Anders Johansson wrote:
If you want to avoid firewall configuration entirely, then the connection has to come from the PC that is to be controlled. There is no way you are going to get an incoming connection through a firewall without explicit configuration.
Given this, and given that the server hosting this would have to be outside the firewall so the remote supporter can connect to it, there is a not too difficult and low cost version of this
On each PC that is to have this, initiate an ssh connection to your server that sets up a reverse tunnel to the VNC port. You can give each PC its own port on the server. Then when you want to connect, you use your VNC client to connect to the relevant port on the server, which will pipe you through the firewall to the PC requiring support.
I hope I don't need to tell you what a security fallacy it is to allow this or any other service (including gotomypc, which does more or less the same thing) to traverse your firewall like this. The security of the internal network is moved from the firewall (easily maintained and monitored) to the passwords of the tunnels going over it (nightmare)
The idea was to have a server located somewhere to avoid having to configure many firewalls. Also, it would be impracticle to setup each workstation we would want to access. We are a small outsourced IT company that deals with small businesses. The idea is to have an applet the end user can download and connect to the server then a tech could connect from the field if necessary. Im am personnaly not a fan of gotomypc, and use VNC when I can. Right now we are just looking at differnt solutions. I appreciate the input. Thanks Mike