Synergy is a clever piece of open source software. It uses the basic client-server paradigm to allow you to share one computer's keyboard and mouse across multiple computers over the network. The idea here is that the "server" computer has the keyboard and mouse physically connected to it, and the "client" machines simply connect to the "server" to get access to its keyboard and mouse. Simple, yet elegant.
I wanted to take this concept a step further. For my work machine, we have a non-split tunnel VPN. In lay terms, this means that, when I initiate a VPN connection to my work network, I lose all local connectivity on my laptop. In other words, my work laptop is no longer considered "local" to the other computers on my LAN. This is a bummer, because now I WOULDN'T be able to share my one set of keyboard/mouse between my personal laptop and my work laptop.
Through some port forwarding trickery, I was able to get Synergy to run on my personal laptop as well as on my work laptop whilst I was on VPN. How did I achieve this?
- Establish a port forwarding rule from my router to my local machine for HTTP (which is TCP Port 80). In other words, if a machine from outside my network browses to the WAN address of my router from a web browser, it will redirect that traffic to my local machine.
- Configure the Synergy "server" on my personal machine to run on Port 80.
- (Optional) If you have IIS running, set your Default Website to run on another port (say, 81) or just stop it outright.
- On the client machine (my work laptop while on VPN), the host name is the WAN address of my router. Go to Advanced Options and set the port to 80.
- Start the Synergy server on my personal laptop. Start the Synergy client on my work laptop while on VPN. Presto.
TCP Port 80 is the only non-blocked TCP port I could use to connect Synergy from my work network (via non-split tunnel VPN) to my personal network, hence the setup above.
Of course, this little setup only works if it's not vital for you to actually publish web content on Port 80 for your local network...it personally isn't for me (that's what my web hosts are for!). If your work network's firewall rules are less stingy than mine, you can of course apply the same approach to any TCP port that isn't blocked.
Now, my only concern is that they don't outright block my local network's IP. I haven't WireSharked Synergy so I don't know how verbose the language is when publishing out the X and Y coordinates of your mouse, as well as action buttons from the mouse or keyboard (I can't imagine it to be TOO verbose), so hopefully it will not generate an exorbitant amount of traffic to warrant blocking.
28 comments:
Hi Eric,
I'm in a similar situation myself only, I'm not limited (I think) by what port number I can use etc. I was hoping for some help/advice...
Here's my situation:
I have two computers, one which connects to the internet via a "non-split tunnel" VPN, and another computer which connects to the internet normally. Both are connected to my router via ethernet.
Synergy works perfectly on both systems when I'm *not* connected to the VPN, but as soon as I connect the VPN... bye bye synergy.
The computer which connects via VPN runs the Synergy server, and the computer which connects to the internet normally is a Synergy client.
I've tried using your method, but I'm struggling, in fact I'm not even sure if it will/can work!
Any help is much appreciated.
Hi VPN User,
It looks like you're using the inversion of the method I'm using -- that is, the Synergy Server runs on the machine that VPN's into your work network, whilst the Synergy client machine is your home machine that tries to connect to it.
I'd recommend doing a switcheroo here. Physically connect your keyboard and mouse to your home machine (that one that doesn't VPN). Then, setup a port forwarding rule on your home router to forward requests for a port number to your home machine. My example uses Port 80, aka the HTTP port, but it sounds like your work doesn't block "unusual" port numbers, so go ahead and use whatever port you like. Fallback to Port 80 if all else fails.
Also, run Synergy Server on your home machine. In Advanced Settings, have it run on the same port you configured in your router above.
Meanwhile, on your work machine, VPN in as always, but instead, run Synergy Client on this machine. When it asks for what Synergy Server to connect to, point it to the WAN address of your home Internet connection, and use the port for which you setup the forwarding rule. This should do the trick for you.
Good luck and let me know how it goes!
