MacInTouch Amazon link...
Channels
Other
If I have an iMac at the office, and I am using a laptop at home, how can I make the iMac answer my remote laptop's request to share the office iMac? This would be an easy way to access my server from a remote location. I am familiar with screen sharing, as I use it often to help a member of my family. Screen sharing that I am using requires a person at the receiving end to press a button to accept the connection.
What screen sharing are you using? Both Screen Sharing.app and Screens 4/Screens Connect allow connection using the usual macOS login screen.
 


Somewhat related: Is "Screen Sharing" (or by any other name) possible between a Mac and a Linux device (say, a headless Linux server)?
 


Somewhat related: Is "Screen Sharing" (or by any other name) possible between a Mac and a Linux device (say, a headless Linux server)?
As I understand it (and this information is many years old now), Apple's screen sharing is based on VNC. If you want to connect to your Mac from a non-Mac computer, try using a VNC client. Be sure to let us know if it works.

If you want to access a remote Linux box from your Mac, you have many options available:
  • Use VNC. Most Linux distributions make both client and server packages available. See if Apple's screen sharing client will connect to it. If not, install a VNC client (one possibility is the RealVNC Viewer) and use it to connect.

  • Use X2Go. This is an X11-based remote access protocol. Most Linux distributions make both client and server packages available. A Mac client is available as well.

  • Use straight X-windows. Install an X11 server on your Mac (I've been mostly happy using XQuartz). Once it's running, log in to your Linux box via a terminal session (e.g. using SSH), set the display environment variable to point to your Mac's running X11 server and run your graphical apps from the terminal session. They will appear on your desktop.

    This can be a little tricky the first time. Here's an article that may help. Note that if you use SSH to log in to the Linux box, coming from an XQuartz terminal, you can use the "-X" or "-Y" options to automatically set up a tunnel for the X11 data, avoiding the need to manually fiddle with the display variable.
  • NoMachine. I've never set up a server for this, so I don't know how much work is involved. I've run an older version of the client to connect to corporate-hosted NoMachine terminal servers and I've always been happy with the results.

  • There are a lot of other options, but these four are the ones I've personally used.
I've found that a straight X11 connection works fastest on a LAN but is painfully slow over an Internet connection (whether direct or via a VPN tunnel). I'm pretty sure it's an issue with latency, not bandwidth, because it doesn't seem to get any better over faster connections.

X2Go is very nice. It's got more overhead on the server side than a straight X11 connection, but it seems good over slower connections.

I would consider VNC to be a last resort. It's not as friendly as X2Go and requires more fiddling to set up the server side to get it to run the way you want. But it has the advantage of being available almost everywhere and is extremely configurable.
 


KJM

If I have an iMac at the office, and I am using a laptop at home, how can I make the iMac answer my remote laptop's request to share the office iMac? This would be an easy way to access my server from a remote location.
So what you are looking for is not Screen Sharing (with somebody else) but Remote Access to your own Mac at home. You find it under Sharing in the System Preferences.
 



Needing expert advice and informed opinions ASAP:

For health reasons / as a precaution, our 36 employees have all been instructed to work from home / not be in our office. Our company has a Mac Pro in the office operating as a file server, running Apple's macOS Server. Hundreds of terabytes of shared files. SonicWALL NSA 2650 for firewall. Dedicated IP address for the firewall and the server. Comcast business internet speed @ 300 down and 25 up. Never any problems with in-office server access — file sharing and access have been rock solid.

All employees have remote access set up using Apple's built-in VPN client via L2TP. The remote access load has averaged 3-5 clients for many months with no complaints and no disconnects. But now that everyone is using VPN to remotely connect to the office, there's a big issue with frequent and random "Authentication failed" alerts to users when either too many people try to simultaneously connect or there's a large file being uploaded to the server or downloaded from the server (I'm not sure if it's one or the other causing the alerts.)

So, my question is what's the bottleneck or the order of biggest-to-smallest bottlenecks?
• too slow of an internet pipe​
• Apple's VPN client​
• the SonicWALL​
• the server hardware​
• the macOS Server software​

I would greatly appreciate questions, comments and suggestions to improve the situation. Our employees are resorting to using Slack to announce who is connected and disconnected, as well as giving each other a heads-up when a large file needs to be transferred. This is a temporary kludge, so I need to fix the problem(s) as quickly as possible.

Thanks in advance!
 


