0

My problem seems very simple: I have a laptop that has close to no internal storage, but a home PC that has tons. I want to be able to use the HDs on my home PC (which are shared across the local network), remotely - just as if I were at home.

Of course, the catch is doing this securely and reliably. I've looked at VPN (specifically Hamachi/LogMeIn) which works great so long as my PC is on, but I can't connect to it in sleep mode. The internet says that I can either leave it on 24/7 or need to set up port forwarding to use Wake on LAN. But the whole point of using a VPN is security, and I would hate to throw that away by opening my ports. (DISCLAIMER: I have only a basic knowledge of how VPN works)

I just feel like there must be a better way, and have a hunch that if there is, someone on here will know it! I would prefer not having to purchase additional hardware, but if setting up an always on Raspberry Pi or something will save me headaches, I'm open to that.

Thank you in advance for your help.

Additional (possibly useful) information:

  • I'm running Windows 7
  • Comcast is my provider (I have one of those combo routers)
Kevin Panko
  • 7,346
  • 22
  • 44
  • 53
Nick
  • 23
  • 1
  • 3
  • 1
    Have you considered just installing Dropbox/Skydrive or similar on your home PC and then accessing your Dropbox account from your laptop via a browser without syncing the files to your laptop? Much easier and always available. – TheCleaner Apr 22 '14 at 14:59
  • Opening a single port isn't a security problem if that single port is to support a VPN server. Its only a problem if the VPN Server itself has an exploit. But what you want is not possible without a VPN Sevver. – Ramhound Apr 22 '14 at 15:17
  • If you want the computer to be able to answer 24/7 and you don't want to implement a remote wakeup solution due to fear of security, then leave it on all the time. Simple. :) – Ƭᴇcʜιᴇ007 Apr 22 '14 at 15:28
  • possible duplicate of [Remotely turning on or rebooting a frozen computer](http://superuser.com/questions/319859/remotely-turning-on-or-rebooting-a-frozen-computer) – Ƭᴇcʜιᴇ007 Apr 22 '14 at 15:29
  • @Ramhound, I think Nick is talking about VPN online services (Hamachi). So he shouldn't need an internal VPN server, nor its corresponding port opening. – Sopalajo de Arrierez Apr 22 '14 at 23:39
  • @techie007, I think there is no possible duplicate to that you refer. Anyway, it seems more clear now that I have reworded the title to better approach the content. – Sopalajo de Arrierez Apr 22 '14 at 23:49

1 Answers1

2

I don't think you should consider a security problem opening ports for Wake on LAN.
You only need to open (redirect to your sleeping computer) UDP port 9, what can not easily become a "door to enter your computer".

The rest of your method seems correct: any kind of VPN (OpenVPN, PPTP-VPN, Hamachi or whatever) for both computers, and you will have a somewhat acceptable security in your data transfers.

Sopalajo de Arrierez
  • 6,603
  • 11
  • 63
  • 97
  • Thank you for your answer. Could you elaborate on why opening port 9 wouldn't be a big vulnerability? Also, how secure are we talking? Like family photos secure or bank account numbers secure? – Nick Apr 22 '14 at 15:25
  • @Nick In the exceptional worst case someone would find a bug in the WoL implementation on your hardware and could gain full control of your computer, but that is also a risk that 'family photos secure' and 'bank account numbers secure' both have. A realistic worst case would be someone can turn on your computer when you didn't want it on, but even then that is very unlikely as long as you take the appropriate measures. Security is what you make it, not some pre-defined measure of 'family level secure' or 'bank secure'. – Adam Apr 22 '14 at 15:40
  • In fact, I can not think of a less dangerous port to open than 9TCP, @Adam: there is really no installed server listening on that port, just a hardware (ethernet card) waiting for a pattern on the RJ45 cable. – Sopalajo de Arrierez Apr 23 '14 at 00:27
  • @SopalajodeArrierez It would be 9UDP, not TCP. I was thinking more of a hardware level exploit where someone could craft a packet that could cause the hardware to fail, but the chances of that are slim to none. – Adam Apr 23 '14 at 15:02
  • Upss.... you are right, @Adam, sorry. I can not correct it now, as long as the 5 minutes edit has gone. And I think you are right too: only a denial of service (hang the affected computer) appears like possible attack in a first glance. Never so dangerous as a complete intrussion attack. – Sopalajo de Arrierez Apr 23 '14 at 15:05