Using Synergy Over a Non-Split Tunnel VPN

As with any good geek, I have multiple computers running at home. Going by the "DRY" (Don't Repeat Yourself) principle of software development, I preferred not to use multiple sets of keyboards and mice to control these machines. Enter Synergy.

Synergy is a clever piece of open source software. It uses the basic client-server paradigm to allow you to share one computer's keyboard and mouse across multiple computers over the network. The idea here is that the "server" computer has the keyboard and mouse physically connected to it, and the "client" machines simply connect to the "server" to get access to its keyboard and mouse. Simple, yet elegant.

I wanted to take this concept a step further. For my work machine, we have a non-split tunnel VPN. In lay terms, this means that, when I initiate a VPN connection to my work network, I lose all local connectivity on my laptop. In other words, my work laptop is no longer considered "local" to the other computers on my LAN. This is a bummer, because now I WOULDN'T be able to share my one set of keyboard/mouse between my personal laptop and my work laptop.

Through some port forwarding trickery, I was able to get Synergy to run on my personal laptop as well as on my work laptop whilst I was on VPN. How did I achieve this?

1. Establish a port forwarding rule from my router to my local machine for HTTP (which is TCP Port 80). In other words, if a machine from outside my network browses to the WAN address of my router from a web browser, it will redirect that traffic to my local machine.
2. Configure the Synergy "server" on my personal machine to run on Port 80.
3. (Optional) If you have IIS running, set your Default Website to run on another port (say, 81) or just stop it outright.
4. On the client machine (my work laptop while on VPN), the host name is the WAN address of my router. Go to Advanced Options and set the port to 80.
5. Start the Synergy server on my personal laptop. Start the Synergy client on my work laptop while on VPN. Presto.

So, let me explain my approach above. By default, Synergy runs on TCP port 24800, which is all fine and good for my local network (I can do whatever I please with regards to my router firewall, port forwarding, etc). However, that is not kosher for my work's firewall. In fact, my work's firewall blocks all outgoing traffic to "non-common" ports...we're extra stingy at my work, so the only "common" port defined is HTTP (port 80), since, well, that's kind of the backbone of the Internet, and they don't want to block out all Internet traffic.

TCP Port 80 is the only non-blocked TCP port I could use to connect Synergy from my work network (via non-split tunnel VPN) to my personal network, hence the setup above.

Of course, this little setup only works if it's not vital for you to actually publish web content on Port 80 for your local network...it personally isn't for me (that's what my web hosts are for!). If your work network's firewall rules are less stingy than mine, you can of course apply the same approach to any TCP port that isn't blocked.

Now, my only concern is that they don't outright block my local network's IP. I haven't WireSharked Synergy so I don't know how verbose the language is when publishing out the X and Y coordinates of your mouse, as well as action buttons from the mouse or keyboard (I can't imagine it to be TOO verbose), so hopefully it will not generate an exorbitant amount of traffic to warrant blocking.