How to configure router 'port forwarding rule' to remotely access my vSpace Pro server in the office from home, with L-series, RX300 or LEAF OS devices?

How to configure router 'port forwarding rule' to remotely access my vSpace Pro server in the office from home, with L-series, RX300 or LEAF OS devices?

Customers who deploy vSpace Pro servers can access their user sessions remotely via the router port forwarding method. However, this approach can result in security vulnerabilities (port 27605 forwarding) and should be the last option if the customer does not have a VPN infrastructure. The admin should re-enforce a strong password set for accounts to help mitigate security vulnerability.

Port forwarding maps the port on your router’s IP address (your public IP) to the port and IP address of the vSpace Pro server you want to access. The port forwarding rule intercepts the data traffic heading to your company’s router public IP address and redirects it to the internal vSpace Pro server IP address. This allows NComputing thin clients in a public network to connect to the vSpace Pro server in the private network. 

Typically your ISP uses Network Address Translation (NAT) to provide Internet connectivity through your router. Configuration changes to your router are usually required to enable the Port Forwarding option.



Before you start, there are a few careful considerations for WAN access of your deployed vSpace Pro servers:
  1. We strongly encourage you to review this KB article “L-series, RX Series: Can a Deployment happen over Wide Area Networks (WAN)” to understand the critical elements that will be at play and carry significant implications for a WAN or cross subnet deployment.
  2. We encourage you to test.  Please note that vSpace protocol (UXP) is designed and optimized for the LAN environment. If you use L-series (unlike RX-series, vSpace Pro Client or LEAF OS which support vCAST streaming for videos) or shared Wi-Fi connections with many other home devices, the vSpace session may experience significant delay or temporarily screen freeze.
  3. Also please keep in mind that once you pass the line of a common LAN, most troubleshooting and problem solving relies on your local staff, since configurations on hardware, logic, and security are implemented by your IT and beyond the typical scope of NComputing support.

Below contains details on how to set up and enable port forwarding (TCP port 27605) on your organization’s router to allow for vSpace connection outside the organization’s network:

Port forwarding simply maps the port on your router's IP address (your public IP) to the port and IP address of the vSpace Server(s) you want to access.


Specific steps for enabling port forwarding depend on the router you're using, so you'll need to search online for your router's instructions.


Please follow the below procedure to set up port forward for your vSpace Servers. Since the access would go through Wide Area Network (WAN), the vSpace connection and user experience may be slower compared to accessing it from the same Local Area Network (LAN). To minimize user experience degradation, make sure your thin clients or software clients are connected to high-speed Internet access.

(1)   Find the ‘internal IP’ address of your vSpace Server. To get the internal IP address of the vSpace Server, you may type ipconfig in "cmd.exe" on the vSpace host machine. It is usually in the form of "192.168.1.**".


(2)   Find the ‘public IP’ address for your organization’s router. There are many ways to find this - you can search a browser for "my IP".


(3)   Setup Port Forwarding (Port Translation) in the router. Please log into your organization’s router website (generally at http://192.168.1.1/ or http://192.168.0.1/) and go into the 'Port Forwarding' section. Add a new 'Port Forwarding' rule for TCP port 27605 to be forwarded to the internal IP of your vSpace Server. See example below:

 


 

 

 Warning:  You're opening your vSpace Server(s) up to the internet - make sure you have a strong password set for your PC.

 

After you map the port, you'll be able to connect to your vSpace Server(s) from outside the local network by connecting to the public IP address of your organization’s router.


(4)   Optional: Setup Dynamic DNS (DDNS). Your organization’s router's IP address can change - your internet service provider (ISP) can assign you a new IP at any time. To avoid running into this issue, consider using Dynamic DNS - this lets you connect to the vSpace Server using an easy to remember domain name, instead of the IP address. Your organization’s router automatically updates the DDNS service with your new IP address, should it change.


Note: With most routers you can define which source IP or source network can use port mapping. So, if you know you're only going to connect from home, you can add the IP address for your home network - that lets you avoid opening the port to the entire public internet. If the vSpace host you're using to connect uses the dynamic IP address, set the source restriction to allow access from the whole range of that particular ISP.

You might also consider setting up a static IP address on your vSpace Server so the internal IP address doesn't change. If you do that, then the router's port forwarding will always point to the correct IP address.

 

Setup port forwarding to multiple vSpace servers:

The above instruction is for router port forwarding to one vSpace server.

If your organization requires router port forwarding to multiple vSpace servers, you will need to set up multiple router port forwarding rules where each vSpace server requires a different customized port number (apart from the default TCP port 27605)

To change the default network port for the vSpace Server:
(1) Add new an entry in the system registry:
Name : Port,
Type   : DWORD(32-bits) Value,
Value : new port value
Path   : [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\SERVICES\hstd]
(2) Reboot server machine.
(3) Create a new router port forwarding rule based on the custom port number you just created
(4) From the supported client devices (RX-series, LEAF OS, vSpace Pro software client for Windows and Chromebooks), enter the vSpace IP address followed by a colon and the custom port number (e.g. 10.1.4.160:27604) to access the corresponding vSpace user session.

For example, you have two vSpace servers the users want to access via router port forwarding.  The admin will need to customize the port number for the 2nd vSpace server so it is different than the 1st vSpace server.
vSpace server #1 (IP address):  10.1.4.150 (with default port 27605)
vSpace server #2 (IP address): 10.1.4.160 (with custom port 27604)

From the supported NComputing end-points, the end-user can access different vSpace Servers via port forwarding:
To access vSpace Server #1: The endpoint configures 10.1.4.150 as the vSpace server IP address. In this case, the default port number (27605) will be used.
To access vSpace Server #2: The endpoint configures 10.1.4.160:27604 as the vSpace Server IP with custom port 27604.