I have to admit that the network at one company I deal with is simply too locked down to make me want to bother with tunneling a VNC connection out to my home PC through the proxy.
First, the proxy is restricted to only allowing http / https connections. No problem. Just use an http tunnel:
vnc client --> tunnel client --> company proxy --> tunnel server --> vnc server
Second, the proxy is restricted to only allowing connections on ports 80 and 443. Well, no big deal there. Just have the tunnel server forward traffic from 443 to wherever.
Third, the proxy is pretty paranoid and meshed with an IDS, thus its able to detect that your unencrypted traffic probably isn't http related. Annoying, but no big deal. Let's encrypt it with SSH and do some port forwarding:
vnc client --> SSH client --> tunnel client --> company proxy --> tunnel server --> SSH server --> vnc server
Fourth, the proxy an MS proxy that has NTLM authentication. Ugh. That in itself keeps many products from being able to use the proxy out of the box. So let's layer yet another fix using NTLM APS to allow most any application to authenticate through an MS proxy like that:
vnc client --> SSH client --> tunnel client --> NTLM APS proxy --> company proxy --> tunnel server --> SSH server --> vnc server
Fifth, the company tries to maintain a list of home ISP IP ranges and outright blocks connections to those IPs. :/ Now I'm at a loss. I'd either have to find an SSH server that someone wouldn't mind me using that also isn't blocked, or I'd have to find an unblocked IP that somehow referenced my home PC.
Sixth, the company can randomly decide to check out what you're doing on your system via monitoring software, so even if you did get it to work, chances are you'd be spotted "attempting to bypass their elite security" eventually, assuming they don't detect your elevated amount of encrypted traffic to begin with.
Thus, I give up.
I wouldn't mind so much if their proxy wasn't awful. All kinds of coding communities that I would consult for advice on various projects are now blocked and the admins refuse to loosen the reigns even for specific sites that I give them. (rather, I should say that they simply don't respond to any messages) Frustrating.
First, the proxy is restricted to only allowing http / https connections. No problem. Just use an http tunnel:
vnc client --> tunnel client --> company proxy --> tunnel server --> vnc server
Second, the proxy is restricted to only allowing connections on ports 80 and 443. Well, no big deal there. Just have the tunnel server forward traffic from 443 to wherever.
Third, the proxy is pretty paranoid and meshed with an IDS, thus its able to detect that your unencrypted traffic probably isn't http related. Annoying, but no big deal. Let's encrypt it with SSH and do some port forwarding:
vnc client --> SSH client --> tunnel client --> company proxy --> tunnel server --> SSH server --> vnc server
Fourth, the proxy an MS proxy that has NTLM authentication. Ugh. That in itself keeps many products from being able to use the proxy out of the box. So let's layer yet another fix using NTLM APS to allow most any application to authenticate through an MS proxy like that:
vnc client --> SSH client --> tunnel client --> NTLM APS proxy --> company proxy --> tunnel server --> SSH server --> vnc server
Fifth, the company tries to maintain a list of home ISP IP ranges and outright blocks connections to those IPs. :/ Now I'm at a loss. I'd either have to find an SSH server that someone wouldn't mind me using that also isn't blocked, or I'd have to find an unblocked IP that somehow referenced my home PC.
Sixth, the company can randomly decide to check out what you're doing on your system via monitoring software, so even if you did get it to work, chances are you'd be spotted "attempting to bypass their elite security" eventually, assuming they don't detect your elevated amount of encrypted traffic to begin with.
Thus, I give up.
I wouldn't mind so much if their proxy wasn't awful. All kinds of coding communities that I would consult for advice on various projects are now blocked and the admins refuse to loosen the reigns even for specific sites that I give them. (rather, I should say that they simply don't respond to any messages) Frustrating.
Facebook
Twitter