Winse Blog

走走停停, 熙熙攘攘, 忙忙碌碌, 不知何畏.

使用TeamviewerVPN访问公司内网

一直以来都只是用Teamviewer的图形界面,如果仅仅针对单台机器操作还是蛮OK的。但是如果想要访问远程的整个集群,那就为难了。

以前通过 公司的跳板机 ,然后连接 内网搭建的VPN 来实现 透明 的访问公司的环境。也折腾过自己买一台aliyun的机器搞一个外网IP,然后通过SSH的反向代理来间接的跳转访问公司内网,但成本都还是比较高的。

既然Teamviewer提供了一种远程访问的方式,那么能不能通过Teamviewer来实现代理,继而类似VPN的方式在家访问公司内网呢?

备注:一般都是双保险啊,Teamviewer和Anydesk都放一个!!!

安装

Teamviewer是提供了VPN的访问方式,需要在安装的时刻 选择【显示高级设置】,在下一步中选择【使用Teamviewer VPN】。连接的 两台主机都需要安装Teamviewer VPN 的功能!!!

使用VPN

访问内网

如果是Linux的话,可以在iptables上面配置SNAT,但是Linux Teamviewer暂时不支持VPN功能。 并且公司运行Teamviewer的机器是WIN7,不能通过运行nat命令(server版本才有)来设置转发。最后功夫不负有心人,找到了在win7下可以设置NAT的方法:

转发配置

  1. 连接的两台机器都启动 Routing an Remote Access 系统服务。(修改注册表IPEnableRouter的,不弄也行)
  2. 在公司Teamviwer机器上,下载并安装 NAT配置工具
  3. 在公司Teamviwer机器上,打开配置工具 WinpkFilter - Internet Gateway ,配置 本地连接 为Provider, Teamviewer VPN 为Client,然后启动 Start NAT。

  1. 在本地机器上,添加route,把访问 公司内网IP 的数据转到公司Teamviewer VPN,这样我们就可以透明的访问公司的所有机器了。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
#网关填公司Teamviewer端的IP地址!!!
C:\Windows\system32>route add 192.168.193.0 mask 255.255.255.0 7.138.125.65 metric 1

C:\Windows\system32>ping 192.168.193.110

正在 Ping 192.168.193.110 具有 32 字节的数据:
来自 192.168.193.110 的回复: 字节=32 时间=22ms TTL=63
来自 192.168.193.110 的回复: 字节=32 时间=21ms TTL=63
来自 192.168.193.110 的回复: 字节=32 时间=21ms TTL=63

192.168.193.110 的 Ping 统计信息:
    数据包: 已发送 = 3,已接收 = 3,丢失 = 0 (0% 丢失),
往返行程的估计时间(以毫秒为单位):
    最短 = 21ms,最长 = 22ms,平均 = 21ms

完美,所有的事情Teamviewer都帮想到了并且实现了。

把上面的全部操作写到一个脚本,以后直接使用管理员权限运行即可:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
winse@DESKTOP-ADH7K1Q:~/bigendian$ cat VPN-Route.bat
@setlocal enableextensions enabledelayedexpansion
@echo on

rem https://community.teamviewer.com/t5/Knowledge-Base/Are-there-parameters-to-start-TeamViewer/ta-p/4135
rem teamviewer.exe -i <ID> -P <Password> [-m fileTransfer/vpn]
start "teamviewer" "C:\Program Files (x86)\TeamViewer\TeamViewer.exe"

set teamvpnipaddr=7.138.125.65

:loop
ping -n 1 !teamvpnipaddr! | find "TTL"
if not errorlevel 1 goto :run
if errorlevel 1 goto :endloop
:endloop
ping -n 2 127.0.0.1 >nul: 2>nul:
cls
goto :loop

:run
route delete 192.168.193.0
route add 192.168.193.0 mask 255.255.255.0 !teamvpnipaddr! metric 1

endlocal

pause

参考的原文:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20

Hello everybody, I investigated a lot for this issue.
Establish a VPN session with TeamViewer to my home pc (remote side) and try to get access to this local network from my working place (local side).
I found an solution i never read anywhere before. Since Windows 7 has removed NAT option using netsh it is difficult to solve it with windows on board tools only.
- Install TeamViewer incl. VPN driver on both sides, activate unattended access on the remote side (my home pc). Use the button Show advanced options, and go to Advanced network options … Install VPN driver
- Install WinPkFilter Device Driver on remote side (my home pc) and restart (http://www.nat32.com/v2/install.htm Download installer: http://www.ntkernel.com/downloads/winpkflt_rtl.zip . NAT32 you don't need. This WinPkFilter package contains a simple GUI to configure the NAT between the VPN interface (client) and the remote side LAN interface (provider). see following hints ...
- Windows: Start RemoteAccess - service 'Routing an Remote Access'  and set to automatic (local/remote side).
- Optional: On the remote side (my home pc), the registry has to be modified. Start the registry editor for example by Regedt32, and browse to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters Set the parameter IPEnableRouter to “1”. Using console or batch as admin: reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters" /v "IPEnableRouter" /t REG_DWORD /d "1". On my system it worked without this option, but according internet forums it seems to be recommended.
- Now create a remote desktop session to your home pc and start also the VPN connection within this TeamViewer session (Menu / Extras / VPN). I created a free TeamViewer account and added all pc's to my computers to make the access to my machines easier.
- On remode side (my home pc) where WinPkFilter is installed start the Internet Gateway GUI of WinPkFilter: Start / Programms / WinpkFilter / Internet Gateway. Select (double click) the ethernet adapter of your local privat lan and set NAT Status to 'Provider'. Select the TeamViewer VPN adapter and set NAT Status to 'client'. Press 'Start NAT'
 - On local side (my working place) Add a route to the local side (my working place) to give access to several devices that have the same subnet, add the route like this:

route add <base IP of remote devices> mask 255.255.255.0 <IP of Teamviewer VPN on remote PC> 
metric 1

Example (home lan ip range: 192.168.2.x / TeamViewer VPN IP in home pc (remote side) 7.37.88.245
route add 192.168.2.0 mask 255.255.255.0 7.37.88.245 metric 1 <ENTER>
route add 192.168.2.0 mask 255.255.255.0 7.37.88.245 metric 1 -p <ENTER> (if persistent)
Do delete the route route delete 192.168.2.0
Now you should have access to your private home network. Good luck and have fun.

–END

Comments