Monday, February 22, 2010

Remotely access your servers without a static IP

This is a very common problem that many of us face. We might have 24 hours internet service at home, but it is not quite straight forward to access our home PCs remotely from office or elsewhere, simply because their IP address is a DHCP one (at least in India, we need to pay for a static IP address).

I used to ignore this issue earlier, as I never wanted to run a server 24 hours at home. Recently I started networking a bunch of devices at home. With more and more devices coming up, specially a file server or a download server, it is becoming important that I have access to them remotely wherever I'm.

As mentioned earlier, the only issue here is the changing IP address for the server (to keep it simple and focused, I have excluded my router configurations from discussion). I had almost completed a custom solution for this: a simple python script running on my server periodically, which would discover my server's public IP and will post a tweet (content with the encoded IP address) to my secret twitter account whenever the IP address changes. I can remotely watch this tweet and decode it to find my server's IP address. This is pretty neat; except for the small fact that the script needs to be constantly running and polling for IP changes.

Last weekend, when I was fine tuning security on my wireless network at home, I stumbled upon this feature called 'Dynamic DNS' - and that's exactly doing this job in a more efficient way. Dynamic DNS is a means by which any host can ask the DNS server to modify a DNS record. There are at least 2 well known Dynamic DNS service providers : www.dyndns.org, www.tzo.com. Note that this requires Dynamic DNS support from the router (thankfully my router has). Once configured, the router by itself communicates with the dynamic dns server and notifies the change in its IP address. This is much more efficient and reliable as the router by itself handles the change. I used dyndns.org, and it works great. Whatsmore, you can create a dynamic host in dyndns.org something like 'myhomeserver.dyndns.org' (only if it is still available), and map it to your account (your router uses this same username/password to update the dynamic entry for that host). Now you can just remember this hostname, and it dynamically maps to the IP address that your router reported last to the DynDNS server. dyndns.org also has options to the control TTL values of the DNS entries. This shall be used to ensure that your remote client doesn't cache the DNS response for very long, as the IP could potentially be stale by then.

No doubt, this service is useful.

9 comments:

  1. A very neat solution Gerald. I like the resourcefulness of the solution here. Run a script to record the IP address and tweet it! Wow! That is ingenious.

    ReplyDelete
  2. I've also been thinking about setting up an always on machine - mostly for downloads, but also for external access.

    If you've already set things up, what machines are you running for the server? I hear good things about the Atom - pretty slow, but okay for downloading and serving files. And it appears to consume very little power when idle.

    ReplyDelete
  3. You have asked this question right ahead of my next post on my low power machine :)

    yes, I use Asus EEE B202. It runs on Atom N270 processor. Pretty good features, lower power consumption. You can read the rest on the web. You will be amazed by the number of things that it does for me at my home. I bought it in ebay for 9.2K via a gift coupon -- it's worth it.

    ReplyDelete
  4. I had already set this up...I wanted to run my home pc as a vpn server, and looks like I need to enable PPTP on the router...have you done something like this? can you elaborate on the router settings that you have done...I just got E72 Nokia, and wanted to try that as a vpn client and access my home pc...hope that is possible...

    ReplyDelete
  5. I have not configured PPTP on my router (yet), as I don't need such a secure connection as of now. I think my router doesn't support it either.

    Some routers have built in PPTP support (dd-wrt has a firmware with PPTP) that allows you to VPN to your home n/w. If you intend to run the VPN server on a different server reachable via your router, I'm NOT sure if just port-forwarding your PPTP packets to your server would do. I think having the router as the VPN server makes much more sense.

    These are the router settings I did:
    1. 64bit WEP encryption
    2. Non-broadcasting SSID
    3. IP address based on MAC (for my own use, so effectively they are static and easy for me to remember each server -- I don't have a local DNS server on my router).
    4. MAC based access control list
    5. Dynamic DNS configuration to report IP to dyndns.org
    6. Port forwarding to my servers for VNC, SFTP etc.,
    7. Last but not least, change the router's default username/password :)

    That's all I could recall.

    ReplyDelete
  6. This comment has been removed by the author.

    ReplyDelete
  7. Thanks a lot friend, great, regarding router settings can u explain more in detail, sorry to disturb u but it will be great help for me thanks a lot

    ReplyDelete
  8. The router/modem settings are highly specific to the model of the router/modem. You should looks for configs like 'Dynamic DNS' or dyndns etc., where you provide the username/password of your dyndns account, so your router can login to dyndns and update its records.

    ReplyDelete
  9. Although it is easy to scan and find the actual IP of the router with the right access, it will hopefully slow down any unwanted access to the router. 192.168.0.l

    ReplyDelete