Community discussions

MikroTik App
 
User avatar
Andrew162
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 64
Joined: Thu Mar 25, 2021 9:40 am

I hawe a VNC RDP Dream

Fri Oct 28, 2022 3:01 pm

Hello Mikrotik
I hawe a dream that Mikrotik got feature like Fortigate VPN WEB connectivity

In simple (After before propebly configured Mikrotik)
User can access via other computer WEB browser to WAN IP ( or DDNS) to his mikrotik and login using credentials from system->users /or new settings for that.
Then User will see extra buttom (even console)
Image
Then user can connect via chosing specyfic protocol to connect devices inside that network.
Fortigate got that solution. The CPU is demanding even for medium class fortigate. Can connect arround 20users or arround 100-150 on high model
With medium mikrotik Hap ac2 (for example) its should hold 1-2 users easily (im gessing)
This is how its look in configuration on Fortigate systems
Image

What do you think ? :)
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: I hawe a VNC RDP Dream

Fri Oct 28, 2022 6:25 pm

I don't know the Fortigate thing, but does it work all in browser? Something like console in iLO? If so, it seems highly unlikely that MikroTik would add it, because it would require to have all RDP/VNC/whatever code in router, it's too far from RouterOS is. But it should be possible to do it using containers, if you find some existing thing or create it yourself.
 
User avatar
bpwl
Forum Guru
Forum Guru
Posts: 2983
Joined: Mon Apr 08, 2019 1:16 am

Re: I hawe a VNC RDP Dream

Fri Oct 28, 2022 7:31 pm

Fortigate SSL/VPN solution is my favorite since long (y2000 as I remember). Used when we had too many problems with IPsec for mobile workers in hotels.

Don't forget that you need the Fortigate client, to intercept and forward the packets in the SSL/VPN tunnel. But the setup is indeed via a web interface.
The service is VPN, there is no RDP/VNC/whatever code in the Fortigate. Any IP service can be used as with any other tunnel.
The Fortigate will present named authorised services (like RDP per server) or network connect, in an authentication based menu.

SSH-tunnel looks as something similar to this SSL/VPN, for the VPN tunnel.
See wiki and Forum for SSH tunnel on MT (wiki and Help are more a command reference, not a guide)
So this looks interesting to me: https://www.youtube.com/watch?v=0QdwjRVQXQU "SSH Tunnel Forwarding - MIKROTIK TUTORIAL [ENG SUB]"
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19103
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: I hawe a VNC RDP Dream

Fri Oct 28, 2022 7:43 pm

HI bpwl, when would I use SSH tunnel vice wireguard ???
 
johnson73
Member Candidate
Member Candidate
Posts: 174
Joined: Wed Feb 05, 2020 10:07 am

Re: I hawe a VNC RDP Dream

Fri Oct 28, 2022 7:57 pm

You want to start Mikrotik something like Fortigate web access, just to access the Wan interface? I have never seen such an interface on a mikrotik. I use Fortigate at work and have multiple branch connections available. If I need to access the Mikroik interface, I connect to it through Winbox, where the "allowed address list" is defined. And we get to everything nicely, no problems.
Why can't you connect with vpn ipsec (or create tunnel mode) to Mikrotik? It doesn't work for you?
 
User avatar
bpwl
Forum Guru
Forum Guru
Posts: 2983
Joined: Mon Apr 08, 2019 1:16 am

Re: I hawe a VNC RDP Dream

Fri Oct 28, 2022 8:44 pm

HI bpwl, when would I use SSH tunnel vice wireguard ???
Don't know. No experience with SSH VPN or Wireguard.
Most of my MT are still ROS6. So availability is one issue.
For the rest a full tunnel would only be used when between trusted environments, without NAT if possible.
SSH Tunnel forwards only the defined ports of the PC, looks more secure, e.g. from a public PC. But yes one could deny all except some specific connections over the VPN.
Service providers (managing heating, airco, ticketing system, printers, remote application support, even Microsoft support ...) only got predefined FortiGate connections in company networks.

But now I only manage private networks under my full control. The remote hEX's, and my mAP Lite make a tunnel to my home gateway (VPN Hub).
No need for the SSH tunnel so far, anyway the remote networks do not accept any incoming connection.
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: I hawe a VNC RDP Dream

Fri Oct 28, 2022 9:33 pm

The service is VPN, there is no RDP/VNC/whatever code in the Fortigate.
I found this video:

https://www.youtube.com/watch?v=p8AirTCbLKQ

and it looks like RDP is in browser (at 12:30). But I admit that I just skimmed through the whole thing.
 
