MacInTouch Amazon link...
Channels
Other

Ric Ford

MacInTouch
Maybe I'm doing something wrong, but I've never been able to get any of Apple's sharing services to work if one of the machines is behind a double NAT...
I don't know if this helps, but I noticed that AirPort Utility recommends against setting up a "double NAT" configuration, recommending bridge mode, instead, in that situation.

And I also don't know if this is related, but have you looked at your IPv6 settings in the AirPort setup?
 


I don't know if this helps, but I noticed that AirPort Utility recommends against setting up a "double NAT" configuration, recommending bridge mode, instead, in that situation.

And I also don't know if this is related, but have you looked at your IPv6 settings in the AirPort setup?
I can't use bridge mode on the router because the condo's router will only give me one IP address. I have many devices at the condo so I have to put up with NAT. Oddly, NAT only causes a problem with Apple's remote services. I have a Plex server at home and have no problem accessing it from the condo. Also, as noted, Chrome Remote Desktop works fine.

As for IPv6: I have it set for link local only on both Airport Extremes. If I set it to "Automatic", I get an IPv6 relay error. AFAIK, none of the ISPs here in Thailand fully support IPv6, yet.
 


I don't think it supports OS X 10.7, which one of my relatives is using
OK, I have to ask! Why on earth would someone be on 10.7? (I stuck with 10.6 for too long before upgrading to 10.10 when it hit 10.10.3; I don't remember Lion having anything comparable to Rosetta that would inspire people to keep running it.)
 


Ric Ford

MacInTouch
OK, I have to ask! Why on earth would someone be on 10.7? (I stuck with 10.6 for too long before upgrading to 10.10 when it hit 10.10.3; I don't remember Lion having anything comparable to Rosetta that would inspire people to keep running it.)
Let me see if I can list some reasons:
  • This 2011 iMac came with OS X 10.7 installed.
  • The user is very non-technical and averse to change, and Apple has made all kinds of changes, often for the worse.
  • Updating OS X can cause unintended, unpredictable and unwanted/disastrous results.
  • OS X 10.9 and later is unacceptably slow without an SSD, which this system does not have and cannot easily accomodate.
I've spent a lot of time thinking about the issue of what to do regarding this system. An urgent issue is that its old Safari browser is not working with the websites the user needs to interact with. Obviously, there may be security issues involved with web browsing, as well.

I like to get very robust backups before making any change. (There is a current Time Machine backup in place, but I want at least one bootable clone, as well.) So my highest priority is to get another clone/backup drive there (complicated by the lack of USB 3 on this machine, which means that any decent-speed, bootable external option will be very expensive) and to get remote access set up for "handholding" through whatever needs to be done, as well as giving me a chance to run security utilities, SMART data checkers, etc.

More complicated alternatives:

Buy a Chromebook:
  • It doesn't accomodate existing documents and workflow.
  • It's an additional expense.
  • There may be other issues (e.g. with printing, with reliability, with screen size, etc.)
  • On the plus side, updates and support should be much easier.
Buy a new Mac and migrate from the old one:
  • Have you seen Apple's prices? Ridiculous.
  • Migration from an old Mac system to a new one may well be problematic and almost impossible to do remotely.
  • All the changes in newer Macs may disrupt/"deprecate" previous documents and workflows.
  • User interface changes are complicated and often dysfunctional.
  • Security and authentication changes (iCloud, Apple ID, 2FA et al) can be miserably complicated and confusing.
  • New Macs may be slow unless you pay for high-end models at high prices.
  • There isn't space for two desktop computers. And securely disposing of the old one could be problematic, especially if the new one doesn't accomodate all the old documents and workflow.
 


I've been a TeamViewer paid user for as long as it was around (early adopter.) But their constant update tax was wearing on me.

