Using Apple Remote Desktop over the internet

Discussion in 'Mac OS X Server, Xserve, and Networking' started by Astro7x, Jun 22, 2012.

  1. Astro7x macrumors regular

    Mar 3, 2010
    So I recently purchased Apple Remote Desktop, and it works great on our companies local network! I am having major difficulties getting it to work outside of our network if we need to access a computer from home.

    There are two related but different issues here.

    First... I tested this thing out by going from my business to my home computer. I forwarded the ports, set up Remote Management at home. On the ARD end at work I type in my home IP address, enter an Admin UN/PW, and it works! Wonderful! Except that I have two computers at home, and it's only letting me connect to one of them. That being the computer I set up the port forwarding for on the router. So how the heck can I use Apple Remote Desktop to basically show me all the computers on my network at home, and then screen share into whatever one I want?

    Second... I went home and tried this out the opposite way. Forwarded the ports on the router at worked, picked a computer I wanted to share, set the remote management settings. Installed ARD at home, typed in the work IP address, saw the computer on the list, entered the Admin UN/PW to connect, and.... nothing. It wouldn't verify the username/password and wouldn't let me connect to my computer. So what am I doing wrong that I did everything identically but still can't connect to the computer?

    Basically my goal is to give ARD to a couple of our employees that need to remote in, have them install it on their home computers, and connect to their local machine at work for when they need to. We don't have any crazy firewalls or anything going on, so I am not sure what is preventing me from getting this to work.
  2. codeus macrumors newbie

    Dec 24, 2008
    The reason you can't access more than one PC is because you are using port forwarding to push all ARD traffic to a specific PC. This is ok for PC1 but if you want to connect to PC2 there is no way that can happen as your router is diligently forwarding all ARD traffic to PC1.

    VPN is the key. Once you connect via VPN, there is a (pseudo) LAN connection to your office, no NAT, no Port-forwarding, all ports are available to all computers. Your router may have a VPN function built in, if not, I would suggest you buy one that does (small SOHO ones start out pretty cheap).

    Set up a simple VPN (eg. PPTP which doesnt require any server-based authentication shenanigans and is supported by Mac) and add the staff you want to connect remotely as users.

    On their client computers, open System Preferences > Network and add a PPTP VPN connection with your office IP and their details you set on the router.

    There is still one caveat though, the VPN clients will (most likely) not be on the same subnet as your office LAN so the scanner feature will not work, nor will wake commands. But, provided you know the IP addresses (and they are static) of the computers you want to connect to, you can still add them manually to ARD via IP.

    If your employees are on PC rather than Mac, I would recommend shrewsoft vpn, it's free and works great.

  3. davidroger621 macrumors newbie

    Aug 22, 2013
    You may try using various remote support tools like logmein, on premise RHUB or Bomgar remote support appliances etc. for remotely accessing computers.
  4. Titanium81 macrumors 6502a


    Jun 23, 2011
    TeamViewer works GREAT too!
  5. jmichael99 macrumors member

    Aug 15, 2012

    Please correct me if i am wrong on this one.

    Teamviewer will not allow you to log on without letting the client know?

    Meaning, i want to log onto an employees computer to watch what he is doing i can't because team view gives a popup on the upper right that says someone is logged in.

    i believe apples remote desktop allows you to log on in stealth so the client never knows
  6. mire3212 macrumors newbie

    May 28, 2010
    Austin, TX
    Hey Astro,

    A feature that is provided with ARD is the ability to change the VNC and ARD port used to connect to a client machine with. As pointed out earlier in the post, if you forward 5900 and 5283 to a single client, only that one machine can be accessed remotely.

    VPN is the ideal solution as it not only provides unrelenting access to your entire network, it doe so securely.

    Tools such as LogMein or iTeleport etc are great and require little setup.

    There is another way...

    Configure your port forwarding to also include ports 5901/5284 and point that to machine 2, then 5902/5284 to point to machine 3 etc.... You can choose 'Get Info' on a connection in ARD to be able to modify the port numbers that it's going to connect with to allow you to choose which machine to connect with.

    Ultimately ARD is not really meant for over-the-internet machine access, but can be fudged to do so.
  7. mmomega macrumors demi-god


    Dec 30, 2009
    DFW, TX
    You can setup TeamViewer to allow you to control the remote PC without needing permission.
    You just have to setup the free account. Then when you install TeamViewer on the "client" computer you enter a password that allows it to be controlled. You can then "Add this computer" to your team viewer account.

    Attached Files:

Share This Page