Hotspot WiFi

Does anyone know how to do Hotspot WiFi from my own FTTC WiFi that will work anywhere in UK. I rather want to use my own hotspot wifi directly from my home FTTC wifi hotspot?

Any tips?

If this question is rather silly then MrSaffron can removed this thread,

Is the question you want to be able to access some files on your home network, when out and about anywhere in the UK?

OR

How can get access to WiFi networks when I am away from home across the UK?

First question, is all about VPN and remote file sharing.
Second question is down to whether your broadband or mobile provider offers HotSpot WiFi access, e.g. OpenZone for BT, Cloud for Sky.

In reply to a post by MrSaffron:

Is the question you want to be able to access some files on your home network, when out and about anywhere in the UK?

This!

Two choices really:

1. Router that can run as a VPN server and you VPN into the router using a VPN client and then you will appear the same as if on your home LAN. This is what businesses do.

2. A router like the Asus range that offer various cloud/remote access to files with username and password login protection (check it does work) and more aimed at the consumer arena.

Thanks Mrsaffron!

Or there are also things like the Western Digital MyBook devices that can be Internet accessible (they have their own file servers in them).

EDIT : Or WorldBook they might be called now.

Edited by ian72 (Thu 14-Aug-14 16:18:53)

In reply to a post by MrSaffron:

Is the question you want to be able to access some files on your home network, when out and about anywhere in the UK?

OR

How can get access to WiFi networks when I am away from home across the UK?

First question, is all about VPN and remote file sharing.
Second question is down to whether your broadband or mobile provider offers HotSpot WiFi access, e.g. OpenZone for BT, Cloud for Sky.

It should be noted, seeing as the OP specifically mentioned WiFi, that you also need the second question answer to enable the first.

(MrS, how did you decipher that one?)

PS A Fon router is probably the best all round solution , worldwide, for question 2.

Edited by deleted (Thu 14-Aug-14 16:29:47)

You don't need a VPN or any 'special' hardware to achieve what you want. An RDP link and having the correct ports forwarded in your router will allow access to you LAN from the web.
Or if you have an Android device or Apple device TeamViewer is the app you require, plus a solution to 'wake' the hardware remotely.

What you need:

1. WAN/ public IP address of your router (where a static IP makes things much easier).
2. Forward TCP port 3389 on your router.
3. Verify you're allowing RDP connections through your firewall.
4. Allow RDP connections on the local computer.
5. If the device within your LAN isn't 'always on' you'll need a way of waking it over the web. Search for 'wake on wan' or 'magic packets' for a suitable tool.

I uses this to connect from a Windows 8 Tablet to my server in the loft at home. I don't use it for file transfer, mainly due to my upload data throughput rate but, it will allow that too.

All the above assumes it's a Windows PC, with the applicable OS, you're attempting to access. Maybe assuming too much there...

Paul

Edited by deleted (Thu 14-Aug-14 16:30:37)

Interesting. Thanks you all.

I suggest that you take a look at TeamViewer and similar software.

I have TeamViewer running on all four PCs, with the smallest, the ASUS Netbook, being the mobile one taken on journeys, using normally airport, hotel-provided and on-coach WiFi to make contact with the other three.

W 7 - ASUS Netbook

W 7 - HP Laptop

W8.1 - New HP Tower

Ubuntu - Old HP Tower, previously XP


TV gives access to them in various ways, including onward access to the USB Port on the EE BrightBox Modem/Router.

I can both access and run files on the various PCs; transfer files between them, control and also have VPNs.

By definition of course, the other PCs as relevant have to be left powered up; or someone available to do so.
-----------------------

TeamViewer has also been useful when updating etc the Netbook at home. It presents the Netbook Screen at a larger scale on the larger controlling PC, saving eye-strain etc.

-----------------------

If you follow this path with TV or any of the other versions, I would strongly recommend that you install and experiment with it, at home, beforehand.

Also give each PC a clear-cut different identity, to make them easier to identify, eg the Netbook "belongs" to our two cats, the Laptop to my lady-wife; and are identified accordingly.

It has other facilities which I have not used, similar to SKYPE; and for demonstrating to other remote users.

