Zerotier Windows Remote Desktop

[Patricia]

Iwas thinking of putting ZT on all the users office computers that need remote access and then putting on their home computer. This seems like a big security risk of opening up the office network to a home computer that may or may not be protected. What is the best practice for allowing remote desktop users? Can you isolate the ZT traffic and not allow it onto the office LAN?

If you set a network for each office computer and join the home client to the network for only one office computer, then you will effectively achieve what you are aiming to do. Furthermore, if you set the firewall on the office computer to only communicate using RDP over the Zerotier link, then you will have it further locked down.

Personally, I would use the Firewall settings on each office PC [electing to turn off file sharing on the zerotier link, or declaring it a public link and only allowing RDP], as it is good practice to assume your internal network may turn hostile one day. As it is, the config you have there looks like it might work.

In Windows, no, this only happens if you make an explicit bridge between the network interfaces [B and C]. Given you are using RDP, and locking it down on the Zerotier interface, there should be no traffic going from A to D.

I am seeking help to gain a better understanding of the hardware and software architecture required for the BlueBoat. Specifically, I am interested in performing hydrography surveys with single-beam (SBE) or multibeam echosounders (MBE), such as Echotrac E20 (SBE) or Norbit iWBMS (MBE).

Hardware Components: What are the essential hardware components needed to set up the BlueBoat for hydrography surveys? Which complementary sensors, and communication modules are compatible and recommended for accurate data collection?

I am looking forward to learning from any experience anyone in the community could share. Any information, recommendations, or real-world examples related to hydrography surveys using the BlueBoat would be highly valuable.

As for communication, I found that the easiest way to integrate everything on an autonomous boat was to keep the navigation and sonar systems and communication systems on separate hardware, and to link everything on a virtual network using Zerotier. It looked kind of like this:

The motors and speed controller were external to the electronics enclosure. The idea was to make a control box that could be easily swapped onto any catamaran boat with electric motors and differential steering.

Both these boats use multiple radios and communications for redundancy, as we work in mining pits, where we are not allowed to go on the water for any reason. If we loose connection or the boat has a problem it is a 100% loss. Here is our setup:

Telemetry Radio: RFD 900x, use this for telemetry and connection to Mission Planner or QGC for mission planning and monitoring the boat vitals. We can also connect a joystick to the ground station compuer to manually control the boat if needed.

RC Radio: HereLink 2.4 GHz this is used for RC control and a secondary telemetry read out. We need to launch the Zissou about 300 m away and 60 m down from our ground station. This allows us to launch the boat, and not need to haul the ground station around.

Companion Computer Radio: Mikrotik omnitik (on boat) and MantBox on ground station. This is a 5.8 network bridge that allows us to view the IP PTZ cameras on board, and to remote desktop onto a windows 10 companion computer onboard each boat.

They are extremely expensive to buy new, but they are on eBay dirt cheap in the states. Beware that you may need to send used routers back to GE for factory reset if the admin password was changed by the previous owner.

I was trying for a few days to get ARD to work on a remote computer running macOS Mojave, any other OS was fine just not Mojave. I found a link on the web suggesting it doesn't work as it used to and might require user(s) to open up screen sharing for you. That of course doesn't work when you are supporting many computers remotely.

using my computers plists as a reference. Once they were modified I moved them back to the remote computer and then ran a repair on disk permissions. Rebooted the computer remotely and it worked for me. I certainly hope this is a fix (a very unnecessary fix I must say). Give it a go.

I've had lots of success accessing my iMac at home using the Apple Screen Sharing app and connecting to it using Zero Tier. As it's a direct connection there no confirmation needed, i.e., if you connect via Messages.

Zero Tier is a 'virtual switch' that creates private encrypted networks which also deals well with getting through routers with NAT/firewall; no manual port forwarding required. If you're behind a home/domestic router (rather than a corporate firewall) there's a high probably it'll work for you.

Once the machines are authorised they are assigned an IP address in one of the reserved private ranges, e.g. 10.63.28.188. You can choose a range that does not conflict with anything you may be using already. The private IP is then used to connect to the other machine.

Open the Apple Screen Sharing app then enter the private IP address of the destination machine:Click Connect then you'll be prompted for the login credentials of the destination machine if it has sussessfully made the connection, and once authenticated you'll be presented with the destination machine desktop.

