Making a call out in port 3389 (RDP port)

[Seanbg]

Hello everyone a quick background.

 

I am currently a student and have recently moved out of my parents house where I had full access to the router and its settings where I enabled port forwarding from ‘X’ to 3389 so when I connected to the public IP with the ‘X’ port it was able to forward that port to 3389 (I did this for security so it didn’t use the default RDP port even though you either need admin credentials or be part of the Remote Desktop user group with their credentials but even so it’s good to have multiple layers of defence. Having said that if you have any suggested improvements please do say so I love to learn).

 

on to my problem, now that I have moved I have moved in to student accommodations with a firewall that blocks RDP connections and since I don’t even have access to the closest layer 3 device never mind the firewall (assuming it is physical) I cannot use the old method of requesting a connection. So I assume the firewall only blocks out incoming traffic not outgoing (I may be wrong is there any way to check this without breaking TOS?) so I would like to have my Desktop have a call out for a RDP connection to connect to? I have no idea how to do this so was hoping for a little help. 

 

i know the firewall is Linux based (don’t ask how I know) if that helps at all.

 

and before anyone says yes I could absolutely use tools like teamviewer and similar but where is the fun in that plus I would really like to get this working.

 

thank you very much in advance.

 

ps. Sorry if what I wrote is hard to understand not the best at explaining myself. 

[Seanbg]

After thought, if there was a way to connect the RDP protocol through port 443 that won’t be blocked by the firewall. Again not sure how to do that but it is an after thought. 

[cole0622]

If you have access to a router outside your network (parents?) you might be able to setup a vpn to there using open vpn and the connection would be made internet > parents house > openvpn > server

[Akolyte]

19 hours ago, Seanbg said:

After thought, if there was a way to connect the RDP protocol through port 443 that won’t be blocked by the firewall. Again not sure how to do that but it is an after thought. 

Yep, you can change the port RDP listens to: Doc on Microsoft

 

The only issue, is I'm not sure how your issue connecting using RDP actually has anything to do with RDP?  You should be able to just rdsserver:443?   

 

OpenVPN is always an option, but I guarantee they'd block that too. My advice for your situation would be to try out SoftEther Azure (routing through MS Azure) if you would like to host a component yourself, but ideally ZeroTier. 

 

ZeroTier is esspecially good because it will come up as another interface, is easy to manage, free, open source and can bypass pretty much any firewall. 

 

If you need any help to set up any of these just hit me up anytime. 

 

Hope this helps man. 

[Seanbg]

11 minutes ago, Akolyte said:

Yep, you can change the port RDP listens to: Doc on Microsoft

 

The only issue, is I'm not sure how your issue connecting using RDP actually has anything to do with RDP?  You should be able to just rdsserver:443?   

 

OpenVPN is always an option, but I guarantee they'd block that too. My advice for your situation would be to try out SoftEther Azure (routing through MS Azure) if you would like to host a component yourself, but ideally ZeroTier. 

 

ZeroTier is esspecially good because it will come up as another interface, is easy to manage, free, open source and can bypass pretty much any firewall. 

 

If you need any help to set up any of these just hit me up anytime. 

 

Hope this helps man. 

Thank you very much I’ll try this tomorrow when I have some free time. Great to know there are multiple options going to try all of them thank you so much for the support. 
 

I’ll let you know how I get on.

[Akolyte]

1 minute ago, Seanbg said:

Thank you very much I’ll try this tomorrow when I have some free time. Great to know there are multiple options going to try all of them thank you so much for the support. 
 

I’ll let you know how I get on.

Yeah mate, just gimme a ping if you need anything.  I think my Discord is in my profile or my Steam, use them as I can't see LTT notifications. 

[Seanbg]

4 minutes ago, Akolyte said:

Yeah mate, just gimme a ping if you need anything.  I think my Discord is in my profile or my Steam, use them as I can't see LTT notifications. 

Cool will do 

 

as for the reserved:port number I believe that doesn’t work is because the port is either closed or the firewall blocks untrusted traffic on that port. (For instance I know the company staff’s IT team use teamviewer for remote access even though they have a basic ADDS setup). And also the way I was using it before was via the public IP:port number and the router forwarded the port to 3389 where the DNS query on the router I believe resolved it to my PC which allowed RD connections.