AnyDesk is similar with a better interface and long free trial and then much less expensive to license. Check it out. I'm testing now with an eye to move my company over.

https://anydesk.com/remote-desktop
 



I have the need to assist an elderly friend some 3000 miles away. Can someone please recommend a "value for money" app that I can purchase to help me assist my old mate remotely?
Maybe I'm doing something wrong, but I've never been able to get any of Apple's sharing services to work if one of the machines is behind a double NAT.
I've been using Apple's Screen Sharing for several years to remotely help my now 89-year old mother with her computer. She's using a 24-inch, Late 2006, 2.16GHz Core 2 Duo iMac (iMac6,1) that's currently running Snow Leopard. Her needs are simple, and at this stage of her life, there's no way she could cope with either a new computer or OS upgrade. I'm using a 17-inch, Early 2011, 2.2GHz Intel Core i7 MacBook Pro (MacBookPro8,3) that's currently running Sierra.

Both computers are connected to the internet via 5 Mb/s DSL. Like most people, she's provided a dynamic IP address by her ISP, so we needed to subscribe to a dynamic DNS service. I connect to her machine using VNC, which required setting up port forwarding for ports 5500, 5800 and 5900 on her modem/router.

To simplify the connection process I've added an entry to my Finder's "Connect to Server..." list (e.g., vnc://mom.dyndns.xyz). Just need to point and click to start the connection. The only limitation to this setup is that her machine must be awake to make the connection. Also, it's a little slow, given the internet connection speeds involved.

Although it wasn't necessary in my mom's case, I've set up the same thing for my wife's computers, which are both behind double-NATs. Once you get all of the port forwarding configured correctly on all of the devices in the chain, it just works. However, I've never had to do this using Apple network devices, so your milage may vary.
 


Although it wasn't necessary in my mom's case, I've set up the same thing for my wife's computers, which are both behind double-NATs. Once you get all of the port forwarding configured correctly on all of the devices in the chain, it just works. However, I've never had to do this using Apple network devices, so your milage may vary.
I understand what you're saying. The problem is that I have no access to the condo router, so I can't set up port forwarding there. That pretty much ends it for Apple screen sharing.

But, going the other way, from condo to home, works. I, too, use Dyn to get my home public IP address and can use that for ssh, screen sharing, etc. But, the double NAT stops me from getting from home to condo.

Somehow, Chrome is able to get through the double NAT. I still wonder why Apple can't manage it; especially since everything is routed through their cloud and servers.
 


Ric Ford

MacInTouch
Like most people, she's provided a dynamic IP address by her ISP, so we needed to subscribe to a dynamic DNS service. I connect to her machine using VNC, which required setting up port forwarding for ports 5500, 5800 and 5900 on her modem/router.
I connected to a Verizon FiOS Actiontec router and looked at the Port Forwarding configuration panel. It lists "VNC" in a pop-up menu that specifies:

TCP
Any -> 5500
Any -> 5550
Any -> 5800-5801
Any -> 5900-5901
 


Ric Ford

MacInTouch
I can't use bridge mode on the router because the condo's router will only give me one IP address. I have many devices at the condo so I have to put up with NAT.
I would suggest this: Switch the AirPort router to Bridge mode (using AirPort Utility) and see what happens.

AirPort Utility > [select device] > Edit > Advanced > DHCP and NAT > Router Mode: Off (Bridge Mode)

Can you still access the Internet from one device? From multiple devices?
 


I would suggest this: Switch the AirPort router to Bridge mode (using AirPort Utility) and see what happens.

AirPort Utility > [select device] > Edit > Advanced > DHCP and NAT > Router Mode: Off (Bridge Mode)

Can you still access the Internet from one device? From multiple devices?
What happens is that only one device can be used. My condo has a captive portal system, which allows only a single device per user name.

If I put the Extreme in bridged mode, then only the first device that logs in to the captive portal gets an IP address. Subsequent devices get a notice that the user name is already in use.

If I put the Extreme in router mode, then the one IP address that the captive portal gives out is assigned to the Extreme. The Extreme then assigns IP addresses in a different subnet to all my other devices.

