NoMachine NX

When people connect to their VPN, this could simply allow them to access shared files. But alternatively, this could also mean that they wish to create a virtual session, on the remote desktop of one of their servers. The latter exists under the terms VNC, RDP, XRDP, and several others.

On my main Linux server named ‘Phoenix’, I have the XRDP service installed, which is the Linux equivalent of RDP. But one main drawback of this method, of remotely accessing a desktop, is the fact that XRDP does not allow file-sharing, specifically in the version of this protocol that runs out-of-the-box from the package manager. I have read that certain custom-compiled versions support this, but do recall that this service is a mess to custom-compile, and to set up in such a way that it runs reliably. So I stick to the packaged version for now, and do not obtain file-sharing.

There exists a closed-source application named , which we could use to bridge this gap. But while their paid software subscriptions are very expensive (from my perspective), their Free software version has some big disadvantages.

First of all, even their Free version can be run in client or in server mode. I think that this is terrific. But in server mode – which affords access to the local machine desktop from elsewhere – there is no built-in support for SSH protocol. There is only the unencrypted NX protocol, for which their service listens.

Secondly, not every computer is strong enough to run in server mode. On the computer ‘Phoenix’ I have a fragile X-server, and this service has actually crashed my X-server. Not only that, but allowing this service to run on reboot, consistently prevents my X-server from starting. It gets its hooks into the session so early on boot, that the X-server crashes, before the user is even asked for a graphical log-in.

On the plus side, there are ways of solving both problems.

Continue reading NoMachine NX

Routine OpenVPN Test Successful Today

On my Home LAN, I host a VPN. Contrarily to what the term might suggest, “OpenVPN” does not stand for a VPN which is Open, nor which anybody might have access to for free. OpenVPN is just one possible protocol for implementing VPN, and is stuffed to the gills with security measures and encryption, which keep unauthorized people out, and which ensure the privacy of the VPN tunnel, which a Client can invoke from outside the LAN, into the LAN.

I possess an OpenVPN client for my Tablet, that receives updates from its developers from time to time. After several updates to the app, I need to test whether it still works, even if at that moment there is no practical need for me ‘to VPN into my LAN’. And just today I found, that indeed this Android app, as well as my server at home, still work 100%.

In order to verify that I have meshed adequately with my LAN, I typically make it a part of the test to ping a computer on that LAN, which is not itself the VPN Server, and to make sure that I get normal ping responses. This also tells me that my specific routing implementation works, beyond the VPN tunnel to the Server itself. My average ping time today was 37 milliseconds.

A VPN is not really a Proxy. If I wanted to change certain settings, I could redirect all my traffic to the Internet at large, through my VPN at home, which is currently still configured to be routed directly from where my Client is located. I was performing my test from a public WiFi hot-spot, so my regular Internet access was still taking place directly from there.

And, because my Home LAN is located in the same jurisdiction as that WiFi hot-spot was, there would also be zero benefit, to my redirecting all my Internet traffic through the VPN, because doing so would gain no special access privileges, geographically, to Internet content anywhere.

Continue reading Routine OpenVPN Test Successful Today

VPN Server Test Completed Today

Just this evening, I went to my neighborhood Tim Hortons, to order some food, but also to use their public WiFi hot-spot, in order to log in a session with the VPN server I have on my LAN, that uses the ‘OpenVPN’ protocol. This is a type of test which I perform periodically, just to make sure that the server does work, after certain upgrades. The test was a success.

But I would like to point out several things which this action does not imply.

In the world of today, many people pay money to rent a VPN server, the only purpose of which is to fool the geo-blocking of certain services offered in the USA. In this context, they may expect that to install ‘OpenVPN’ on their clients, will give them free access to a VPN.

This would be False.

The way I have OpenVPN set up on my LAN, I can use the compatible Android client, named “OpenVPN For Android”, to make my computers behave as though my tablet was physically on my LAN. From there, I can ping computers on my LAN. This could be useful to me if I need to access certain resources that specifically exist on my LAN here at home.

In general, I do not use this service to redirect any Internet traffic through my VPN, so that Internet traffic continues to flow directly from the tablet which is my client, through the WiFi that I have used separately, to gain access to my OpenVPN server.

Some people have suggested that I may be taking quite a chance with my data, by connecting to my VPN from within a WiFi hot-spot. But contrarily to what the name of this protocol may suggest to some minds, this protocol has robust encryption techniques in place, in addition to password challenges, which will not only prevent unauthorized access, but also prevent any data from being gleaned from the connection, in the event that the entire session might be monitored.

My main fear in this scenario tends to be, that certain hot-spot operators may not differentiate, between a person who connects to his VPN at home, and one who connects to a VPN across the border, simply because either type of session typically uses the same port numbers, only on different servers. If they did not differentiate, my access to any VPN might be blocked regardless. It was not blocked this evening.

There is an observation about Tim Horton WiFi however, which I may mention. I pinged another computer tonight, which was physically on my LAN. This represents a low-bandwidth scenario. The ping times were slower than before, averaging maybe 200ms. In the past I sometimes obtained ping times of 30-50ms. Yet, if I was to do the same thing from a non-public WiFi hot-spot, my ping times should also be back to normal…

Dirk