MacInTouch Amazon link...

remote access / conferencing

Channels
Other
If I have an iMac at the office, and I am using a laptop at home, how can I make the iMac answer my remote laptop's request to share the office iMac? This would be an easy way to access my server from a remote location. I am familiar with screen sharing, as I use it often to help a member of my family. Screen sharing that I am using requires a person at the receiving end to press a button to accept the connection.
... I am not an expert, just a business owner who's learned to run my computers. I'll try to explain what I've done. (Techies, please correct anything I state wrong!)

You'll need a static IP to your office network, and a static IP on your office computer. (If you don't know about this, ask your system admin. If there is no system admin, come here and any of us can help.)

On your router, set port 5900 to forward to the static IP on your computer. (This is TCP in your settings, if asked.)

Make sure your office computer is set to Remote Management, in System Preferences > Sharing. Rebooting wouldn't hurt here.

On your home Mac, go to Finder, type in command-K (Connect to server). Type in
vnc://123.456.789.000

using your office network's static IP. Voila!
 


... All employees have remote access set up using Apple's built-in VPN client via L2TP.
A word of caution. A client has to be HIPAA-compliant. When I set up iOS to connect to their VPN via L2TP it defaulted to older, less secure encryption.

Good info from Watchguard's Use the macOS or iOS Native IPSec VPN Client:
Code:
Phase 1 Diffie-Hellman Group 14:
    Phase 1 Authentication — MD5, SHA1, SHA2-256, SHA2-512
    Phase 1 Encryption — AES256

Phase 1 Diffie-Hellman Group 2:
    Phase 1 Authentication — MD5, SHA1
    Phase 1 Encryption — DES, 3DES, AES128, AES256

Phase 2 for both D-H groups:
    Phase 2 Authentication — MD5, SHA1
    Phase 2 Encryption — 3DES, AES128, AES256
    Phase 2 Perfect Forward Secrecy — No
I changed the client's VPN to use Diffie-Hellman 14 to get Phase 1 up to SHA-256 and AES256. Unfortunately, Phase 2 authentication uses SHA1 or MD5, both of which can be compromised.

Wikipedia SHA-1
Wikipedia MD5

FWIW: I use the VPN hardware vendor's SSL VPN software for macOS.
 


So, my question is what's the bottleneck or the order of biggest-to-smallest bottlenecks?
• too slow of an internet pipe​
• Apple's VPN client​
• the SonicWALL​
• the server hardware​
• the macOS Server software​
The SonicWall should support SNMP. I would suggest getting a monitor on that and start tracking the bandwidth usage. That should give you an idea if you're starting to max out the bandwidth for upload or download. If the upload bandwidth is being maxed out, that could definitely result in some of the issues you're describing.
 


Needing expert advice and informed opinions ASAP...
I deal with these issues day in and day out. I can offer my professional opinions.

Your internet connection is the predominant bottleneck. Cable modem internet is not business class. The technology was and is a hack. The asynchronous nature of the connection is not suitable for remote access. It works fine for a couple of people but that 25mbps upload cap gets hit very quickly.

To make matters worse, the more you send over a cable modem, the slower you can receive. I remember performing tests – I would send a small file while downloading a large file. When the send began, the download slowed to a crawl. As soon as the file was sent, the download would resume normally.

To make matters even worse, you have to share bandwidth with every other home and business in your vicinity. The speeds you are paying for are "best effort", not guarantees. Read your contract.

There is no way you'll be able to get synchronous fiber internet service installed in the near term, so I would recommend allowing your people to control their computers remotely. The bandwidth needed for screen sharing is far lower than what's needed for file transfer.

As for remote control software, you have many choices. You can use the built-in VNC-based screen sharing Apple provides.

If you can afford it, a corporate license for TeamViewer is really nice. It's quite excellent but very expensive. It also does not require VPN connections.