In order to keep the Extreme connected 24/7 (the captive portal times out after ten minutes), I run the following shell script every few minutes:
Bash:
#!/bin/sh

LOG="/Users/mnewman/documents/webcam/captive.log"

/opt/local/bin/lynx --dump http://www.apple.com/library/test/success.html | grep 'Success'

if [ $? != 0 ]; then

sleep 5

echo '&txtLogin=[username]&txtPasswd=[password]_login=Submit' | /opt/local/bin/lynx -post_data http://10.0.1.254/portal/user-authen.php

echo $"`date`" captive offline from captive.sh >> "$LOG"

else

echo $"`date`" captive online from captive.sh >> "$LOG"

fi
I wish there were a simpler solution, but I haven't found it.
 


Has anyone tried seeing if Timbuktu version 8.8.5 will work in Mojave using the workaround mentioned here for High Sierra? Yes, I still use Timbuktu because I haven't found anything yet that I can replace it with that still works all the way back to Snow Leopard, and whose interface doesn't rub me the wrong way.
 


For years, I relied on Timbuktu (until it got so old and creaky and I realized that I needed iOS support) and then switched to LogMeIn until their pricing became outrageously expensive. At that point, I started looking for a Mac/iOS alternative that would allow me to connect through firewalls or via VPN. I’ve been extremely happy with JumpDesktop. I have been using it for several years and love the fact that it’s a purchase and not subscription-based. In a pinch, I can use my iPhone to connect to our network via VPN and provide support via VNC for my users.
 


For years, I relied on Timbuktu (until it got so old and creaky and I realized that I needed iOS support) and then switched to LogMeIn until their pricing became outrageously expensive. At that point, I started looking for a Mac/iOS alternative that would allow me to connect through firewalls or via VPN. I’ve been extremely happy with JumpDesktop. I have been using it for several years and love the fact that it’s a purchase and not subscription-based. In a pinch, I can use my iPhone to connect to our network via VPN and provide support via VNC for my users.
I was a Timbuktu beta tester for dial-up back in the day - 90's I think '92-93 maybe. That was my go-to for sure back then, but do rely on Apple Screen Share (just got off one) all the time. As long as they have an Apple ID, it is the best free way to go. I'll look at JumpDesktop, thanks.
 


The built-in screen sharing recently decided that the cursor is several inches away from the pointer - but only when controlling my wife's iMac; it works fine with other machines on the same network.

Changing the pref from scaled picture to Show Full Size has no effect (and the screen is smaller than mine anyway).

Any insights? Is this a known OS X/macOS version issue?
 


The built-in screen sharing recently decided that the cursor is several inches away from the pointer - but only when controlling my wife's iMac; it works fine with other machines on the same network. Changing the pref from scaled picture to Show Full Size has no effect (and the screen is smaller than mine anyway).
Any insights? Is this a known OS X/macOS version issue?
To me, that sounds like maybe a corrupt display resolution pref on the iMac. I'd change it to something else and restart and then change it back and retry. Or just change it and restart and retry.
 


I've been a TeamViewer paid user for as long as it was around (early adopter.) But their constant update tax was wearing on me.
AnyDesk is similar with a better interface and long free trial and then much less expensive to license. Check it out. I'm testing now with an eye to move my company over.
https://anydesk.com/remote-desktop
Bryson, I have taken your advice and managed to make contact and fixed my elderly friend's issue. Thank you for the "heads up".

The only drawback: I found that I could only get a small window of his iMac to show on my 27-inch iMac. I have old eyes and wish it were able to be made larger. (Had to use a magnifying glass to read text.) I had my Mac at the lowest resolution to make text bigger with minimal success.

Regards and thanks again.
 




Screens, from Edovia, works well and I've set up some clients with it.

For new clients that I'm helping for the first time, I will use iMessage Screen Sharing, if they have iMessage enabled on their Mac. I find that a lot of the older generation do not typically have it enabled on their Mac(s).