If I have an iMac at the office, and I am using a laptop at home, how can I make the iMac answer my remote laptop's request to share the office iMac? This would be an easy way to access my server from a remote location. I am familiar with screen sharing, as I use it often to help a member of my family. Screen sharing that I am using requires a person at the receiving end to press a button to accept the connection.
I am using the built-in screen sharing in macOS Mojave and now Catalina. If I wish to assist a family member, I let them know over the phone that I will be requesting access to their computer. Using the screen sharing app and entering the destination Apple ID, I initiate a connection. The person at the destination machine is queried on their screen, and they have to accept the connection. It works very well for distant assistance.

I have an iMac in my office, which can connect to my server. I would like to screen share from my house to this iMac and thus access the server remotely. But how do I get the iMac in the office to say yes to screen sharing if no one is at the office iMac?

(I would like to use the screen sharing to fetch a job from the office server via the office iMac. I would send the job files to Dropbox on the remote office iMac. I would then work on the job files using the Dropbox at home and, when done, send it back in reverse to the server through the remote office iMac. Since the home has significantly slower internet speeds, this system would be far more efficient than directly accessing the serve,r and I do not have a static IP address for my server.)
 


As I understand it (and this information is many years old now), Apple's screen sharing is based on VNC. If you want to connect to your Mac from a non-Mac computer, try using a VNC client. Be sure to let us know if it works...
Mac "Screen Sharing" uses .vncloc suffixes, so I think that is a safe assumption. I will just be using it over LAN, not remotely, so it looks like it should be straight-forward. Thanks for all the options.
 


If I have an iMac at the office, and I am using a laptop at home, how can I make the iMac answer my remote laptop's request to share the office iMac? This would be an easy way to access my server from a remote location. I am familiar with screen sharing, as I use it often to help a member of my family. Screen sharing that I am using requires a person at the receiving end to press a button to accept the connection.
... I am not an expert, just a business owner who's learned to run my computers. I'll try to explain what I've done. (Techies, please correct anything I state wrong!)

You'll need a static IP to your office network, and a static IP on your office computer. (If you don't know about this, ask your system admin. If there is no system admin, come here and any of us can help.)

On your router, set port 5900 to forward to the static IP on your computer. (This is TCP in your settings, if asked.)

Make sure your office computer is set to Remote Management, in System Preferences > Sharing. Rebooting wouldn't hurt here.

On your home Mac, go to Finder, type in command-K (Connect to server). Type in
vnc://123.456.789.000

using your office network's static IP. Voila!
 


... All employees have remote access set up using Apple's built-in VPN client via L2TP.
A word of caution. A client has to be HIPAA-compliant. When I set up iOS to connect to their VPN via L2TP it defaulted to older, less secure encryption.

Good info from Watchguard's Use the macOS or iOS Native IPSec VPN Client:
Code:
Phase 1 Diffie-Hellman Group 14:
    Phase 1 Authentication — MD5, SHA1, SHA2-256, SHA2-512
    Phase 1 Encryption — AES256

Phase 1 Diffie-Hellman Group 2:
    Phase 1 Authentication — MD5, SHA1
    Phase 1 Encryption — DES, 3DES, AES128, AES256

Phase 2 for both D-H groups:
    Phase 2 Authentication — MD5, SHA1
    Phase 2 Encryption — 3DES, AES128, AES256
    Phase 2 Perfect Forward Secrecy — No
I changed the client's VPN to use Diffie-Hellman 14 to get Phase 1 up to SHA-256 and AES256. Unfortunately, Phase 2 authentication uses SHA1 or MD5, both of which can be compromised.

Wikipedia SHA-1
Wikipedia MD5

FWIW: I use the VPN hardware vendor's SSL VPN software for macOS.
 


So, my question is what's the bottleneck or the order of biggest-to-smallest bottlenecks?
• too slow of an internet pipe​
• Apple's VPN client​
• the SonicWALL​
• the server hardware​
• the macOS Server software​
The SonicWall should support SNMP. I would suggest getting a monitor on that and start tracking the bandwidth usage. That should give you an idea if you're starting to max out the bandwidth for upload or download. If the upload bandwidth is being maxed out, that could definitely result in some of the issues you're describing.
 


Needing expert advice and informed opinions ASAP...
I deal with these issues day in and day out. I can offer my professional opinions.

Your internet connection is the predominant bottleneck. Cable modem internet is not business class. The technology was and is a hack. The asynchronous nature of the connection is not suitable for remote access. It works fine for a couple of people but that 25mbps upload cap gets hit very quickly.