Something I use in my work, and I have not seen mentioned here yet, is Remotix and Remotix Cloud from Nulana. It's paid software, but it's very flexible and reliable. With one app, I control Windows server, Macs, and Linux machines. For Mac and Windows, their new NEAR protocol is excellent. Support for RDP and VNC is also part of the app. Combined with a Remotix Cloud account, VPN can be bypassed as well.

I am not affiliated with Nulana. I'm just a long time, paying customer.

Good luck with your situation. I hope you find a workable solution.
 



I would not use [Remotix], personally. Here's some background on its Russian provenance...
It's a fair point. At the same time, in terms of usability, design, flexibility, and functionality, I think Remotix is a superb product, though I do not use any of its cloud features.

The entire question of software sourcing and code provenance is a can of worms that, in some ways, is even more complicated and potentially worrisome than the global supply chain for the physical products we rely on daily. I'm reminded of an archived post of mine about software provenance:
josehill 2017-03-08 said:
Software sourcing is a complex area. Given that outsourcing and offshoring are such common practices in the software industry, it is truly difficult for consumers to determine the sourcing of their software tools. A large portion of my business is focused on helping organizations maintain compliance with privacy regulations, financial regulations, and security best practices, and my clients include software companies that collect personal information, location information, and extremely sensitive medical/financial information. While nearly all of my clients are headquartered and managed from the United States, a substantial majority of those does nearly all software development outside of the United States. In practice, this usually means that a US-based "Chief Technology Officer" or VP of Engineering manages the development process, a US product team handles feature specification and design, and the CTO/VP Engineering and/or a small number of US-based developers will perform a software "code review," without necessarily closely reading every single line of code.

I don't have the exact statistics handy, but around 40% of my clients have offshore/outsource operations in India, a similar amount in Eastern Europe and Russia, 15% or so develop entirely in the US/Canada, and a handful use other locations (Argentina and Uruguay are growing in popularity). While some companies publicly disclose where their software is actually developed, most companies do not volunteer that information. Many will not do so unless under audit or under a non-disclosure agreement.

I don't want to suggest that any of these companies are doing anything wrong, since there definitely are effective ways to secure the process and to protect end user information. However, at the same time, simply buying/licensing software from a US-based publisher is no guarantee that the software did not spend a lot of time in a jurisdiction that would not give the buyer great comfort. Further, even when a development team is based in the US, it is very easy for sloppy developers to incorporate questionably sourced snippets of code and open-source code libraries that they found on the Internet without doing a detailed review of what the code actually does. (This is not so different from when someone helpfully shares a useful macOS command-line on MacInTouch -- how many people paste the command-line into their terminals without understanding the command? Just because something is public and open-sourced does not mean that it is safe or won't have unintended consequences.)

In other words, I wouldn't necessarily disqualify a developer because they are based in Russia, and I wouldn't necessarily be comfortable with a developer because their offices are in Iowa.
I had additional thoughts about the software supply chain in another thread:
In other words, modern software development often involves a very complicated international supply chain, the security of that supply chain can be highly variable, and it can be pretty rare for end users to have true visibility into where their software comes from.

This ends up being an extremely unsatisfying post. On the one hand, I often think that people worry too much about security/privacy issues that are derived from the geographical origin of well-known, professionally managed products. On the other hand, the variability and vulnerability of the software supply chain across the full range of websites and apps is so large and the associated guarantees and protections are so small that I sometimes feel like pen and paper are the future.
 


Needing expert advice and informed opinions ASAP:
For health reasons / as a precaution, our 36 employees have all been instructed to work from home / not be in our office. Our company has a Mac Pro in the office operating as a file server, running Apple's macOS Server. Hundreds of terabytes of shared files. SonicWALL NSA 2650 for firewall. Dedicated IP address for the firewall and the server. Comcast business internet speed @ 300 down and 25 up. Never any problems with in-office server access — file sharing and access have been rock solid.