Of course TeamViewer assumes you have the PC turned on, and as such is not much use for accessing a NAS or other device that TeamViewer or Remote Desktop don't run on.

Agreed, Andrew.

But there seems to be some uncertainty as to what asdlmax is trying to do; and youngsyp has put forward a somewhat similar suggestion to mine, including the need to have a local TeamViewer enabled device on and available.

I found the installation of TeamViewer over those four PCs relatively simple; and use it when travelling to extract data from our home Met Station, for onward transmission to Exeter, as and when appropriate.

Also, the appropriate parts of the OP's LAN would also have to powered up, so it seems likely that he may have a suitable PC to achieve the basic access; and that may already be active and available.

Alternatively, use a service like Dropbox to host a copy of your files on the internet.

In reply to a post by youngsyp:

What you need:

1. WAN/ public IP address of your router (where a static IP makes things much easier).
2. Forward TCP port 3389 on your router.

Possible, but every Tom, Chan and Sergei will then have a go at the open RDP port.

I have numerous port 3389 attacks every single day. It's closed on my firewall but attempting to connect to it will result in all traffic to the offending host being blocked even on ports which are normally open.

Another suggestion is to get a Raspberry Pi and set up an OpenVPN server on it and use that to connect through from the outside world. It can be left on all the time because of the low power consumption. You might even want to attach an external storage device to it for file sharing access.

In reply to a post by caffn8me:

Possible, but every Tom, Chan and Sergei will then have a go at the open RDP port.

I have numerous port 3389 attacks every single day. It's closed on my firewall but attempting to connect to it will result in all traffic to the offending host being blocked even on ports which are normally open.

Yes you're correct, it is possible, that's why I suggested it.

Re the attacks due to the open port; any potential hacker would need to know your public IP address and that your 3389 port is open along with deciding you have anything worth sifting through on you LAN. Quite unlikely in reality. If you have multiple attacks as you suggest, I'd suggest you have a much bigger issue to worry about!

Re TeamViewer; it does work very well as eckiedoo suggests. I use it from my Android tablet and Android phone if I don't have a device capable of RDP.

Having the target device powered up is really a non-issue. I never leave my server running, but use it in a 'on demand' fashion. I use a wake on WAN tool that I downloaded from the Windows store on my Win 8 tablet to wake the server as and when. Or an app called WOL - wake on LAN on my Android devices. Again, you will need to open up the an appropriate port on your router and enable WOL on the target's NIC but, it's extremely simple to do and you only need to do it once.

As has been suggested, we don't have a full understanding of what the OP is trying to achieve though.

Paul

Edited by deleted (Thu 14-Aug-14 22:35:00)

In reply to a post by youngsyp:

Re the attacks due to the open port; any potential hacker would need to know your public IP address and that your 3389 port is open along with deciding you have anything worth sifting through on you LAN. Quite unlikely in reality. If you have multiple attacks as you suggest, I'd suggest you have a much bigger issue to worry about!

3389, as a well known service port, is one of the ports probed as standard by network scanners.

An obvious solution is static NAPT on the router though, NAT say port 63389 externally to 3389 internally.

I neglected to mention, a stipulation of the access via RDP is a username and password and user specific access, to the target machine, needs to be granted. Yet more details a potential attacker would need to know...

Paul

If you want to access your files from anywhere. I second the advice already given. Get dropbox or Google drive.

Save your files to dropbox, let them upload. Then you can access them anywhere by logging in at www.dropbox.com or alternatively installing the dropbox software on all of your laptops, and get the dropbox app on any mobile devices such as iPads, iPhones, samsung galaxy phones etc.

Obviously you cannot save EVERYTHING to dropbox or google drive, as there are space restrictions. BUT you can save most of your key work etc.

In reply to a post by ukhardy07:

Obviously you cannot save EVERYTHING to dropbox or google drive, as there are space restrictions. BUT you can save most of your key work etc.

Microsoft OneDrive works in the same way, with 15GB free space (same as Google Drive) but if you have an Office 365 subscription each user gets 1TB free OneDrive space.

