Adding computer from outside office to a network

I have a small office network of 4 computers running Windows XP, and its fine for sharing files. I have one user from outside the office who dials into the network using Windows Remote Desktop Connection. This connection does not always work due to changes in IP address. Apart from the obvious of getting an (expenisve) static IP address, is there another solution anyone can suggest - perhaps storing all files on a server OUTSIDE the office, which anyone from the network can dial into any time? What is importnat is fast access to Word and Excel files, easy editing, and saving, then the changed files can be accessed by other members of the network.

Any suggestions welcomed.

 

Use a Dynamic DNS service. Many are free. This gives you the appearance of a static IP.

See, for example, http://www.dyndns.com/services/dns/dyndns/

Check your office router. Many have the feature to update your Dynamic DNS server automaticly when your WAN-IP changes. My Linksys WRT54G, for example, does this.

I must comment however that the notion of locating for workfiles outside the office and using remote access is a terrible idea.

Given overhead, and bandwidth, there is no way that remote access can compete with 100/1000 mbs copper wires for users in your office. You use remote access when you have to, not as an alternative to a wired office LAN.

 

You can track the ip to keep a consant connection.


http://www.no-ip.com/

a tracking program is installed on the computer.
it sends a signal to no-ip to track changes in the ip .
the program is provided by no-ip or at downloads.com
the basic no-ip service is not charged for.
you assign a name - for example xxxcomputer.no-ip.info
the name now corresponds to the ip as it changes.
you do not have to know the ip you simply use the assigned no ip name.
I wrote a post on no-ip and remote access with vnc a day or two ago.
In that case instead of entering the ip of the remote vnc machine that will be viewed or controlled you would simply enter the no-ip name.
Also the program network magic offers remote control but I have never used that function of the program.
The first month of use of the premium product is a free trial which allows file sharing and remote access.
Also you might look at a virtual private network program called Hamachi.

http://www.hamachi.cc/

The key thing is that you can set up the sharing network with virtually no configuration. Speeds are high. The information goes directly between your computers and is not routed via the Hamachi server. It just makes the original connection ( or so i understand)

http://www.twit.tv/sn18

http://72.14.205.104/search?q=cache...f+hamachi+rocks+twit&hl=en&gl=ca&ct=clnk&cd=2

http://en.wikipedia.org/wiki/Hamachi

there seems to be some dispute on wikipedia about the neutrality of the article .

 

Thanks for the replies.

Just to clarify, the IP change issue I have is with the host computer - the one outside the office dialling in - tjhis is the computer whose IP number changes, and thus is not accepted by the network firewall. The netwrok firewall accepts only IP addresses I have told it too - its possible for it to allow any IP addresses through, which I guess would not be a good idea security-wise? At least, anyone who does get through needs a user name and password, is that security enough?

 

Change the firewall to allow any TCP traffic on port TCP 3389. To be fancier, look up the block of addresses used by their ISP and allow only those blocks of addresses access. (Use Google and find a WHOIS search agent, and enter their current IP address to find the block).

Since you have a port-forward in place for this port, the best anyone can reach is the port-forwarded computer. There the only "listener" that will be found is the Remote Desktop Host software on TCP 3389. Their access attempts have to be made in RDP 5.1 protocols, using MD5 encryption, or the requests are simply ignored.

The user would then have to be listed as a valid user with a valid password by the Remote Desktop host machine to gain access.

 

Thanks for those replies - I found a combination of the answers worked: I downloaded Hamachi, and this worked in allowing me to access my office files from home. To do this, though, I had to fiddle a bit with the office firewall - I allowed the firewall to allow any TCP and UDP traffic through, through all ports - is this as safe as just allowing it through on port 3389 (that's the Windows remote right?)? Or is there another port used by Hamachi I should keep it too? I am imaginging that anything unauthorised that did get thourgh would not cause any damage since they could not access the files without being members of the Hamchi network, right?

 

Why use HAMACHI?
Why open all ports, TCP and UDP to any IP address?

I gave you a perfectly sound way to enable a single port, using a single protocol, to allow completely encrypted MD5 traffic, under a restricted set of protocols, to provide access.

Instead you use a third party service, open your firewall on all ports to all IPS, using any protocol, and are using an unecrypted connection.

And it is slower to boot. The fastest and most secure remote client to remote host connection available, outside of a VPN tunnel, is the freeware Microsoft Remote Desktop client. You will find no arguments from even the VNC crowd about this.

It might help us a lot if we knew what firewall product you were using.

 

The reason I used Hamachi was because I wanted to just access my office network files, rather than remotely take over a computer screen, and I wanted to do it without IP address issues (but I think your suggestion would anyway eliminate this?). I will also soon have no spare office computer to dial remotely into, so only accessing network files is what I need.

I guess there must be a better way than what I did --- perhaps I need to look into some VPN solution?

Software firewall on each PC in office is F-Secure 2006 and hardware network firewall is Zyxel Prestige 660H-61.

I closed Hamachi, and the opened TCP and UDP ports now ... the Hamachi did work, but when I tried to open an 8 MB Microsoft Access database file it was very slow.

Thanks for being patient with me - its dark, cold, and wet in Finland , and I appreciate your help a lot.

 

Since Remote Desktop is running as a native logon at the remote computer, the contents of the database are not sent over the wire, but processed locally on the remote workstation. The only thing transferred are screen contents.

Remember that Remote Desktop is a form of Terminal Services.