All employees have remote access set up using Apple's built-in VPN client via L2TP. The remote access load has averaged 3-5 clients for many months with no complaints and no disconnects. But now that everyone is using VPN to remotely connect to the office, there's a big issue with frequent and random "Authentication failed" alerts to users when either too many people try to simultaneously connect or there's a large file being uploaded to the server or downloaded from the server (I'm not sure if it's one or the other causing the alerts.)

So, my question is what's the bottleneck or the order of biggest-to-smallest bottlenecks?
• too slow of an internet pipe​
• Apple's VPN client​
• the SonicWALL​
• the server hardware​
• the macOS Server software​

I would greatly appreciate questions, comments and suggestions to improve the situation. Our employees are resorting to using Slack to announce who is connected and disconnected, as well as giving each other a heads-up when a large file needs to be transferred. This is a temporary kludge, so I need to fix the problem(s) as quickly as possible. Thanks in advance!
Scott, I think the first issue is your internet connection. I’m managing I.T. for a firm about the same size, and our 100/100 connection is running close to max for upstream (i.e. out of the office) speed for large periods of time right now.

I don’t know if the SonicWALL has any sort of speed limit on its throughput. but that might be a place to look as well. Our internet router has a hard cap of 350 megabits, so if we had a gigabit connection, we’d only be able to use 350 of it until we upgraded the speed limit of our router (all done through software keys). Also, is there a VPN connection limit on the SonicWALL?

Let us know what you discover. Thanks.
 


To clarify, each of our employees has taken their office laptops or desktops home with them, so using a remote-control app or conduit is a no-go. We all need to VPN into our office server to copy files on and off.

I am investigating the options for locating a alternate ISP that offers synchronous upload and download speeds. If anyone is familiar with the high-speed internet options for downtown in Boulder, Colorado, and can offer suggestions, please do. CenturyLink does not have anything for our location.
 


Ric Ford

MacInTouch
I am investigating the options for locating a alternate ISP that offers synchronous upload and download speeds. If anyone is familiar with the high-speed internet options for downtown in Boulder, Colorado, and can offer suggestions, please do. CenturyLink does not have anything for our location.
For what it's worth:
BroadbandNow said:
Yelp said:
 


If you can afford it, a corporate license for TeamViewer is really nice. It's quite excellent but very expensive. It also does not require VPN connections.
Here's a vote for Connectwise Control for remote access as an alternative to TeamViewer. I got this tip from a Mac tech support company that offered me a job.

They even offer a (hard-to-find) free license with the main restriction being only one remote control session at a time, and a limit of three always-on unattended "access" sessions (the other mode being on-demand "support" sessions). Of those three, you can control only one at a time, the simultaneity being the clients' always-on status to share their screen.

Not affiliated, etc.
 


I'm having trouble with Zoom meetings. I'm on a Comcast 300-Mbps line, ethernet cable from 2017 iMac to my router. Other audio/video sessions, such as Netflix via Apple TV on WiFi, are working fine. But a Zoom meeting can go along OK for 20 or 30 minutes, then the video freezes and the audio goes all "tinny" like bad cell reception for about 15 seconds. Then it all comes back just fine, sometimes displaying a warning in either Safari or Firefox that my "Internet connection is unstable."

I'm not seeing bad signal numbers at my router and usually get 350 Mbps down and 11 up, with no scary latency numbers. Of course the problem is intermittent, so these tests may miss any issue with my provider, but again, never a hiccup with hours-long viewing on Netflix.

One clue is that FaceTime audio using my iMac will act up in a similar way -- intermittent droput of the caller's voice. They can still hear me, but for 15 or so seconds they are silent. This does not happen on my iOS devices using the same network.

Any thoughts or suggestions? Thanks in advance.
 