If they don't have iMessage enabled, I use TeamViewer Quick Support. I've been a license holder for Team Viewer for several years now (recently adopting the subscription model with them). I realize the pricing isn't good for those who aren't making a living at this.

I don't understand the reticence mentioned by some in this discussion to configure / enable iCloud on Macs. I feel that with Apple's numerous security and privacy precautions and controls -- including two-factor for those who want it -- that there's nothing to worry about. It's a very useful service and to not take advantage of it, is to deny yourself one of the key advantages of the Apple eco-system.
 



I have no reticence at all about using iCloud. But I do have caveats.
  1. Never never let Apple configure iCloud automatically for you, especially as part of initial boot, upgrades, or account creation.
  2. Never never use iCloud Drive.
  3. Never never use iCloud Keychain.
  4. Avoid iCloud Photos whenever possible.
  5. Avoid iCloud Siri.
Using these draconian measures I have been able to happily use iCloud for Mail, Contacts, Calendars, Safari, Notes, Back to My Mac, and Find My Mac through many versions of OS X and macOS.

The primary reason for all this is that Apple often configures "Apple knows best" regardless of how one wants to use their system. This is one area where Apple can be trusted to do whatever seems best for Apple but not necessarily for the user.
your milage may vary.
 



I have no reticence at all about using iCloud. But I do have caveats.
  1. Never never let Apple configure iCloud automatically for you, especially as part of initial boot, upgrades, or account creation.
  2. Never never use iCloud Drive.
  3. Never never use iCloud Keychain.
  4. Avoid iCloud Photos whenever possible.
  5. Avoid iCloud Siri.
Using these draconian measures I have been able to happily use iCloud for Mail, Contacts, Calendars, Safari, Notes, Back to My Mac, and Find My Mac through many versions of OS X and macOS.
I just looked at my settings and they largely match yours. I turned off Siri, and Game Center. I’m not sure about Home (i think there might be AppleTV, Remote or home sharing implications), but I’m wondering whether it’s safe to turn on iCloud messages?
 


Here’s another data point, for a similar situation: elderly relatives living several hundred miles away with a Mac, for whom I provide occasional tech support, using screen sharing while simultaneously talking with them over the phone. (One of them is very uncertain when using the computer, and both rarely use anything except mail and web browsing.) They have a relatively slow DSL internet connection — around 3Mbps.

For years, I used iChat (via Jabber) successfully to share screens between our Macs (both running Snow Leopard). However, as soon as I upgraded my own Mac to Sierra (and thus, Messages replacing iChat), I was unable to get screen sharing to work via iChat/Messages any longer.

When I later upgraded their Mac to Sierra on a visit, I was surprised to find that I still could not share screens between our two Sierra Macs via Messages — only text messaging. Much research and testing went into finding a solution (e.g., switching from Jabber to the iMessage protocol), but with no success.

So I looked around at screen sharing alternatives, particularly ones that were relatively easy to configure and (more importantly) very easy for my relatives to initiate a screen sharing session. I ended up using Chrome Remote Desktop. (An important caveat in my choice: I, too, did not want to have the use of iCloud as a requirement, on either machine. I don’t have iCloud accounts for either my or their computer.)

It took a bit of work to initially configure it (for example, so that there’s a Chrome Remote Desktop icon in their Dock, for easy startup of Chrome Remote); but during 6 months of use, it’s working pretty well. It requires each of us to have Chrome installed and be logged into a Google account while Chrome Remote Desktop is being used, but we both created “screen sharing-only” Gmail accounts, so this wasn’t a deal-breaker. My relatives leave Chrome logged into their Gmail account, so that they don’t need to do so before starting a Chrome Remote Desktop session. (Other than that, they don’t use Chrome — only Firefox or Safari.)

