Remote desktop behind NAT on Windows

My network accessing rights in the rental hosting is behind NAT. What IPs we have are all private (192.168.x.x). Although we can use SSH to build a tunnel (even reverse tunnel) to bind the port for remote accessing and ignore the effects of NAT, there are many issues need to be solved.

The whole view of my chosen configuration is:

HOME (192.168.x.x) <– NAT <–> NETWORK <–> DEST_TUNNELED (LINUX)

And here I list the problems I encounter here. The solution may be written as another topic and linked externally.

First, for the Remote Desktop (RDP) in Windows XP SP3 (seems since SP2), it does not support the lookback (127.0.x.x) connections. The reason may be to avoid some user to connect from the same PC locally. In this situation, the connection will be disconnected and the only way to recover is rebooting forcedly.

But we still need the loopback function. Because if we using SSH tunnel for connections, the binding port is localhost (127.0.0.1) in local. But the default policies of Windows is to denied this kind of connections.

So I turn to use UltraVNC, a well-known remote control application on Windows. Another reason for chosen VNC is that almost 90% of my work (and home)  PC environments are Linux-based. Despite of VNC and RDP, I don’t wanna to install another clients in which not provided by the distribution.

P.S. Although UltraVNC provided some plug-ins such as NAT-to-NAT, single-click and so on, they are not feasible for my environments. One reason is that my destination computer are all Linux (and Windows PC are still behind another firewall too). So the solution based on listen mode, the NAT-to-NAT plug-in are all revoked by myself.

Second, to simplify the software installation in Windows, the SSH application I used is plink. Plink is a command-line interface for Putty’s back-end where Putty is also another well-known SSH clients in Windows. Because it can be used within command line, it is the best choice – to be a Windows services on system start-up and auto-connection.

The main reason I chosen plink for connection are: 1) It is small but compact; 2) It is installed-free (green); And 3) it is well-known and still in maintenance.

Details of SSH Tunnel and Auto-login with Plink and Puttygen.

Third, to insert a new services for Windows, I use the Windows Resources Kit which provided by Microsoft. Because it is also produced from the same vendor, the compatibilities and stabilities may be the highest one, I think.

Details of How to Make a Custom Service for Windows.

Fourth, to check the connection established periodically, I wrote a simple batch script to achieve. The script will check for the connection from local. Restart the tunnel service when disconnected. And with the Windows’ scheduler abilities, it will check periodically.

Details of Script to check tunnel status periodically on Windows.

Fifth, to maintain the connection, we change the server setting for SSH. The parameter will ask the clients whether it is still alive. This will prevent the connection be disconnected by the network devices between the edges.

Details of how to avoid SSH connection closed. (TBD)

Finally, my own remote desktop environments built successfully. And it works fine. Although the uploading from my home is still slow, I can control its status remotely.

ClientAliveInterval