But a Zoom meeting can go along OK for 20 or 30 minutes, then the video freezes and the audio goes all "tinny" like bad cell reception for about 15 seconds. Then it all comes back just fine, sometimes displaying a warning in either Safari or Firefox that my "Internet connection is unstable."
I have seen this in Zoom meetings more often than other any video conference apps, like WebEx. This sounds like packets get backed up on delivery and then packets are dropped until it catches up - usually due to insufficient internet bandwidth in the path from a participant to you. Here is a Zoom status page.
 


I will be virtually attending a meeting later today. The meeting will be hosted through GoToMeeting. We've been asked to download and install the app. Alternatively, we can view the meeting through a web browser.

I tried connecting to the web app but it reports that I must use Google Chrome. Neither Safari nor Firefox will work. Instead, I've set the User Agent to Google Chrome and it allows me to connect.

I have no need for webcam or microphone usage on my end -- I'm only going to listen/watch.

Can anyone speculate on what type of issues I might encounter using Safari with a user-agent set to Chrome?
 


I have accounts with many of the common web conferencing services due to my consulting work. I've gotten emails from many of them indicating that service quality may suffer at particularly busy times, especially on the hour and half hour. I've noticed some glitches here and there, but service mostly has been acceptable so far.

A couple of the services have suggested starting meetings at staggered times, like ten, twenty, or forty minutes after the hour. Not a bad idea, especially for shorter calls. Also, it may seem obvious: if you don't actually need video for a teleconference, turn it off.
 


I understand that the change to working at home has stressed the Internet, especially upload speeds. Working at home may require that the upload speed and download speed be the same, since for example, a simple action of opening a file and saving the file is roughly the same load on the upload and download channels. The internet connection typically does not have a balanced upload and download speed.

If you massively increase home office connections, the upload channel in the area, as well as the connection to the specific server. can be overwhelmed even if the overall internet speed is fast. This is not theoretical, as I have talked with a person who is doing the home office bit and has really fast internet, but the limits of the corporate server, especially the upload speed, have the IT folks frantically trying to keep the server running.
 


Can anyone speculate on what type of issues I might encounter using Safari with a user-agent set to Chrome?
That didn't go well. Safari and Firefox don't work with GoToMeeting. Vivaldi worked but without sound. GoToMeeting specifies Google Chrome, but I don't use it.

Finally, mid-meeting, I downloaded the GoToMeeting software and followed along for the second half of the meeting. Afterwords, I tried to clean up all the LaunchAgents and other detritus it left on my machine. Wow... messy software.
 


That didn't go well. Safari and Firefox don't work with GoToMeeting. Vivaldi worked but without sound. GoToMeeting specifies Google Chrome, but I don't use it.
Finally, mid-meeting, I downloaded the GoToMeeting software and followed along for the second half of the meeting. Afterwords, I tried to clean up all the LaunchAgents and other detritus it left on my machine. Wow... messy software.
Did you consider using Chrome exclusively for the meeting?
 


I'm having trouble with Zoom meetings....
Update: another clue surfaced as my iMac warned me that some other device was using its DHCP-assigned IP address. After much wrestling with the %%$# Comcast router, I was able to assign the iMac a reserved address and, so far, FaceTime calls are working just fine. My next Zoom session is Friday, so fingers crossed.

Can an IP address conflict cause the dropouts I was experiencing?
 


Ric Ford

MacInTouch
Update: another clue surfaced as my iMac warned me that some other device was using its DHCP-assigned IP address. After much wrestling with the %%$# Comcast router, I was able to assign the iMac a reserved address and, so far, FaceTime calls are working just fine. My next Zoom session is Friday, so fingers crossed.
Can an IP address conflict cause the dropouts I was experiencing?
Not sure this is the issue, but it's something to check:

System Preferences > Network > Advanced > TCP/IP

Here, you can Renew DHCP Lease and type your DHCP Client ID.

See also:

System Preferences > Sharing > Computer Name

I've had problems in the past from cloning a system drive from one Mac to another, thereby duplicating Computer Name, network settings, etc. – they need to be different for the two different computers.
 


