07 January 2011

LogMeIn remote control and connectivity tools

It has been a while since I have played around with remote connections tools such as newer version of VNC, TeamViewer, DameWare ect. One of the big problems I always found with them is that clients with dynamic external IPs were a problem, and as far as machines behind a corporate firewall you could forget about getting connected.

While on holiday I was chatting to a local IT solutions provider, they mainly deal in small business support.  It then is just logical that their tools would also be different to the large corporate environments that I am used to.  It is following this chat that I decided to check out LogMeIn Free.  This is the free version of LogMeIn Pro2, it does strip down some of the nice to have features but you still have full remote control.

What make it different is that it uses a propriety remote connection protocol encapsulated in SSL.  Clients generate their own SSL certificate and that is used to secure connections.  Since the connection are normal HTTPS port 443 connections you don't run into the usual problems.  You can do Firewall and Nat traversal and it even has proxy support.

You start off by creating an account on the site.  Once you have an account you can go to the machine you want to remotely connect to, log into the site and "Add a computer."  This then installs the client and registers it for your account.

By default it will give you a limited duration trial of LogMeIn Pro2 (red.)  Once that expires you can switch to LogMeIn Free (green.)

Once the part is done you are set on the "server side."  To then connect to your machine from your client machine you simple need IE, Firefox or Chrome.  When you log onto the site you will now see your remote computers.  Click the big green "Remote Control" button and it will initiate the connection.  At the first connection it will notify you that you need to install a Plugin or Activex control.

When connected, you will be prompted for a user with administrative rights, this is either your machine or domain account.

If successful it will allow you to take control of the machine.

One thing I was really impressed by, is that they went to great lengths to enable an optimal remote working environment.  You can for instance dynamically have the display quality set based on the current connection speed.  You scale the window or even remotely change the screen resolution.  The control window can also be open in full screen mode on the client.

Some additional tools are also provided such as chat, laser pointer, white board and various view setting enhancements all available from the toolbar.

If you are concerned about security (like me) there are loads of setting that can be set to meet your needs.  Things like IP address filtering, DOS attack blocker, Authentication attack blocker.  An then there are the user options, by default no user interaction is required on the server side, but this can be changed so that permission needs to be specifically allowed.  If you want you can also add a "Personal Password" which is yet another layer of authentication.

One additional feature that I really like is the ability to automatically "screen record" the remote sessions and save them to a local avi file.

These setting can be configured on either side, through the management web interface or on the local client components.

And of course the client can be turned off, disable and/or removed if no longer required.

For me the impressive bit is that you can make this work on a machine behind a NAT firewall and one that uses a proxy server.  It is really easy since it will also automatically detect and test your proxy.

This make it an extremely useful tool since machines can managed behind a corporate proxy by another machine behind their firewall and proxy.

Check out the site and other products at https://secure.logmein.com/UK/


Jason Jones said...


Have you tried using this solution when using a TMG proxy enabled with HTTPS inspection?



Etienne Liebetrau said...

Cant say I have, have you got a test environment to check this out? It would be very useful to know.

If not I am sure i can give it a test at some later stage.

Anonymous said...

Why not just use teamviewer, or better yet rdp or vnc becasue using 3rd parties is just 1 more link in the chain to break.
both VNC and rdp are enterprise level solutions both can easyly be passed through anyfirewall corporate or personal. why make it more completcated than it need to be.

Etienne Liebetrau said...

Interesting comment. Yes there are many ways to go about doing this. I just liked the feature set of LogMeIN. I do start the article off by saying

"It is following this chat that I decided to check out LogMeIn Free."

It is a review and not an endorsement. For a free tool it has some nice features.

If anyone has a product that they would like reviewed just add a comment or drop me a mail. It makes for interesting comparison articles.

Etienne Liebetrau said...


I have just tested this through TMG with HTTPS inspection enabled. You can connect through to the site and log on the the machine, but the actual remote control portion fails.

Anonymous said...

I cant get log me in to work at all using tmg, it says failed while trying to connect. I definately know tmg is blocking it as it is in the logs

Anonymous said...

I can confirm that remote control is not working behind a TMG proxy with DPI enabled.

Anyone aware of tools that do work for remote control behind such a proxy?

Etienne Liebetrau said...

You could possibly exclude your connection from the source exception. This should prevent TMG fro issuing a certificate and it should work.

have a look at http://tmgblog.richardhicks.com/2011/11/01/configuring-forefront-tmg-2010-https-inspection-inclusion-list/

Anonymous said...

Of course I don't have any control over our TMG proxy... :-)
I used to use Adito (OpenVPN ALS), a SSL VPN solution but that doensn't seem to work anymore either.

Etienne Liebetrau said...

Have you tried using TeamViewer?

Timothy said...

I have tmg too and it is blocking logmein too.
Have you figured out a solution to this problem?
Because I need to have this fixed.
Thanks for any help you can provide

Etienne Liebetrau said...


It can be blocked by a number of criteria. You would have to look at the logs and see which rule is doing the blocking - this will give you a good idea of where to start looking.

Post a Comment