Has microsoft blocked RDP to XP outside of VPN

First the background, then the question.

I can use the RDP protocol to have a the desktop of a remote windows machine appear in my Linux client in these two LAN configurations:

  • Remote is windows server 2003 running terminal services and the two machines communicate in a LAN.
  • Remote is windows xp with “Allow users to connect remotely to this computer” enabled and the two machines communicate in a LAN.

And I can also use the RDP protocol to have a the desktop of a remote windows machine appear in my Linux client in this one WAN configuration:

  • Remote is windows server 2003 running terminal services and the two machines communicate over the internet with port forwarding to the windows machine.

But I can’t get a connection with this equivalent xp configuration:

  • Remote is windows xp with “Allow users to connect remotely to this computer” enabled and the two machines communicate over the internet with port forwarding to the windows machine.

Is the failure of the last configuration my fault or has microsoft set xp so it can only serve a desktop inside a local LAN and not over the internet?

Or any thoughts or advice that you feel is pertinent.

Thanks
Swerdna

I do believe that unless it’s over the local network, you must use a different RDP Client and server. Microsoft does this for security purposes and also make sure your firewall is configured properly along with your router and/or other area’s that might be blocking the connection in general.

Linux and Windows have never been friends, it might just be that you will want to go with another server and client and tunnel it with ssh or ssl, as this will also make it so no one else will see that your connecting to a computer with RDP.

Hello swerdna,
I’m connecting to my work xp machine over the intrenet after I create a tunnel via vpnc. Remote desktop gives me the xp machine on my linux suse. Please let me know if you have any other questions in relation to this connection.
Thank you for you documents which helped me over the last few months learn and setup few things. Awesome help and support for all of us.

On Sat March 7 2009 02:16 pm, swerdna wrote:

>
> First the background, then the question.
>
> I can use the RDP protocol to have a the desktop of a remote windows
> machine appear in my Linux client in these two LAN configurations:
>
<snip>
>
> Is the failure of the last configuration my fault or has microsoft set
> xp so it can only serve a desktop inside a local LAN and not over the
> internet?
>
> Or any thoughts or advice that you feel is pertinent.
>
> Thanks
> Swerdna
>
>
Swerdna;

Have you looked at Windows Firewall->Exceptions->Remote Desktop or equivalent
if using a 3rd party firewall?

P. V.
“We’re all in this together, I’m pulling for you.” Red Green

Thanks:
No third party firewalls. Same setup on xp firewall as for server2003. My big clue is that microsoft knowledge base says to use a vpn (which the others are saying too) but I was hoping for a relief from that obviously revenue-raising imposition.

Can you expand on what you mean by “a different RDP Client and server”

This is what dmera is saying too I think, thanks for that.

I’ll look at VPNs over the next few days, perhaps week, and come back for advice. To start me off, is there a link you’d recommend, to a discussion of what’s perhaps needed, with emphasis on open source?

Blushing big time

unfortunately I don’t have the enough experience with remote connection other than vpnc(via cisco) as this is the default tool used at my company to be able to connect remotely. they imposed it and I was just using in with help from OpenSuse forums.I think that most of the companies would impose some solution which is a third party application, because of ignorance or not being able to accept that a open source solution is a viable one(in some cases). They would rather try anything else other than a free (“open source”) solution.
I was trying to connect to my wife’s work network via ppptp protocol without any success. That is a MS solution implemented “their way” and “not very safe” (as proved by some sources on the internet) and I was not able to find, even with help from some forums, a way to connect. I gave up on it for now. I would love to see some discussions on this topic.

Thanks; That helps me to understands all this a bit better now. It seems there are a few ways for RDP depending on your “scale” of operations:

  1. Large operation: There’s your way (which I haven’t researched yet) where a VPN puts a remote computer on the same subnet as the computers at work so a remote Linux computer doesn’t need port forwarding and simply connects as if on a local LAN with the CLI command like
rdesktop -z 192.168.99.4

That’s really big scale stuff where in theory 20 guys and gals could connect from their homes to their offices at the one time.

  1. Medium operation: If there’s a windows (2003/2008) server on some workplace LAN with terminal services, a small bunch of guys can log onto the single server and do work on it from their different motel rooms.

  2. Small operation: Then there’s a way for really small business where the proprietor can use a command like this:

rdesktop -z swerdna.dyndns.org

and end up going through the small business router with port forwarding to (say) the accounts computer at work to continue working at night. That’s restricted to only one computer at the workplace by the limitations of port forwarding.

It was type three that had me puzzled when I started this thread but I’ve since worked out how to do it over the Internet from Linux to windows, now tested & works for targets of xp, vista or win 7. So thank you and I’ll write it up and I’ll post a link to the method here in a day or two.

But my new challenge will be the VPN thing, but that’s likely to take a month to sort out by the feel of it.

Cheers and thanks all.
Swerdna

OK I got my thoughts sorted and tried some configurations and wrote it all down for reference here:
Windows RDP Remote Desktop Connections using openSUSE as Client or Server

swerdna wrote:
> PV;1954149 Wrote:
>> Swerdna;
>>
>> Have you looked at Windows Firewall->Exceptions->Remote Desktop or
>> equivalent
>> if using a 3rd party firewall?
>> –
>> P. V.
>> “We’re all in this together, I’m pulling for you.” Red Green
> Thanks:
> No third party firewalls. Same setup on xp firewall as for server2003.
> My big clue is that microsoft knowledge base says to use a vpn (which
> the others are saying too) but I was hoping for a relief from that
> obviously revenue-raising imposition.

Never heard of OpenVPN?
We’ve been using this @ $WORK for the past two years or so, and so far it’s
been meeting and exceeding my expectations in the speed we’re getting with
15 accounts and a measly 20Mb down/ 1Mb up line.
Windows XP, Vista, Linux clients; all can work as if they’re on the local LAN.
You can install the server on Windows or Linux too, but of course the Linux server
is “better” (more-or-less IMO).

Yes I have heard of it and I’ll investigate it, thanks.