Secure? TeamViewer into virtual machine running in FreeNAS

[trey22]

I work from home, but on my occasional business travel (I average 6 trips a year) I need access to a Windows machine. I need that machine to be at home, and it runs just 1 specific application. I can setup a 2nd server, but rather not for this one task , and figured my FN box could do the job.

I've come across many threads suggesting a VPN to connect to your FN server from the outside world. My plan was to setup VirtualBox in a jail, and install TeamViewer in the vm (running XP Pro SP3).

1. TeamViewer would need internet access. Do I need to setup any special routing/permissions for internet access on the vm?
2. The app running in the vm will need to write to the FN pool (on an existing CIFS share). Will the vm see that share automatically?
3. Is this a secure way of doing it?

 

[cyberjock]

I work from home, but on my occasional business travel (I average 6 trips a year) I need access to a Windows machine. I need that machine to be at home, and it runs just 1 specific application. I can setup a 2nd server, but rather not for this one task , and figured my FN box could do the job.

I've come across many threads suggesting a VPN to connect to your FN server from the outside world. My plan was to setup VirtualBox in a jail, and install TeamViewer in the vm (running XP Pro SP3).

1. TeamViewer would need internet access. Do I need to setup any special routing/permissions for internet access on the vm?
2. The app running in the vm will need to write to the FN pool (on an existing CIFS share). Will the vm see that share automatically?
3. Is this a secure way of doing it?

1. Depends on how you setup TeamViewer. For that you should go to Teamviewer support.
2. Only if you setup the VM to mount it automatically.
3. It's as secure as it's going to be for conditions. I take the conservative ideal that Teamviewer possibly has a backdoor and Teamviewer employees potentially have access to your machine. So I take the stance that it's very insecure.

I understand what you are trying to do, but Teamviewer is not open source, is not billed as a security software package, and considering what the Teamviewer software does and how it works I'm more than a little skeptical.

I'm also moving this to off-topic since this really has nothing to do with FreeNAS.

 

[diedrichg]

Some new consumer routers have the ability to create a VPN. If your router is old and you are looking into upgrading, this would get your two birds with one stone. As I'm sure you know, you will be able to view your network through the Windows Explorer network tree once you have a VPN connection established.

I have a Asus rt-ac66u and it has worked great for over a year now. VPN works great too as it uses PPTP or OpenVPN. Another highly rated router is the Netgear R7000, it too has VPN using only OpenVPN though.

 

[cyberjock]

I use pfsense for a VPN. pfsense is a professional software package and since it runs open source software you aren't at the whims of the manufacturer to fix bugs or security flaws(which seem to be in extremely high quantity lately).

 

[diedrichg]

OpenSSL is open source too :P

 

[cyberjock]

OpenSSL is open source too :p

And what does that have to do with anything? Yes, it's open source. So? Yes, I know it was responsible for heartbleed. I didn't argue that open source is more secure. I argued that you aren't at the whims of the manufacturers if there's a fault in their firmware.

Just do a little google searching and you'll learn 2 things:

1. The people that write firmware for your standard home routers are total idiots. They make horribly stupid amateur mistakes and clearly don't really care about security.
2. If your router is more than a year or two old and some totally f'ed up security issue comes to light they'll gladly tell you on the phone that your router is no longer supported and that you should upgrade.

So wait a second.. I buy a product written by amateurs, they screwed it up with some POS firmware and then just a year or two later they think I'll be stupid enough to buy their product *again*!? Are you f'in kidding me!?

So no, I don't trust those idiots, and they are *all* like that, without exception. My last router was still in warranty but they told me no more firmware updates. How do you like them apples?

 

[anodos]

Go with PFsense. It's free, secure, stable, and feature-rich. Most importantly for me, it doesn't go EOL. Almost any old computer will do fine (just make sure you get a couple of intel NICs for it).

 

[cyberjock]

Go with PFsense. It's free, secure, stable, and feature-rich. Most importantly for me, it doesn't go EOL. Almost any old computer will do fine (just make sure you get a couple of intel NICs for it).

Keep in mind if you reuse an old desktop that is power hungry you'll use so much power that it may be cheaper to buy one of those last-gen atoms for $100 since it uses 10w or something. ;)

I used a spare P4 to prove I could figure out pfsense, then bought the atom because the power saved would pay for the hardware in 2 years. haha

 

[anodos]

First pfsense box was a P4-era proliant G4 DL380 with mirrored 15K rpm SCSI drives. Thankfully only proof-of-concept. I don't want to think of how much that would have cost to run 24/7.