- E
Btw, if your router supports it, I'd recommend signing up to get a dynamic DNS name on http://www.dyndns.org and hooking your home router up to it. This removes the hassle of finding out if your ISP changed the WAN IP address of your router or not. (i.e. instead of connecting to an IP address on your work laptop, you'd connect to a domain name like vpnuser.dyndns.org)
Routers that have dyndns capability automatically update dyndns.org with the WAN IP address of your router if it changes.
Hi Eric,
I really appreciate the quick response, thanks.
One thing I didn't make clear is that these computers are less than three feet apart! ...As I work from home both computers are in my office, and are both connected to the same router. One comp for business use, and one for personal use.
I use the VPN on my personal comp mainly to protect my privacy (as oppose to connecting to a work network etc. like you do).
My particular VPN package closes the standard internet connection once a VPN connection has been established, for security reasons I presume. I think this is where synergy fails, as normally it connects the comps together via their LAN(?) addresses i.e: 192.168.2.2 (running synergy server) connects to 192.168.2.3 (running synergy client.)
Does this change anything? Should I be approaching this differently? I have considered a KVM, but I wanted to give a software based method a good go first.
Thanks!
Hi Eric,
Just a quick update:
The issue must of been with the (rather buggy) Synergy software, as I've switched to a far superior input sharing software called "Mouse without Borders" - it's an awesome program, and has no compatibility issues with my VPN at all. Everything works perfectly.
Thanks for your help.
Hi VPN user,
Glad you found another alternative! To answer your prior question though, yes, the issue is when you go to VPN, you cannot connect using your local addresses anymore (192.168.x.x), as you are technically on another network when you hop onto VPN.
From your VPN machine, you'd need to connect to your home Synergy Server using your router's WAN address, that is, the Internet Address of your cable modem, and not the local IP address as if you were still on locally.
Synergy's shortcoming has always been its user-friendliness, I'm afraid. Nevertheless, glad to see you got Mouse Without Borders up and running -- I'll have to check that piece of software out!
- E
Hey Eric,
FIrst off, thank you so much for this post! This definitely pointed me in the right direction. I'm definitely a novice when it comes to networking. I tried your suggestion and was struggling because Synergy kept giving me the following error:
FATAL: failed to start server: cannot bind address: Permission denied.
I don't know where in the system this is defined, but apparently on my Mac running Lion (contrary to Windows), you cannot bind a non-root process such as Synergy to port 80 (or any of those standard ports under a certain number). So I spent forever trying to figure out how to redirect port 80 to 24800 using pf.conf, but that was way beyond my knowledge. So eventually I found a port that was standard (so my VPN allowed me to send a request out on it) that Mac OS X Lion lets you bind Synergy to: 3389. I hope this didn't open up some massive security hole, but I was pretty excited I figured this out (with your help, of course).
Thanks!
Nick
Hey Eric,
FIrst off, thank you so much for this post! This definitely pointed me in the right direction. I'm definitely a novice when it comes to networking. I tried your suggestion and was struggling because Synergy kept giving me the following error:
FATAL: failed to start server: cannot bind address: Permission denied.
I don't know where in the system this is defined, but apparently on my Mac running Lion (contrary to Windows), you cannot bind a non-root process such as Synergy to port 80 (or any of those standard ports under a certain number). So I spent forever trying to figure out how to redirect port 80 to 24800 using pf.conf, but that was way beyond my knowledge. So eventually I found a port that was standard (so my VPN allowed me to send a request out on it) that Mac OS X Lion lets you bind Synergy to: 3389. I hope this didn't open up some massive security hole, but I was pretty excited I figured this out (with your help, of course).
Thanks!
Nick
@Eric,
How do you feel about the fact that Synergy is not encrypting anything? Isn't this a huge loophole since you're passing the datastream through the VPN all the way through the net and back to the LAN?
I have a similar situation with a non-split-tunnel disallowing me to use Synergy between my work and my own test PC both here on my LAN. While I really think I could make your fix work, I hesitate because of the security issue.... or am I all wrong?
