Okay, I have an interesting problem. I tried this once a while ago and got nowhere, so I'm trying again. Here's the problem. I have a desktop computer attached to my university dorm's network. I also have a laptop computer which I sometimes travel home (in a different city) with. I would love to be able to remotely access my desktop from my laptop at home (where I'm root on everything). Unfortunately, I don't even know how to contact my network admin at school.

Since our network connections consists of the entire building on a single T1 (slow!), every computer in our building presents the same IP address to the outside world, so there is no way to uniquely connect to my computer. Given the impersonal nature of campus tech-support (contracted out), getting a port forwarded is a virtual impossibility. I've seen plenty of threads showing how to do it the other way around - when the client is behind the hostile firewall, but never when the server is.

I've heard that a VPN may help, but it would require my laptop to be always at home and always on. Just to be clear, I'm willing to try some funky stuff, if it works.

Any ideas.

I hope this doesn't mean that you are running as root normally. In Linux there is no reason to do this.

The dorm desktop will need to initiate the connection. But to do that, it would need to have your remote IP address and use an outgoing port that isn't blocked. The only way I can think of to communicate from the outside where you are is by sending yourself an email, and have the desktop periodically check your email and extract the IP address. The only other way I can think of is for the desktop to connect to a third party service that you are also connecting to remotely. I don't know how a vpn or ssh reply can look like a legitimate established connection on a high port however. I don't think a port like 80 would work because replies come in on a high number port. The ftp port might be open, and you could try using that one.

To start, you could try to establish a remote vnc connection.

I realize that, I just meant that, should it be relevant, at the client side I can forward ports wherever I want/install anything necessary.

Okay, I really like your idea of using email. Here's my thought, and let me know what you think. Write a simple script that runs as a cron job which fetches all my mail, then searches for any mail with a specific subject line. If the mail has that line, it will contain the IP address of my home PC.

The problem I see here is the time-granularity. I don't want to be hitting by email server every 2 minutes, but I do want some responsiveness when I send that email. Hrm.

I suggest that u use Xmanager to properly export desktop.. this is only possible if ports are forwarded on firewall..

And I would love to just use a standard tool to provide remote access, but the ports aren't forwarded on the firewall, and I doubt I can get them forwarded.

Are you using imap or pop? You may be able to use a client like nail and list the mail and then select the one to process based on the header. If you have your cron job run every 15 minutes, that might not be too bad. You would send of an e-mail and then wait for the next quarter hour at the remote location. You could also write it so that it would check whether it already found a remote IP and abort if it has. This would mean you may need to reset that before heading out.

Curiosity -- are you worried about:

• bandwidth
• # of e-mails
• something else

Well, I guess I'm just worried that my email server won't appreciate a constant stream of requests from me. Given that said server is run by my university, I do need to worry about whether or not they like me :-).

How about a dedicated g-mail acct. for this?

What happened? / What did you do?
How did you solve this problem?

Since our network connections consists of the entire building on a single T1 (slow!), every computer in our building presents the same IP address to the outside world

Sounds like, and most probably you are on a nat network. In which case there is absolutely no way to make a direct connection to your desktop without some port forwarding going on. This is by design.

The only way it would even remotely work is if you could somehow get your desktop to contact your laptop first, and establish a connection. Then connect to that established random port. And quite frankly I'm not aware of anything that does that if you can't connect to it in the first place.

Although just maybe...

And VPN only helps you if they have port forwarding on the VPN server. Or if you can get an actual camps VPN account. And then still you'd have to be able to find out the IP you've got.

But if you can't get ports forwarded, your chances of making VPN work are nill.

Its possible they have a general access allowance for VPN though I guess... thats at least more likely than them having some random port forwarded as a general rule.

But personally as a router admin I would not set that up if I didn't have to.