may be written as another topic and linked externally.

First, for the Remote Desktop (RDP) in Windows XP SP3 (seems since SP2), it does not support the lookback (127.0.x.x) connections. The reason may be to avoid some user to connect from the same PC locally. In this situation, the connection will be disconnected and the only way to recover is rebooting forcedly.

But we still need the loopback function. Because if we using SSH tunnel for connections, the binding port is localhost (127.0.0.1) in local. But the default policies of Windows is to denied this kind of connections.

So I turn to use UltraVNC, a well-known remote control application on Windows. Another reason for chosen VNC is that almost 90% of my work (and home)  PC environments are Linux-based. Despite of VNC and RDP, I don’t wanna to install another clients in which not provided by the distribution.

P.S. Although UltraVNC provided some plug-ins such as NAT-to-NAT, single-click and so on, they are not feasible for my environments. One reason is that my destination computer are all Linux (and Windows PC are still behind another firewall too). So the solution based on listen mode, the NAT-to-NAT plug-in are all revoked by myself.

Second, to simplify the software installation in Windows, the SSH application I used is plink. Plink is a command-line interface for Putty’s back-end where Putty is also another well-known SSH clients in Windows. Because it can be used within command line, it is the best choice – to be a Windows services on system start-up and auto-connection.

The main reason I chosen plink for connection are: 1) It is small but compact; 2) It is installed-free (green); And 3) it is well-known and still in maintenance.

Details of SSH Tunnel and Auto-login with Plink and Puttygen.

Third, to insert a new services for Windows, I use the Windows Resources Kit which provided by Microsoft. Because it is also produced from the same vendor, the compatibilities and stabilities may be the highest one, I think.

Details of How to Make a Custom Service for Windows.

Fourth, to check the connection established periodically, I wrote a simple batch script to achieve. The script will check for the connection from local. Restart the tunnel service when disconnected. And with the Windows’ scheduler abilities, it will check periodically.

Details of Script to check tunnel status periodically on Windows.

Fifth, to maintain the connection, we change the server setting for SSH. The parameter will ask the clients whether it is still alive. This will prevent the connection be disconnected by the network devices between the edges.

Details of how to avoid SSH connection closed. (TBD)

Finally, my own remote desktop environments built successfully. And it works fine. Although the uploading from my home is still slow, I can control its status remotely.

ClientAliveInterval