I want to access an unrestricted desktop at home (preferably a docker novnc desktop container), from the very restricted office laptop/network.
The foundations are clear, started a docker container with novnc access published the porst, forwarded the required ports on my router, and i can access it from outside using my phone, or my own laptop, but can’t from the office.
The novnc landing page loads, but the connection to remote desktop fails, probably because the websockets connections are also blocked in office, so only the plain http(s) accesses are allowed (not even RDP is allowed).
(Not even dyndns providers are allowed, but i can note my current ip address in my phone :D )
Ofc i barely can install anything on office laptop, so i can create fe openvpn tunnel, etc…
Do you have some hints if it can be solved?
There’s a reason they restrict these things. Trying to get around them is a bad idea. If you get caught, your professional life is over.
If you’re that desperate, bring a non-office laptop and use a hotspot on your phone.
All the replies to you so far don’t seem to give a shit about cyber security. As an alternative experience, I’ve had a supervisor that was friends with the IT guy and together they bypassed the content filter. And not for porn or anything, for like games like wordle being blocked. They were both instantly fired when found out. Granted, this company dealt with financial transactions flowing through their network so had additional scrutiny and laws to follow, but this is basic security that any company should follow.
Well first off, how nice/tolerant is your management? Do you have savings? Some companies can fire people over this stuff, other will just ignore it.
The easiest (and least likely to make anyone mad) solution would just be to bring in your own machine and use celular internet. This way your setup will be completly seperate from the company network, and they can hardly claim you were exposing them to malware or anything. On the other hand you might have problems accessing devices like printers without copying files back and forth (are USB drives allowed?).
You can setup Apache Guacamole on your server. It uses Websockets by default, but it also has an automatic fallback to plain http/https. It will be ultra slow, but at least it will be working. It will behave like any other website, so no security risks for your company if they already have a proxy server to monitor your Internet traffic.
Was about to post to use Guacamole too, web sockets will work over HTTPS, OP is likely trying to do websockets over another port that’s getting blocked.
But over HTTPS with Guac should be fine because I did this exact thing on a very locked down work network
Some proxies block Websocket Connections by default for unknown URLs, even for port 443. Don’t ask me how I know :D
How about figure out what you can and can’t access first. Like can you access the rest of the internet openly?
Are all sites allowed, are some things blacklisted, or are sites whitelisted? If things are whitelisted on the network, it might be pretty difficult to find a hole.
Anyways, you mentioned your phone - If you have unlimited data, I’d suggest you just set up your phone for tethering, and create a private wifi from your laptop to your phone using mobile data, that should bypass all network restrictions.
as i wrote, i can’t install anything on the office laptop, probably cant even set a proxy, no docker. SSH works, but only that windows one, putty cant be installed. Everything should be done on my home server, office laptop acts basicly as just a dumb browser sslh docker commands/compose yml-s are having references to moved images, also some are missing parts
You can give chisel a try. It tunnels all traffic over http/https, and the client can then create port forwards, just as with ssh, to access other services.
Why not use a web-based tool like LogMeIn, Teamviewer, Anydesk, etc.?
Use one of the options described on StackOverflow:
- open your SSH port on 443 - maybe that’s enough
- use a SOCKS proxy server that forwards the traffic from another host to yours
- tunnel SSH over HTTPS using this old guide
- Use “sslh – A ssl/ssh multiplexer” (basically an advanced version of the above but simpler to setup)
Anti Commercial AI thingy
I don’t know much about, stuff, but maybe look into SoftEther VPN?