To make matters worse, the more you send over a cable modem, the slower you can receive. I remember performing tests – I would send a small file while downloading a large file. When the send began, the download slowed to a crawl. As soon as the file was sent, the download would resume normally.

To make matters even worse, you have to share bandwidth with every other home and business in your vicinity. The speeds you are paying for are "best effort", not guarantees. Read your contract.

There is no way you'll be able to get synchronous fiber internet service installed in the near term, so I would recommend allowing your people to control their computers remotely. The bandwidth needed for screen sharing is far lower than what's needed for file transfer.

As for remote control software, you have many choices. You can use the built-in VNC-based screen sharing Apple provides.

If you can afford it, a corporate license for TeamViewer is really nice. It's quite excellent but very expensive. It also does not require VPN connections.

Something I use in my work, and I have not seen mentioned here yet, is Remotix and Remotix Cloud from Nulana. It's paid software, but it's very flexible and reliable. With one app, I control Windows server, Macs, and Linux machines. For Mac and Windows, their new NEAR protocol is excellent. Support for RDP and VNC is also part of the app. Combined with a Remotix Cloud account, VPN can be bypassed as well.

I am not affiliated with Nulana. I'm just a long time, paying customer.

Good luck with your situation. I hope you find a workable solution.
 



I would not use [Remotix], personally. Here's some background on its Russian provenance...
It's a fair point. At the same time, in terms of usability, design, flexibility, and functionality, I think Remotix is a superb product, though I do not use any of its cloud features.

The entire question of software sourcing and code provenance is a can of worms that, in some ways, is even more complicated and potentially worrisome than the global supply chain for the physical products we rely on daily. I'm reminded of an archived post of mine about software provenance:
josehill 2017-03-08 said:
Software sourcing is a complex area. Given that outsourcing and offshoring are such common practices in the software industry, it is truly difficult for consumers to determine the sourcing of their software tools. A large portion of my business is focused on helping organizations maintain compliance with privacy regulations, financial regulations, and security best practices, and my clients include software companies that collect personal information, location information, and extremely sensitive medical/financial information. While nearly all of my clients are headquartered and managed from the United States, a substantial majority of those does nearly all software development outside of the United States. In practice, this usually means that a US-based "Chief Technology Officer" or VP of Engineering manages the development process, a US product team handles feature specification and design, and the CTO/VP Engineering and/or a small number of US-based developers will perform a software "code review," without necessarily closely reading every single line of code.

I don't have the exact statistics handy, but around 40% of my clients have offshore/outsource operations in India, a similar amount in Eastern Europe and Russia, 15% or so develop entirely in the US/Canada, and a handful use other locations (Argentina and Uruguay are growing in popularity). While some companies publicly disclose where their software is actually developed, most companies do not volunteer that information. Many will not do so unless under audit or under a non-disclosure agreement.

I don't want to suggest that any of these companies are doing anything wrong, since there definitely are effective ways to secure the process and to protect end user information. However, at the same time, simply buying/licensing software from a US-based publisher is no guarantee that the software did not spend a lot of time in a jurisdiction that would not give the buyer great comfort. Further, even when a development team is based in the US, it is very easy for sloppy developers to incorporate questionably sourced snippets of code and open-source code libraries that they found on the Internet without doing a detailed review of what the code actually does. (This is not so different from when someone helpfully shares a useful macOS command-line on MacInTouch -- how many people paste the command-line into their terminals without understanding the command? Just because something is public and open-sourced does not mean that it is safe or won't have unintended consequences.)

In other words, I wouldn't necessarily disqualify a developer because they are based in Russia, and I wouldn't necessarily be comfortable with a developer because their offices are in Iowa.
I had additional thoughts about the software supply chain in another thread:
In other words, modern software development often involves a very complicated international supply chain, the security of that supply chain can be highly variable, and it can be pretty rare for end users to have true visibility into where their software comes from.

This ends up being an extremely unsatisfying post. On the one hand, I often think that people worry too much about security/privacy issues that are derived from the geographical origin of well-known, professionally managed products. On the other hand, the variability and vulnerability of the software supply chain across the full range of websites and apps is so large and the associated guarantees and protections are so small that I sometimes feel like pen and paper are the future.
 