And it’s very easy to initiate; Chrome Remote Desktop on my computer produces a temporary access code; I read it over the phone to my relative, and she enters it into her Chrome Remote Desktop version, which starts up the screen sharing session. Also, security-wise, I like that there’s no permanent access code/credential; screen sharing access and control is limited to each session, and a new access code is required for each use.
 


Ric Ford

MacInTouch
Maybe I'm doing something wrong, but I've never been able to get any of Apple's sharing services to work if one of the machines is behind a double NAT.
I understand what you're saying. The problem is that I have no access to the condo router, so I can't set up port forwarding there. That pretty much ends it for Apple screen sharing.
I don't think this will solve the issues you're facing at the condo, but for the sake of completeness I'll note a helpful article on double-NAT issues from Edovia, which makes the Screens VPN app for Macs and iOS:
Edovia Support said:
Double-NAT Scenarios
Double-NAT is a scenario in which multiple routers on a network are providing network address translation (NAT) services.

A common example of this is a cable modem or DSL modem to which a Wi-Fi router is connected. Both the modem and the router have NAT enabled, and local-network computers are connected to the router. Even if port forwarding is configured on the router, the computer is not accessible from the Internet because the router doesn't have a public IP address. It has only a private IP address on the modem's local (internal) network.

There are several possible ways to resolve this, but none of them is a "silver bullet" solution....
 


... (An important caveat in my choice: I, too, did not want to have the use of iCloud as a requirement, on either machine. I don’t have iCloud accounts for either my or their computer.) It requires each of us to have Chrome installed and be logged into a Google account while Chrome Remote Desktop is being used, ... My relatives leave Chrome logged into their Gmail account, so that they don’t need to do so before starting a Chrome Remote Desktop session.
While I understand the desire to avoid iCloud, I have to ask whether trusting Chrome (and the implied Google software updater) is actually safer or more private.
 


Here’s another data point, for a similar situation: elderly relatives living several hundred miles away with a Mac, for whom I provide occasional tech support, using screen sharing while simultaneously talking with them over the phone. (One of them is very uncertain when using the computer, and both rarely use anything except mail and web browsing.) They have a relatively slow DSL internet connection — around 3Mbps.

For years, I used iChat (via Jabber) successfully to share screens between our Macs (both running Snow Leopard). However, as soon as I upgraded my own Mac to Sierra (and thus, Messages replacing iChat), I was unable to get screen sharing to work via iChat/Messages any longer.

When I later upgraded their Mac to Sierra on a visit, I was surprised to find that I still could not share screens between our two Sierra Macs via Messages — only text messaging. Much research and testing went into finding a solution (e.g., switching from Jabber to the iMessage protocol), but with no success.

So I looked around at screen sharing alternatives, particularly ones that were relatively easy to configure and (more importantly) very easy for my relatives to initiate a screen sharing session. I ended up using Chrome Remote Desktop. (An important caveat in my choice: I, too, did not want to have the use of iCloud as a requirement, on either machine. I don’t have iCloud accounts for either my or their computer.)

It took a bit of work to initially configure it (for example, so that there’s a Chrome Remote Desktop icon in their Dock, for easy startup of Chrome Remote); but during 6 months of use, it’s working pretty well. It requires each of us to have Chrome installed and be logged into a Google account while Chrome Remote Desktop is being used, but we both created “screen sharing-only” Gmail accounts, so this wasn’t a deal-breaker. My relatives leave Chrome logged into their Gmail account, so that they don’t need to do so before starting a Chrome Remote Desktop session. (Other than that, they don’t use Chrome — only Firefox or Safari.)

And it’s very easy to initiate; Chrome Remote Desktop on my computer produces a temporary access code; I read it over the phone to my relative, and she enters it into her Chrome Remote Desktop version, which starts up the screen sharing session. Also, security-wise, I like that there’s no permanent access code/credential; screen sharing access and control is limited to each session, and a new access code is required for each use.
You might want to take a look at TeamViewer.
 


Amazon disclaimer:
As an Amazon Associate I earn from qualifying purchases.

Latest posts