Hi Guys,
I have few windows 7 guests vm installed on virtual box on Windows 10 host with bridged networking.
I am able to RDP from the host but i need some guidance/advise on how to setup the system to be able to access via (RDP) the vms from outside world.
The problem with TEAM VIEWER is that every time the machine reboots the password changes in my case i would like to be able to turn on/off the vm remotely as long as the host is on and connected to internet.
i'm in the UK and planning on holidays abroad I would like to leave my PC on and be able to access the vms outside UK.
is this possible please advise.
Please note that my Wireless router does not have the VPN capabilities
Looking forward to hear from you guys.
Many thanks
Accessing Windows Guest from outside world via vpn
-
scottgus1
- Site Moderator
- Posts: 20945
- Joined: 30. Dec 2009, 20:14
- Primary OS: MS Windows 10
- VBox Version: PUEL
- Guest OSses: Windows, Linux
Re: Accessing Windows Guest from outside world via vpn
The below doe not involve using a VPN.
You would do the this the same way you would open a real PC up to the internet for remote-in services: by port-forwarding through your router. Virtualbox adds only a couple twists to the usual method.
You can remote into in-the-guest remote-control software or Virtualbox's RDP server.
If you plan to use the in-the-guest remote-control software, then you will need to use a different port number for the remote service in each guest, so your router can differentiate the guests with its port-forwarding rules. Also, the type of internet/network connection to the guest is involved:
If you have networked the guests with Bridged, then the guests are getting IP addresses in your physical LAN same as your host is getting. For reliable remote-in capabilities, you should set your guest OS's to have static IP addresses in the same range as your host gets, preferably outside the range that the router's DHCP server hands out, to avoid accidental IP address conflicts in your LAN. You then port-forward the necessary ports through the router to your guest's IP address and port number.
If you have networked the guests with NAT, you would port forward through your router to the host's LAN IP address. Then in the guest's Settings Network window for NAT, you would set the NAT port forwarding to receive traffic on the correct port and send it to the guest. (I have not tried this NAT solution myself, YMMV)
If you plan to use Virtualbox's RDP server, you would choose different port values in each guest's Virtualbox Display settings, then port-forward through your router to the host's IP address on the chosen Virtualbox ports.
Since you're planning to open your guests to the internet, consider using port numbers that the remote services don't usually use, and that are not in use by another service. Although this is equivalent security-wise to repositioning the door lock on a door you want to keep burglars out of, it does tend to serve as a somewhat effective way to reduce hackers, in my experience. (There's over 65000 places to put the "door lock", and the "burglar" can't see the "door".) I had an UltraVNC'd PC open to the internet on the usual port number of 5900 and got dozens of log-in attempts an hour. I changed the port to an unusual number for VNC and have had no hack attempts since.
If your house has a dynamic public IP address, consider using some dynamic DNS service to give your house a web domain name. Some run for free and may simply require a log on to their website every month or so. You run a program on one of your house PCs that updates the service with your house public IP address. Maybe your router is already programmed to use a free service.
Finally, good passwords are a must for the log-on's, both for the service and the OS accounts.
You would do the this the same way you would open a real PC up to the internet for remote-in services: by port-forwarding through your router. Virtualbox adds only a couple twists to the usual method.
You can remote into in-the-guest remote-control software or Virtualbox's RDP server.
If you plan to use the in-the-guest remote-control software, then you will need to use a different port number for the remote service in each guest, so your router can differentiate the guests with its port-forwarding rules. Also, the type of internet/network connection to the guest is involved:
If you have networked the guests with Bridged, then the guests are getting IP addresses in your physical LAN same as your host is getting. For reliable remote-in capabilities, you should set your guest OS's to have static IP addresses in the same range as your host gets, preferably outside the range that the router's DHCP server hands out, to avoid accidental IP address conflicts in your LAN. You then port-forward the necessary ports through the router to your guest's IP address and port number.
If you have networked the guests with NAT, you would port forward through your router to the host's LAN IP address. Then in the guest's Settings Network window for NAT, you would set the NAT port forwarding to receive traffic on the correct port and send it to the guest. (I have not tried this NAT solution myself, YMMV)
If you plan to use Virtualbox's RDP server, you would choose different port values in each guest's Virtualbox Display settings, then port-forward through your router to the host's IP address on the chosen Virtualbox ports.
Since you're planning to open your guests to the internet, consider using port numbers that the remote services don't usually use, and that are not in use by another service. Although this is equivalent security-wise to repositioning the door lock on a door you want to keep burglars out of, it does tend to serve as a somewhat effective way to reduce hackers, in my experience. (There's over 65000 places to put the "door lock", and the "burglar" can't see the "door".) I had an UltraVNC'd PC open to the internet on the usual port number of 5900 and got dozens of log-in attempts an hour. I changed the port to an unusual number for VNC and have had no hack attempts since.
If your house has a dynamic public IP address, consider using some dynamic DNS service to give your house a web domain name. Some run for free and may simply require a log on to their website every month or so. You run a program on one of your house PCs that updates the service with your house public IP address. Maybe your router is already programmed to use a free service.
Finally, good passwords are a must for the log-on's, both for the service and the OS accounts.