User avatar
Andrew162
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 64
Joined: Thu Mar 25, 2021 9:40 am

Re: I hawe a VNC RDP Dream

Sat Oct 29, 2022 12:00 am

I don't know the Fortigate thing, but does it work all in browser? Something like console in iLO? If so, it seems highly unlikely that MikroTik would add it, because it would require to have all RDP/VNC/whatever code in router, it's too far from RouterOS is. But it should be possible to do it using containers, if you find some existing thing or create it yourself.
Yea its all work via Web Browser
So .. in my example i will be abble to connect to my Computer more save and even From phone Galaxy using DEX , or from any place in the world without installing any aditional software.

Yea.. the Container could make the job.. but they dont work too stable
i was trying to test somethink on my mikrotik and backup everythink .. test and back to config but Pihole wont start anymore :( . everythink look same . but for some reason....
Anyway my rb3011uias reach his limit and cant even reach no more my internet speed 1Gb/s cpu go 100% on speed test with 500-700Mb
Mikrotik support told me that my config its complicated so its dont look like bug in config
but anyway i try search more cool features in :)
Like Mario music playing during startup after restart :P
 
User avatar
bpwl
Forum Guru
Forum Guru
Posts: 2983
Joined: Mon Apr 08, 2019 1:16 am

Re: I hawe a VNC RDP Dream

Sat Oct 29, 2022 12:23 am

This is not a Fortinet or Windows forum, but as there seems to be confusion:

- RDP is Remote Desktop Protocol, aka Terminal Server application of WIndows server and PC (for PC managers only), for a terminal access to that Windows computer. It runs as an independent Windows graphics session (not like VNC screen capture of the main windows session). It uses port 3389 as standard. For many simultaneous users extra "Windows Terminal Server" licenses are required. Main competing protocol was Citrix.
- Fortigate, like any other FW can define service RDP as port 3389 and do port forwarding (and some security filtering, like deny RDP file transfer, if wanted) for that port.
- Fortigate SSL/VPN service has a very usefull graphic web-interface that will guide the user to the proper RDP server session, hiding all the port forwarding stuff.
- The RDP client is in any Windows PC "run mstsc", and probably many other OSes. The webbrowser version of the RDP client has always existed (tsweb), and can be loaded and run in the browser. Newer versions also exist. eg "Remote Desktop Web Connection"
- RDP server may exist for other OSes, but I have not seen it in FortiOS.

https://www.fortinet.com/resources/cybe ... p-protocol
https://community.fortinet.com/t5/Forti ... a-p/197732
https://learn.microsoft.com/en-us/windo ... connection
https://www.parallels.com/blogs/ras/win ... dp-client/
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: I hawe a VNC RDP Dream

Sat Oct 29, 2022 1:04 am

Oops, the in-browser RDP client is the thing I missed. If it exists, then sure, nothing complicated would be needed on router.
 
kryztoval
newbie
Posts: 27
Joined: Tue Sep 07, 2021 10:46 pm

Re: I hawe a VNC RDP Dream

Fri Jan 27, 2023 2:35 pm

This used to be a really silly thing, but way back when Windows Server was a thing there used to be a thing called Microsoft Terminal Services Client (mstsc) which if you run right now from your computer will launch the remote desktop client.

But here is the kicker, there was a Web implementation made by microsoft that is called webrdp or Web Remote Desktop client.

Microsoft says: "The Remote Desktop web client lets you use a compatible web browser to access your organization's remote resources (apps and desktops) published to you by your admin. You'll be able to interact with the remote apps and desktops like you would with a local PC no matter where you are, without having to switch to a different desktop PC. Once your admin sets up your remote resources, all you need are your domain, user name, password, the URL your admin sent you, and a supported web browser, and you're good to go."

If you have a VPN set up between your device and your network (via a mikrotik or otherwise) you can put an ip and get routed to your webrdp iis instance and from then log in using your domain credentials and access the remote desktop from any compatible browser. Back then I tried it in Chrome and Safari (mobile) and from linux and it worked quite well.

This does required you to have a license per user on the windows server, a domain controller, an iis server, and the Web Remote Desktop Client configured in the iis server using your domain controller authentication.

You can read more about it here

Who is online

Users browsing this forum: Amazon [Bot], CGGXANNX, iustin, sgiglio and 93 guests