[SOLVED] How to use remote desktop ThinClient with Android tethering

[unseeingdog1]

Hi,

At my job, we use a system of small HP Thin Clients (t410 Smart Zero if it matters) as remote desktops running Windows Server to do all our tasks, and we also get one we can take to work from home, which uses a VPN to connect to the central server through our home internet.

When I connect it to my home modem it works perfectly. The thing is, sometimes I'm late on my internet bill for various reasons and it gets suspended until I pay it, and I would like to be able to work from home using my data plan when that happens.

I've tried many different things:
-connecting the phone directly to the Thin Client (I think this one as these things surely don't have the Android USB drivers)
-connecting it to my personal PC (which gets internet from my phone) and then using Connectify on Windows to pass the internet onto the Thin Client via Ethernet;
-tethering from Connectify onto a router and then onto the Thin Client.
None of it works. On the server login screen it shows the message "VPN connected", but when I put in my credentials it says "Server is not available," same as if it was fully offline.

I've no doubt that this whole system or server we use must have tons of restrictions, but I just want to know if there's a way for it to think the tethering is just a regular modem so I can connect normally and not be forced to go to the office when I could stay home. Thanks in advance.

 

[SamirD]

I think the problem is that depending on what type of vpn tunnel is being created, you may need direct IP access, ie no nat. And without a wifi card, I don't think wireless would be the easiest way to go.

What I would try is putting it in the dmz of your router. This should work if your router doesn't interfere with any of the packets.

 

[unseeingdog1]

I think the problem is that depending on what type of vpn tunnel is being created, you may need direct IP access, ie no nat. And without a wifi card, I don't think wireless would be the easiest way to go.

What I would try is putting it in the dmz of your router. This should work if your router doesn't interfere with any of the packets.

You mean putting the Thin Client in the DMZ?

 

[unseeingdog1]

I was looking around my router config based on what you said and I do see DMZ and an option to disable NAT and use Dynamic or Static Routing. I'm still not sure what I should do with the DMZ though, or what you mean by "interfering with the packets." Sorry but I don't know too much about this stuff

 

[SamirD]

You mean putting the Thin Client in the DMZ?

Yep, thin client in the DMZ.

Don't worry about any changes to the static/dynamic routing. As far as interfering with packets, some routers even with something in the dmz try to process the packets and in doing so end up still blocking packets (with AT&T routers I've personally seen this happen), so then it still won't work or gets hung up similarly to what you've already seen.

 

[unseeingdog1]

I just tried adding the Thin Client to the DMZ; it didn't work. I get the same message "Failed to connect to server at port 3389. Is the server available?"

 

[bill001g]

You likely have a bunch of issues if the vpn requires a dmz entry. First connectify is basically a very stupid router. It only supports the basic nat function it has no ability to run port mapping or dmz. So the traffic never even makes it to the router you have connected to the pc. Next most cell phone plans run some form of NAT. You almost never get a actual IP. You likely have a 10. ip address or you are getting one of the newer 100.x.x.x ip addresses assigned for carrier nat. You would need a dmz option in the cell carriers nat router which of course will never happen.

The carrier nat may also be the reason it does not work directly connected to the phone.

Hard to say how to fix this. The companies that set these up tend to have a one size fits all configuration so that it is easier to support. You could see if they have some option to run via a cell tether or hotspot.

 

[unseeingdog1]

You likely have a bunch of issues if the vpn requires a dmz entry. First connectify is basically a very stupid router. It only supports the basic nat function it has no ability to run port mapping or dmz. So the traffic never even makes it to the router you have connected to the pc. Next most cell phone plans run some form of NAT. You almost never get a actual IP. You likely have a 10. ip address or you are getting one of the newer 100.x.x.x ip addresses assigned for carrier nat. You would need a dmz option in the cell carriers nat router which of course will never happen.

I checked my public IP from my Windows PC when tethered to my phone and it says it's 190.102.58.72. Is that what you mean?

I already tried setting up a bridge and using connection sharing to the router from my PC's control panel directly instead of Connectify. No luck either.

 

[SamirD]

I just tried adding the Thin Client to the DMZ; it didn't work. I get the same message "Failed to connect to server at port 3389. Is the server available?"

Yeah, so the packets are still not getting through. Your only way to get it to work will be direct to the modem unless you want to replace the router.

 

[bill001g]

I checked my public IP from my Windows PC when tethered to my phone and it says it's 190.102.58.72. Is that what you mean?

I already tried setting up a bridge and using connection sharing to the router from my PC's control panel directly instead of Connectify. No luck either.

How did you check the public ip. Something like whatsmyip will show you the public ip that you are using it does not mean you are not sharing it. So first place to check is the nic adapter created by the tether to the phone. Many phones act as a router and NAT. Some you can over ride this and make it bridge the IP it obtains.

Next you need to check on the phone itself and see what IP it thinks it has that the ISP gave it.

These addresses must match the ip you see on whatsmyip. If not you have do not have a public IP.

 

[unseeingdog1]

Do you guys think it will work if I use a VPN on my PC and connect the ThinClient to that? I've read some articles online saying that this can fix issues for people trying to do online gaming in a similar situation.

 

[bill001g]

In theory at least it will work. It all depends on the vpn client and what it will accept. You largest issues i suspect is going to be to get the vpn to even come up to the company network. There are lots of possible variations in the settings on the vpn. If someone from the company can help you it will be lots easier. They can actually prevent it if they require only their devices to be connected. In some ways it is done to prevent what you are attempting. You are putting a device (your pc) on their internal network and if there is some issue like malware or a virus it can now contaminate the internal network.

The next problem will be to get the vpn to accept the second device. It would have to allow traffic from a second IP to pass though. Many times the ICS function will not work with the virtual network adapters created by the vpn clients. Some work with no issues other do not have the feature ICS needs to connect.

I really recommend you talk to the IT guy at your work. They must have people who need to connect via mobile broadband. I bet it the phone that is causing the issue, I bet it works on a router that accept a broadband dongle.

 

[SamirD]

I second talking to your in-house IT as they will have better experience in dealing with issues like this.

As far as using a vpn over a vpn, I'm not sure it is even possible to tunnel a second vpn through a first one.

 

[unseeingdog1]

I actually worked now after a good while of fiddling around with a VPN on my phone

The working setup is:

Phone: Speedify + VPN Hotspot (USB)-> Windows PC: Bridge USB tether adapter with ethernet (Ethernet)-> Thin Client connected through ethernet

Of course, talking to the IT guy should've been my first option, but as it happens he has a reputation for being kind of useless, so that's why I didn't even try.

Thanks for all your answers!

 

[SamirD]

Awesome that you found a working solution. I knew there would be one, but it was going to be something convoluted like that.

Yeah, sometime the IT people are just 'paper smart'--certifications have actually ruined the industry as people with a piece of paper get a job over those that know what they're doing. A friend of mine's wife is like that. She couldn't even follow phone directions to set up a ipsec vpn tunnel (something any pro should be able to do in their sleep).