Trying to set up a Windows Server 2016 install so that we can access it over a ZeroTier network instead of the current VPN solution. Connecting to it in Desktop/PC mode is no problem at all, but when I try to add a Workspace to use published apps I can authenticate and pull down the list of applications, but when it tries to connect to and configure the gateway for the connection it fails on the Mac with error 0x300005f.

The connection dialog shows that it is trying to connect to the IP address set up for the VPN, it is as though the gateway (sorry, I don't have all the right terms) is not pulling the right IP address based on where we are connecting from.

What piece am I missing that would allow the server to accept connections on more than one IP address for Workspaces/RDWeb apps? It is maddening that it works 99% except for actually launching the application.

It would be great if somehow we could just add the workspace with the IP address (which I am using in the URL), but it seems to have to route through the gateway which is configuring things for the wrong IP address.

The public IP is blocked by firewall, I had set up a Linux azure VM running a VPN on the same virtual network as the windows server host, and they were using that to connect to the system using the NIC IP address.

The problem is that while I can start a remote desktop session as PC/Desktop, trying to access workspace/published apps gives an error because it is trying to connect to the NIC address instead of the zerotier network interface the connection is coming in on. I don't know why the two types of connections behave differently.

And maybe your problem will need to capture some dumps or traces to further analysis, which I suggest to contact Microsoft Customer Support and Services where more in-depth investigation can be done so that you would get a more satisfying explanation and solution to this issue.

You may find phone number for your region accordingly from the link below:

Global Customer Service phone numbers

-us/help/4051701/global-customer-service-phone-numbers

It has nothing to do with Azure networking, as I can connect to it using any of the IP addresses, so all networking is functioning as it should. The problem is that however the published apps work, they insist on using the wrong IP which seems squarely in the gateway/broker/whatever configuration.

How does one set up a server with multiple NICs on different nets and allow full remote app functionality? Essentially that is what this is, but it is trying to make everyone connecting on NIC2 connect to the IP of NIC1 which they can not reach.

Dear All,

I wish to develop a project grounded on asiair pro setup.

I would like to have my home-observatory connected to some online device (android, ios, Mac or windows) taking line from 4g hot-spot by a phone or a simcard, and to remote connect and control from another device, online on another network and different place.

Do you think it's possible?

How could it be set up?

Thanks in advance to everybody

Clear skies from Italy

The first one details how to add your public openssh key to the pi user on ASIAir so you can connect via openssh and perform all kinds of maintenance. See my gist called Add your public openssh key to ASIAIR.

The second one details how to circumvent WIFI issues by using a fixed wired IP address. I have set it up such that I can connect the ASIAir via a cable to my home network router so I can access it via the fixed wired IP address. When in the field, my iPad has a fixed IP address in the same range on the lightning to ethernet adapter so it there can connect to the same IP address of the ASIAir as well. See my gist called Set up a fixed ethernet IP address on ASIAir.

The third one explains how to set up a VPN client on the ASIAir. I'll repeat the same disclaimer here. Setting up a VPN connection may potentially introduce a security risk and any damage encountered following this tutorial is for your own risk. I will not take any responsibility whatsoever. Also make sure to check with your hosting company and request permission to set up a VPN connection first if you want to use the ASIAir in a remote hosting site. As you can read in the gist, I chose a particular VPN solution called ZeroTier. It works for me and my requirements but yours may be different. It is up to you to choose a VPN solution and I again will not hold any responsibility for the choice you make nor will I recommend any VPN solution. See my gist called Set up VPN on ASIAir.

Thank U Philippe!

from facebook AAP group page someone answer me that all the key coincides with right VNC setting-up.

I don't think so, or at least don't think all the game is there.

I thought to this solution still have to try.

1) setting up an hotspotA by a device A,

2) device A is also running a VNC server side app, i.e. real VNC server

3) set AAP wifi connection in STATION MODE thus to connect to hotspotA

4) from a remote deviceB connect to device A trought VNC client side (i.e. VNC viewer)

5) remote controlling device A AAP

IMO it should work, as with Astroberry it worked fine. But I use to remote control by PC with linux, and astroberry VNC was a startup compatibile software installed and working.

In this case I have to find the right android and/or IOS VNC app for device A and then test everything.

3a8082e126