Ric Ford

MacInTouch
FYI: TeamViewer is loosening restrictions for people in certain areas that are being heavily impacted by the coronavirus (COVID-19).
BleepingComputer said:
TeamViewer Stops Commercial Use Checks in Coronavirus-Affected Regions
TeamViewer has stated that they will stop performing checks for commercial use of their remote control product in regions heavily affected by the Coronavirus.

... "We have stopped checking connections for commercial use in heavily affected regions like China and Italy already some weeks ago and are currently implementing that for lots of other affected countries including UK," TeamViewer told TheRegister.

It is not known if the USA will be included in this change and BleepingComputer has reached out to TeamViewer for clarification.
 





Here's a tip about wireless networking problems caused by microwave ovens and other devices:
The kitchen in the condo we moved into four years ago currently has two microwave ovens: a countertop model we brought with us and the combo range hood model that came with the condo. I can't wait for the one on the countertop to die, as it completely takes out the WiFi in the adjacent family room. I tried to convince my wife that it's dangerous to use, but she prefers it to the one over the stove. And I can't complain when she uses it, as I'll end up having to make dinner (again).

Stay home, stay well....
 


I can't wait for the one on the countertop to die, as it completely takes out the WiFi in the adjacent family room. I tried to convince my wife that it's dangerous to use, but she prefers it to the one over the stove.
Annoying, definitely. Dangerous? Probably not unless the door mechanism is damaged.

The amount of leakage necessary to interfere with Wi-Fi is far less than the amount that could actually be dangerous. But if you're concerned, you can buy a microwave leakage tester to measure the actual amount to make sure it is within legal limits.
US Food & Drug Administration said:
Microwave Oven Safety Standard
... A Federal standard (21 CFR 1030.10) limits the amount of microwaves that can leak from an oven throughout its lifetime to 5 milliwatts (mW) of microwave radiation per square centimeter at approximately 2 inches from the oven surface. This limit is far below the level known to harm people. Microwave energy also decreases dramatically as you move away from the source of radiation. A measurement made 20 inches from an oven would be approximately 1/100th of the value measured at 2 inches from the oven.
 


Not sure this is the issue, but it's something to check:

System Preferences > Network > Advanced > TCP/IP

Here, you can Renew DHCP Lease and type your DHCP Client ID.

See also:

System Preferences > Sharing > Computer Name

I've had problems in the past from cloning a system drive from one Mac to another, thereby duplicating Computer Name, network settings, etc. – they need to be different for the two different computers.
Ric, many thanks. I'm starting to suspect upstream problems with Comcast. Symptoms that I had ignored or not associated with the Zoom problem now look related: occasional hiccups using On Demand on the TV, audio dropouts using Facetime, intermittent freezes loading web pages.

All my router signal stats are in spec, but unless I could monitor them in real time, I'll never catch the glitch in progress. I tried Comcast's service "robot," which predictably said it would send a reset signal. It never came and the estimated wait time for a human tech was 258 minutes. No thanks. Instead I went around and checked all connections and rebooted everything. Still intermittent dropouts.
 



I'm starting to suspect upstream problems with Comcast. Symptoms that I had ignored or not associated with the Zoom problem now look related: occasional hiccups using On Demand on the TV, audio dropouts using Facetime, intermittent freezes loading web pages.
I'm wondering if this may be the Smart Packet Detection bug I blogged about all the way back in 2010.

If your router has a "security" setting that tries to detect and block packet-floods, try temporarily disabling it. Buggy or poorly thought-out algorithms can result in normal high-bandwidth activity (like streaming video or opening some web pages) getting blocked.

I found that on my router at the time, this feature was blocking floods of outbound TCP connections as well as inbound ones. So whenever I tell my web browser to open a folder full of bookmarks into multiple tabs (e.g. what I do every morning when I want to read my web-comics) or even opening a single web page that's got a lot of sub-objects, the router would see the flood of outbound connections and start dropping packets, making everything hang and act flaky. When I disabled the feature, the problem went away.
 