[Seanbg]

4 hours ago, cole0622 said:

If you have access to a router outside your network (parents?) you might be able to setup a vpn to there using open vpn and the connection would be made internet > parents house > openvpn > server

Sorry probably didn’t explain good enough, I love in a place where I connect to the closest WAP and that’s it. I only have very limited access as to what I can do and none of them are adminy stuff. I also have to manually add the MAC address for each device I am using (which I don’t understand as even a basic CAM table holds the MAC address as soon as it is connected but hey ho I don’t make the rules)

 

I will try openVPN I haven’t personally heard of it before but I’ll try every possible solution even if my first works. 

[Akolyte]

3 minutes ago, Seanbg said:

Sorry probably didn’t explain good enough, I love in a place where I connect to the closest WAP and that’s it. I only have very limited access as to what I can do and none of them are adminy stuff. I also have to manually add the MAC address for each device I am using (which I don’t understand as even a basic CAM table holds the MAC address as soon as it is connected but hey ho I don’t make the rules)

 

I will try openVPN I haven’t personally heard of it before but I’ll try every possible solution even if my first works. 

No worries, I think I understand what you mean. 

 

OpenVPN is worth a shot, but I think it will be blocked. Keep in mind with any of these, especially OpenVPN might raise some red flags to the sysadmin. 

[cole0622]

4 minutes ago, Akolyte said:

No worries, I think I understand what you mean. 

 

OpenVPN is worth a shot, but I think it will be blocked. Keep in mind with any of these, especially OpenVPN might raise some red flags to the sysadmin. 

that is true

 

11 minutes ago, Seanbg said:

Sorry probably didn’t explain good enough, I love in a place where I connect to the closest WAP and that’s it. I only have very limited access as to what I can do and none of them are adminy stuff. I also have to manually add the MAC address for each device I am using (which I don’t understand as even a basic CAM table holds the MAC address as soon as it is connected but hey ho I don’t make the rules)

 

I will try openVPN I haven’t personally heard of it before but I’ll try every possible solution even if my first works. 

interesting I was thinking inbound not outbound like you said in which case you would want to vpn to the remote site (parents house) and if that's where you want to go then you could do. you > openvpn > parents house > rdp server. with pfsense you can make an openvpn server

[Seanbg]

2 minutes ago, Akolyte said:

No worries, I think I understand what you mean. 

 

OpenVPN is worth a shot, but I think it will be blocked. Keep in mind with any of these, especially OpenVPN might raise some red flags to the sysadmin. 

Yeah I know I do know they have monitoring software but I'll deal with that if it comes to that. I am not using it for anything malicious and if they ask me to stop it I will and just find another way round it

[Seanbg]

m

[Akolyte]

1 minute ago, Seanbg said:

Yeah I know I do know they have monitoring software but I'll deal with that if it comes to that. I am not using it for anything malicious and if they ask me to stop it I will and just find another way round it

Yep, that's where it comes into then using VPN Relays, and different protocols to connect. SoftEther Azure Project as an example. 

 

1 minute ago, Seanbg said:

#

When Microsoft updates their operating system but not their documentation

Why not try and use AnyDesk TCP-Tunneling? I just answered a post where someone was thinking about using it.  No way it could possibly be blocked by the firewall unless your admins are paranoid psychos. https://support.anydesk.com/TCP-Tunneling

 

Just tunnel it directly from your home PC 3389, to your current PC 2912 or whatever. 

[Seanbg]

50 minutes ago, Akolyte said:

Yep, that's where it comes into then using VPN Relays, and different protocols to connect. SoftEther Azure Project as an example. 

 

Why not try and use AnyDesk TCP-Tunneling? I just answered a post where someone was thinking about using it.  No way it could possibly be blocked by the firewall unless your admins are paranoid psychos. https://support.anydesk.com/TCP-Tunneling

 

Just tunnel it directly from your home PC 3389, to your current PC 2912 or whatever. 

oh no I was just being stupid I found the port number change