Needing expert advice and informed opinions ASAP:
For health reasons / as a precaution, our 36 employees have all been instructed to work from home / not be in our office. Our company has a Mac Pro in the office operating as a file server, running Apple's macOS Server. Hundreds of terabytes of shared files. SonicWALL NSA 2650 for firewall. Dedicated IP address for the firewall and the server. Comcast business internet speed @ 300 down and 25 up. Never any problems with in-office server access — file sharing and access have been rock solid.

All employees have remote access set up using Apple's built-in VPN client via L2TP. The remote access load has averaged 3-5 clients for many months with no complaints and no disconnects. But now that everyone is using VPN to remotely connect to the office, there's a big issue with frequent and random "Authentication failed" alerts to users when either too many people try to simultaneously connect or there's a large file being uploaded to the server or downloaded from the server (I'm not sure if it's one or the other causing the alerts.)

So, my question is what's the bottleneck or the order of biggest-to-smallest bottlenecks?
• too slow of an internet pipe​
• Apple's VPN client​
• the SonicWALL​
• the server hardware​
• the macOS Server software​

I would greatly appreciate questions, comments and suggestions to improve the situation. Our employees are resorting to using Slack to announce who is connected and disconnected, as well as giving each other a heads-up when a large file needs to be transferred. This is a temporary kludge, so I need to fix the problem(s) as quickly as possible. Thanks in advance!
Scott, I think the first issue is your internet connection. I’m managing I.T. for a firm about the same size, and our 100/100 connection is running close to max for upstream (i.e. out of the office) speed for large periods of time right now.

I don’t know if the SonicWALL has any sort of speed limit on its throughput. but that might be a place to look as well. Our internet router has a hard cap of 350 megabits, so if we had a gigabit connection, we’d only be able to use 350 of it until we upgraded the speed limit of our router (all done through software keys). Also, is there a VPN connection limit on the SonicWALL?

Let us know what you discover. Thanks.
 


To clarify, each of our employees has taken their office laptops or desktops home with them, so using a remote-control app or conduit is a no-go. We all need to VPN into our office server to copy files on and off.

I am investigating the options for locating a alternate ISP that offers synchronous upload and download speeds. If anyone is familiar with the high-speed internet options for downtown in Boulder, Colorado, and can offer suggestions, please do. CenturyLink does not have anything for our location.
 


Ric Ford

MacInTouch
I am investigating the options for locating a alternate ISP that offers synchronous upload and download speeds. If anyone is familiar with the high-speed internet options for downtown in Boulder, Colorado, and can offer suggestions, please do. CenturyLink does not have anything for our location.
For what it's worth:
BroadbandNow said:
Yelp said:
 


If you can afford it, a corporate license for TeamViewer is really nice. It's quite excellent but very expensive. It also does not require VPN connections.
Here's a vote for Connectwise Control for remote access as an alternative to TeamViewer. I got this tip from a Mac tech support company that offered me a job.

They even offer a (hard-to-find) free license with the main restriction being only one remote control session at a time, and a limit of three always-on unattended "access" sessions (the other mode being on-demand "support" sessions). Of those three, you can control only one at a time, the simultaneity being the clients' always-on status to share their screen.

Not affiliated, etc.
 


I'm having trouble with Zoom meetings. I'm on a Comcast 300-Mbps line, ethernet cable from 2017 iMac to my router. Other audio/video sessions, such as Netflix via Apple TV on WiFi, are working fine. But a Zoom meeting can go along OK for 20 or 30 minutes, then the video freezes and the audio goes all "tinny" like bad cell reception for about 15 seconds. Then it all comes back just fine, sometimes displaying a warning in either Safari or Firefox that my "Internet connection is unstable."

I'm not seeing bad signal numbers at my router and usually get 350 Mbps down and 11 up, with no scary latency numbers. Of course the problem is intermittent, so these tests may miss any issue with my provider, but again, never a hiccup with hours-long viewing on Netflix.

One clue is that FaceTime audio using my iMac will act up in a similar way -- intermittent droput of the caller's voice. They can still hear me, but for 15 or so seconds they are silent. This does not happen on my iOS devices using the same network.

Any thoughts or suggestions? Thanks in advance.
 


But a Zoom meeting can go along OK for 20 or 30 minutes, then the video freezes and the audio goes all "tinny" like bad cell reception for about 15 seconds. Then it all comes back just fine, sometimes displaying a warning in either Safari or Firefox that my "Internet connection is unstable."
I have seen this in Zoom meetings more often than other any video conference apps, like WebEx. This sounds like packets get backed up on delivery and then packets are dropped until it catches up - usually due to insufficient internet bandwidth in the path from a participant to you. Here is a Zoom status page.
 