My work oddly migrated to Zoom instead of using the working-fine Google Hang Outs platform.

I am wondering what happened in the last 24 hours, as well. Yesterday, Zoom worked in browser-mode (no install required), but today all I get is: 403 Forbidden...

By the way, can install be for a single user only? I'd rather install Zoom, if I must, in an isolated account for that use only.
... not to mention my work place will be exerting mandatory pressure to use Zoom,
... so much for social distancing
;-(
 


Ric Ford

MacInTouch
I am wondering what happened in the last 24 hours, as well. Yesterday, Zoom worked in browser-mode (no install required), but today all I get is: 403 Forbidden...
Zoom's service is currently broken (i.e. it has nothing to do with your computer or your company).
Zoom said:
Zoom Status
Zoom will be placing the Web Client into maintenance mode and take this part of the service offline. This will also impact users utilizing Zoom’s Web SDK. This will have no impact on users utilizing Zoom’s desktop or mobile application.

We apologize for any inconvenience that this may cause.
Apr 3, 00:00 PDT
 


Zoom's service is currently broken (i.e. it has nothing to do with your computer or your company).
Ric, thanks! for that update, puts my mind at ease a bit, although I'm in hot water for missing a meeting...

By the way, in my opinion, there is something fishy about Zoom's install procedures. I created a new user account, then proceeded to install a Chrome web client extension, which I believe could be a way to isolate the platform to one user (although it still probably would not work anyway if the web-client was undergoing maintenance). The extension installs very swiftly, but then the install page proceeds to offering a big blue install button with some pretty small print of some undisclosed free optional installation.

In my book this is not-very-nice-ware ;-\

I guess I should add, perhaps this was not a Zoom procedure but a strategy at the Chrome extension web site... somebody paid to have their "optional" install posted on the page, perhaps?
 




Anybody here, who has installed Zoom, recall if there is a single-user option? Ironically, my admin colleagues (all the way up the chain, as it were) went rogue on their own and installed it, and have absolutely no recall on the process ... thinking "ooh, cool a new app, let's install it, cuz it's so much better than the thing we already use that works just fine."

Against the advice of the IT director. ;-|
(Zoom web client still under maintenance, by the way.)
Looks like peer pressure is more hazardous than mal- ...er, I mean bad-ware.
;-\
 


Ric Ford

MacInTouch
For what it's worth, Microsoft is touting Skype conferencing services free of charge:
Skype said:
Organize conference calls on Skype with one click | Skype

Easy video meetings with no sign ups or downloads

Generate your free unique link with one click, share it with participants and enjoy unlimited meetings with Skype. Full set of features at your disposal.
Your meeting link does not expire and can be used anytime.

Record you call and save it for later review
Focus and engage in your online meeting without any distractions. Record your call for later reviews and note taking. We store your recording for up to 30 days.

Blur your background before entering the call
On the go or just didn't have time to prepare for your video meeting, simply turn on the background blur feature and worry less.

Share your screen whenever necessary
Easily share presentations, work materials or designs in your conference call. Collaborate and review your work in the chat.
 


Ric Ford

MacInTouch
Webex is also touting free services (and discounts on paid services):
Cisco said:
Cisco Webex Plans and Pricing

Free features
  • Up to 100 participants in each meeting
    (Up from 50)
  • Meet as long as you want
    (Up from 40 min limit)
  • Call-in for audio
    (in addition to existing VoIP capabilities)
  • Unlimited number of meetings
  • Desktop, application, file & whiteboard sharing options
  • Video conferencing features
  • Webex Teams collaboration features
  • Mobile features
  • Security features
  • Online support
 





Amazon disclaimer:
As an Amazon Associate I earn from qualifying purchases.

Latest posts