Remote Access

D-Link DFL-210 Router

I recently finished setting up remote access for a client who did not previously have broadband Internet. He wanted connectivity between his two offices on demand. I had used the D-Link DFL-700 router in three of my offices for the past few years as well as setting up these routers at three other offices. They have been very reliable and the VPN access has worked with little hassle after the initial setup. Unfortunately, these routers are no longer available, so I was back to finding a good VPN router. After checking D-Link’s current products, I stumbled upon the DFL-210. I had read some reviews which spoke highly of it, so I figured I’d give it a shot.

The DFL-210 is a lot more complicated than the DFL-700 was to setup. It does have a nice wizard when you first access it to setup a router password and Internet connection. On the first router, I messed up the Internet connection setup, and I couldn’t figure it out manually so I ended up resetting the router so I could run the wizard again since I saw no other way to access the wizard. On try two, I got it right, so the second router’s Internet setup went much more smoothly.

The second part of the setup was to get the VPN server working and be able to connect to remote PCs. I found some nice How-To documents on the router CD, including one to setup a VPN server. I followed the thorough instructions and after was able to connect to the router. Unfortunately, I was not able to access the network or any PCs. I first looked for help on the Internet and found a page at My Digital Life which had users asking for help and others giving some advice. The first suggestion that proved relevant was adding the WAN IP address and WAN Gateway address to the router. By default, these addresses show up as 0.0.0.0 in the web interface. The second suggestion was to add a rule to allow outbound PPTP client connectivity to a remote PPTP server. Finally, I had to call D-Link support for the final piece of the puzzle. I called during the day, got through fairly quickly, got a tech who I explained the problem to, was put on hold for a few minutes, then he had me check a setting which was not on which pertained to routing. With the setting checked, everything was working.

To make it easy for others to setup the PPTP server and allow VPN client passthrough, let me give you the steps you need (my configuration was with a DSL conenction with Static IP addresses):

1) On the router CD, print the scenario: How to configure L2TP and PPTP servers for remote users when firewall is using PPOE.

2) Assuming your Internet connection is working, make the following changes to the instructions: In step 1, your lan_ip and lannet should already be set, but set your WAN IP and WAN Gateway IP. In the second part of step 1, in the IPPools Address Folder you just added, you will add a new IP Address (there’s no selection for a new IP4 Host/Network on the DFL-210).

3) Skip step 2. In step 3, under Server IP, I selected wan_ip since I skipped step 2. Also in step 3, when you go to the Add Route tab, you also need to check Always select All Interfaces, including new ones.

4) Step 4 remains the same. In step 5, under Terminator IP, I used wan_ip again instead of ip_PPOEClient (which was not a choice). I did not do the Per-user IP Configuration.

5) I skipped step 6 because I used the IP address of the router to connect and didn’t require Dynamic DNS.

6) I followed step 7, but when you are in the Rules section, add a new rule in the LANToWan folder called PPTP_Pass_Through. For Action choose NAT, for Service choose PPTP-SUITE. On Address Filter, source interface is LAN, destination interface is WAN, source network is LANNET, destination network is ALLNETS.

I hope these instructions help anyone who is trying to setup a PPTP server on the DFL-210. It seems to be a great router, if a tad complex to configure for novice firewall admins.

LogMeIn

How many times have you (you meaning people either in the IT field or who know enough about computers on their own to consider themselves above average in know-how) had to help to family member or friend with a computer problem? How many times has this been someone in another city, state, country? If you have had to deal with this, not being at the computer with the problem (or the user, as the case may be) can make helping out anywhere from difficult to madly frustrating. That’s where remote access comes in.

Sure, Windows now comes with remote help through a cut down version of Terminal Services. Or there are free offerings such as VNC or even Microsoft Netmeeting if you deal only with Windows computers. But how do you deal with firewalls and dynamic IP addresses? For businesses, I recommend DSL with a static IP address and a VPN router, with VNC to perform remote access. But this is not feasible for most home users (or even some small businesses). You could use a dynamic DNS service with a host name or, like my friend Chris, use scripting to help the user determine his or her IP address. Then with some router or software firewall configuration plus VNC, you’re in. Of course, you would have to make at least one visit to the location to do the initial setup and testing. Long distance support makes this difficult, unless you plan ahead for something like this.

A great solution I have just found and used successfully is one of the commercially hosted remote access solutions. You may have seen ads for GoToMyPC, one of these services. Unfortunately, they are “try for free” but “buy to use.” Then I found LogMeIn.com. What is great about this service is that they have several different levels of remote access, but the basic one is free. They also provide end to end encryption over the connection. Getting started could not be easier: just sign up for an account by giving your email address. They then send you a confirmation email with a link back to their site. Once there, you create a password and are asked what you will use the service for. They tailor their paid offerings to you based on your answer, from what I could tell. They give you a 30 day trial of their paid offerings, but you don’t have to ever use them, or you could try them out to see if you are interested. At this point, though, you are done with account creation and you can immediately do things such as add computers or other users to your account.

What put me on to this idea originally was a customer’s need. He had an employee who would be in the field with a laptop and Internet access through a Verizon PC card. He was looking for two things: he wanted to be able to see what the employee was doing on the laptop at any given time and he wanted the employee to be able to access the office PC which held their data files. With LogMeIn I was able to accomplish both tasks. With the free service, I setup the access client on 3 of his PCs (the only hitch with this service is you have to be at the PC you want remote access to to initially setup the client; however, I found a way around this (more on this later)). The only hiccup with this part was that the company did not officially support Vista yet (but they did have a beta client which worked just fine). One of these PCs was the data holder, so we setup this one with the LogMeIn Pro subscription, so he has to pay a monthly fee for this, but he did not mind. LogMeIn Pro allows you to transfer files between 2 PCs and perform remote printing. We tried the file transfer feature, which brought up a program similar to a GUI FTP program: you selected a file on one PC and transferred it to a folder on the other PC. BY the way, another great feature of this service is that it is all browser based. I have used it on both IE and Firefox. So, anywhere you are with a PC which has a supported browser, you can connect to the service and access the PCs on your list.

Finally, today I had to deal with the chicken and the egg wrinkle to all of this: you need to connect to a PC to help a user but that PC is somewhere else. But before you connect to the PC, you have to go to the computer to setup the remote access client. Well, I needed to help my mother. Since she is infamous for having any number of spyware, trojan, etc. programs on her PC, I did not want her to login with my user credentials to download the client. So what I did is create an admin account for her, but only gave her rights to add new PCs. I put in her email address, she was sent an email, and we went through account setup and client download (which took 2 tries, but worked in the end). Once I could see her PC, I removed her admin account, and we were good to go. I was able to connect to her PC and do what needed to be done myself instead of trying to walk her through it. She was thrilled saying, “I guess we won’t have to ship you our PC anymore to work on it.” Hopefully not.

Like I said in the beginning, LogMeIn has other subscriptions and features I have not discussed. But if you do IT support for external users or family and friends, I highly recommend trying the free solution. You can find more information on LogMeIn here. Finally, all my use of this product was done between PCs with broadband Internet connections (except the Verizon card, which still worked fine). I would not recommend trying this over dial-up.