In reply to a post by youngsyp:

Re the attacks due to the open port; any potential hacker would need to know your public IP address and that your 3389 port is open along with deciding you have anything worth sifting through on you LAN. Quite unlikely in reality. If you have multiple attacks as you suggest, I'd suggest you have a much bigger issue to worry about!

The attacker doesn't need to know any address and it doesn't matter whether you are on a static or dynamic address. They just do an address space scan and see which addresses give any sort of response. Those which respond are then probed further with scans against commonly vulnerable services. Services which are identified as running are then targeted - often with brute force password attacks or traffic designed to exploit a specific vulnerability.

It all happens very, very quickly and entirely without human intervention. The traffic I have described is perfectly normal and has been for years. You may not see very much of it if whatever firewall system you use is too basic and doesn't have comprehensive reporting and logging.

I've run a static routed address block since 1999 when I first had a leased line installed at home. Since then I've run dedicated enterprise grade hardware firewalls configured for automatic IDS/IPS and Cisco routers.

I review the firewall and router configurations very regularly and make changes in response to new threats.

I'm fairly sure I don't have a huge amount to worry about. Not at the moment.

In reply to a post by youngsyp:

I neglected to mention, a stipulation of the access via RDP is a username and password and user specific access, to the target machine, needs to be granted. Yet more details a potential attacker would need to know...

Nice try, no banana.

As well as brute force password guessing with common usernames, vulnerabilities in the RDP protocol regularly surface. All it needs is for an attacker to exploit one of these before Microsnot has issued a patch.

If you're still running Windoze XP, and millions around the world still are, you probably won't get that patch any more.

See http://searchsecurity.techtarget.com/guides/Is-RDP-s...

Even operating systems at recent as 8.1 had vulnerabilities in RDP as recently as a few weeks ago; http://www.tripwire.com/state-of-security/vulnerabil...

In reply to a post by caffn8me:

It all happens very, very quickly and entirely without human intervention.

As if to prove the point, my firewall monitor shows that a few minutes ago there was an attempt to flood one of my mail servers with spam. Two separate computers - one in Thailand (203.156.91.231) and the other in Vietnam (123.18.254.37) were, between them, attempting to send spam one hundred and sixty times per second. The firewall's SMTP proxy blocked it all before it got to my mail server because of errors in the spammer's use of SMTP protocol. Had it not been stopped by the firewall, the mail server would have throttled it.

I would strongly suggest that at the very least, the port RDP runs on should be changed - as Ignitionnet says. Better still, if you know where you are going to be connecting from externally, see if you can configure firewall rules to allow access only from those locations.

Good for you, it sounds like you have everything in hand.

Paul

In reply to a post by caffn8me:

In reply to a post by caffn8me:

It all happens very, very quickly and entirely without human intervention.

As if to prove the point, my firewall monitor shows that a few minutes ago there was an attempt to flood one of my mail servers with spam. Two separate computers - one in Thailand (203.156.91.231) and the other in Vietnam (123.18.254.37) were, between them, attempting to send spam one hundred and sixty times per second. The firewall's SMTP proxy blocked it all before it got to my mail server because of errors in the spammer's use of SMTP protocol. Had it not been stopped by the firewall, the mail server would have throttled it.

My server runs IP space blocks, which helps the spam reject CPU load.

I would strongly suggest that at the very least, the port RDP runs on should be changed - as Ignitionnet says. Better still, if you know where you are going to be connecting from externally, see if you can configure firewall rules to allow access only from those locations.

Many modern Windows versions make it hard to change the RDP port actually on the box. I always advise friends to invest in a VPN router, and ensure they keep the router patched, and use VPN from their mobile device and then connect to their home PC or NAS server or whatever it is.

In reply to a post by jchamier:

My server runs IP space blocks, which helps the spam reject CPU load.

Good plan I have some IP ranges blocked too.

In reply to a post by jchamier:

Many modern Windows versions make it hard to change the RDP port actually on the box. I always advise friends to invest in a VPN router, and ensure they keep the router patched, and use VPN from their mobile device and then connect to their home PC or NAS server or whatever it is.

Always a good idea.