Hi guys, my apologies for the late reply to your comments!
Nick: Good to hear I was able to point you in the right direction. My troubleshooting skills for a Mac are virtually non-existent, so I'm glad you were able to sort it out!
Darrel: You're absolutely correct that we'd be basically bypassing the secure VPN channel over an unsecure port (HTTP) to access the Synergy server on the home LAN. In terms of that being a vulnerability, yes, I suppose someone with nefarious intent could sneak in a file using the shared clipboard or worse yet, actually log your keystrokes when you navigate off to the client from the server...it'd be slightly difficult, as they'd basically have to watch ALL outgoing HTTP traffic from the an endpoint and just single out Synergy traffic. A very good point you bring up, one for which I unfortunately do not have a solution, and it's definitely worth exploring further!
Thank you so much. I was so annoyed that I had to manually switch my kb/mouse when going between my personal and work laptops. Still works like a charm. I had to use a different port though, since OS X doesn't seem to allow you to bind to port 80.
This was brilliant. I don't have a problem with the default port, but it never occurred to me to use my WAN side address and port forward to the server!
I have to give another plug for the Microsoft option. Works flawlessly even with another computer on a VPN tunnel.
Microsoft Garage Mouse without Borders
http://www.microsoft.com/en-us/download/details.aspx?id=35460
Not sure what kind of VPN my company uses but I'm totally screwed now. Nothing works... I've tried everything. My favorite was Microsoft's Garage Mouse without borders. I even went as far as buying Synergy but even when I use the IP and port 80... nothing connects.
I'm in the same position as mokumax. The vpn at my new company defeats the Internet trick. MwoB doesn't work either. I'm only willing to jump through so many hoops in the name of convenience, plus I doubt my company would appreciate me defeating their security.
For me...Mouse Without Borders did not work...tried numerous configurations....I DID get Synergy SSL to work by:
- Setting up my server (personal workstation) to use the default port (24800)
- Used DDNS to setup my server's name (I used noip.com)
- Setup port forwarding in my router to forward 443 to 24800
- Setup my client to point at the DDNS name and setting it up on port 443.
I did have some issues reconfiguring this while connected to my work vpn. BUT, I disconnected from the VPN, reconnected via SSL and was prompted to accept the key from my server. I accepted the key and then synergy worked. It continued to work after I re-connected to my vpn.
Liam, Did you make the machine on your work vpn the synergy server or client?
Hi, Great.. Tutorial is just awesome..It is really helpful for a newbie like me..
I am a regular follower of your blog. Really very informative post you shared here.
Kindly keep blogging. If anyone wants to become a Front end developer learn from Javascript Training in Chennai .
or Javascript Training in Chennai.
Nowadays JavaScript has tons of job opportunities on various vertical industry. ES6 Training in Chennai
I appreciate that you produced this wonderful article to help us get more knowledge about this topic.
I know, it is not an easy task to write such a big article in one day, I've tried that and I've failed. But, here you are, trying the big task and finishing it off and getting good comments and ratings. That is one hell of a job done!
Selenium training in bangalore
Selenium training in Chennai
Selenium training in Bangalore
Selenium training in Pune
Selenium Online training
For Data science training in bangalore, Visit:
Data Science training in bangalore
For Blockchain training in bangalore, Visit:
Blockchain training in bangalore
For Devops training in bangalore
Good Post! Thank you so much for sharing this pretty post, it was so good
to read and useful to improve my knowledge as updated one, keep to sharing this blog...
android training in chennai
android online training in chennai
android training in bangalore
android training in hyderabad
android Training in coimbatore
android training
android online training
Thankyou for the valuable content.It was really helpful in understanding the concept.50 High Quality Backlinks for just 50 INR
2000 Backlink at cheapest
5000 Backlink at cheapest
Boost DA upto 15+ at cheapest
Boost DA upto 25+ at cheapest
Nice content, Keep it up. Thanks for sharing.
https://realcracks.org/
Post a Comment