I will be virtually attending a meeting later today. The meeting will be hosted through GoToMeeting. We've been asked to download and install the app. Alternatively, we can view the meeting through a web browser.

I tried connecting to the web app but it reports that I must use Google Chrome. Neither Safari nor Firefox will work. Instead, I've set the User Agent to Google Chrome and it allows me to connect.

I have no need for webcam or microphone usage on my end -- I'm only going to listen/watch.

Can anyone speculate on what type of issues I might encounter using Safari with a user-agent set to Chrome?
 


I have accounts with many of the common web conferencing services due to my consulting work. I've gotten emails from many of them indicating that service quality may suffer at particularly busy times, especially on the hour and half hour. I've noticed some glitches here and there, but service mostly has been acceptable so far.

A couple of the services have suggested starting meetings at staggered times, like ten, twenty, or forty minutes after the hour. Not a bad idea, especially for shorter calls. Also, it may seem obvious: if you don't actually need video for a teleconference, turn it off.
 


I understand that the change to working at home has stressed the Internet, especially upload speeds. Working at home may require that the upload speed and download speed be the same, since for example, a simple action of opening a file and saving the file is roughly the same load on the upload and download channels. The internet connection typically does not have a balanced upload and download speed.

If you massively increase home office connections, the upload channel in the area, as well as the connection to the specific server. can be overwhelmed even if the overall internet speed is fast. This is not theoretical, as I have talked with a person who is doing the home office bit and has really fast internet, but the limits of the corporate server, especially the upload speed, have the IT folks frantically trying to keep the server running.
 


Can anyone speculate on what type of issues I might encounter using Safari with a user-agent set to Chrome?
That didn't go well. Safari and Firefox don't work with GoToMeeting. Vivaldi worked but without sound. GoToMeeting specifies Google Chrome, but I don't use it.

Finally, mid-meeting, I downloaded the GoToMeeting software and followed along for the second half of the meeting. Afterwords, I tried to clean up all the LaunchAgents and other detritus it left on my machine. Wow... messy software.
 


That didn't go well. Safari and Firefox don't work with GoToMeeting. Vivaldi worked but without sound. GoToMeeting specifies Google Chrome, but I don't use it.
Finally, mid-meeting, I downloaded the GoToMeeting software and followed along for the second half of the meeting. Afterwords, I tried to clean up all the LaunchAgents and other detritus it left on my machine. Wow... messy software.
Did you consider using Chrome exclusively for the meeting?
 


I'm having trouble with Zoom meetings....
Update: another clue surfaced as my iMac warned me that some other device was using its DHCP-assigned IP address. After much wrestling with the %%$# Comcast router, I was able to assign the iMac a reserved address and, so far, FaceTime calls are working just fine. My next Zoom session is Friday, so fingers crossed.

Can an IP address conflict cause the dropouts I was experiencing?
 


Ric Ford

MacInTouch
Update: another clue surfaced as my iMac warned me that some other device was using its DHCP-assigned IP address. After much wrestling with the %%$# Comcast router, I was able to assign the iMac a reserved address and, so far, FaceTime calls are working just fine. My next Zoom session is Friday, so fingers crossed.
Can an IP address conflict cause the dropouts I was experiencing?
Not sure this is the issue, but it's something to check:

System Preferences > Network > Advanced > TCP/IP

Here, you can Renew DHCP Lease and type your DHCP Client ID.

See also:

System Preferences > Sharing > Computer Name

I've had problems in the past from cloning a system drive from one Mac to another, thereby duplicating Computer Name, network settings, etc. – they need to be different for the two different computers.
 


Ric Ford

MacInTouch
FYI: TeamViewer is loosening restrictions for people in certain areas that are being heavily impacted by the coronavirus (COVID-19).
BleepingComputer said:
TeamViewer Stops Commercial Use Checks in Coronavirus-Affected Regions
TeamViewer has stated that they will stop performing checks for commercial use of their remote control product in regions heavily affected by the Coronavirus.

... "We have stopped checking connections for commercial use in heavily affected regions like China and Italy already some weeks ago and are currently implementing that for lots of other affected countries including UK," TeamViewer told TheRegister.

It is not known if the USA will be included in this change and BleepingComputer has reached out to TeamViewer for clarification.
 


Amazon disclaimer:
As an Amazon Associate I earn from qualifying purchases.

Latest posts