How to make remote access work!
Moderators: Site Moderators, FAHC Science Team
-
- Posts: 308
- Joined: Wed Feb 16, 2022 1:18 am
How to make remote access work!
After spending an ENTIRE DAY trying to get these bloody things to connect remotely, I found a Youtube video which almost worked, and I only had to add the client restarting instruction at the end. So I'll list what I did in case anyone else has this problem - basically you can't connect to your other computers to monitor them! Blood has been extracted from the Folding@Home stone, so here's how I did it (on a local network, don't ask me how to do it over the internet!):
On the remote machine:
Find it's IP address and note it down.
Go into FAH control.
Configure.
Remote Access.
Enter a password of your choice.
Leave the port alone.
DO NOT CHANGE the IP addresses at the bottom, despite what other guides tell you, this does not work! Leave them as they were originally, even though this is utterly illogical:
127.0.0.1
0/0
127.0.0.1
0/0
This looks like it denies all IP addresses, but it doesn't.
You do not have to insert anything into the top ones to allow your main computer to link to it, even though logically you should.
Pause all running work and wait until it's actually showing as paused.
Exit the control program.
Right click the FAH icon in the system tray and quit that.
Restart it by opening the main web control icon. Without a restart it will not take notice of the changes (nothing tells you to do this, terrible interface design here)
On the main computer that you want to view things from:
Go into FAH control.
Click add at the bottom of the left column of clients.
Give it any name you want.
Enter the IP address of it you noted earlier.
Leave the port alone.
Enter the password you chose earlier.
Save it, and it should work.
On the remote machine:
Find it's IP address and note it down.
Go into FAH control.
Configure.
Remote Access.
Enter a password of your choice.
Leave the port alone.
DO NOT CHANGE the IP addresses at the bottom, despite what other guides tell you, this does not work! Leave them as they were originally, even though this is utterly illogical:
127.0.0.1
0/0
127.0.0.1
0/0
This looks like it denies all IP addresses, but it doesn't.
You do not have to insert anything into the top ones to allow your main computer to link to it, even though logically you should.
Pause all running work and wait until it's actually showing as paused.
Exit the control program.
Right click the FAH icon in the system tray and quit that.
Restart it by opening the main web control icon. Without a restart it will not take notice of the changes (nothing tells you to do this, terrible interface design here)
On the main computer that you want to view things from:
Go into FAH control.
Click add at the bottom of the left column of clients.
Give it any name you want.
Enter the IP address of it you noted earlier.
Leave the port alone.
Enter the password you chose earlier.
Save it, and it should work.
Re: How to make remote access work!
You should have just asked, this has been covered many times before.
viewtopic.php?f=16&t=37337#p352485
FYI
IP addresses are 32-bit numbers normally written as 4 sets of 8-bit numbers, the range being 0.0.0.0 to 255.255.255.255
127.0.0.1 is called localhost
It is an internal loopback network connection on your computer for the network clients to connect to the network services on your computer.
Other computers cannot use it to access your computer, they will only be redirected back to themselves.
0/0 - this will take a little more breakdown
*DO NOT USE* this value, it allows access from any computer to your computer.
You computer should have an IP address somewhere in the 192.168.0.x or 192.168.1.x range, the number you should actually be adding to your config should look more like 192.168.0.0/24
viewtopic.php?f=16&t=37337#p352485
FYI
IP addresses are 32-bit numbers normally written as 4 sets of 8-bit numbers, the range being 0.0.0.0 to 255.255.255.255
127.0.0.1 is called localhost
It is an internal loopback network connection on your computer for the network clients to connect to the network services on your computer.
Other computers cannot use it to access your computer, they will only be redirected back to themselves.
0/0 - this will take a little more breakdown
*DO NOT USE* this value, it allows access from any computer to your computer.
You computer should have an IP address somewhere in the 192.168.0.x or 192.168.1.x range, the number you should actually be adding to your config should look more like 192.168.0.0/24
-
- Site Moderator
- Posts: 1161
- Joined: Sat Dec 08, 2007 1:33 am
- Location: San Francisco, CA
- Contact:
Re: How to make remote access work!
deny 0/0 is treated as none instead of all because people had too much trouble using remote FAHControl.
If you really want deny all, use 0.0.0.0/0
If you really want deny all, use 0.0.0.0/0
-
- Site Moderator
- Posts: 1161
- Joined: Sat Dec 08, 2007 1:33 am
- Location: San Francisco, CA
- Contact:
Re: How to make remote access work!
You can use host names in FAHControl.
Eg “myothertower.local”
It doesn’t have to be a numeric address.
Eg “myothertower.local”
It doesn’t have to be a numeric address.
Re: How to make remote access work!
It is also not recommended to use remote control over the public internet - only on a LAN or via VPN connection or SSH tunnel. This is because the protocol is not encrypted, and if a packet sniffer listens to the traffic they can get your password and take over the folding client. While it would be annoying to have someone messing with your folding, the much more dangerous thing is that there could be undiscovered vulnerabilites in both FAHClient (the folding client) and FAHControl (the control GUI) which might make it possible to exploit this to take over your computer in some way. In fact an old version of FAHControl had such a vulnerability, which could make an attack from the client possible.
Edit:
If you have Linux/Mac it's very easy to set up an SSH tunnel:
First, reminder that you need permission from the owner of the machine (like your employer if it's a work computer) to run Folding@Home - preferably in writing.
For example, if you have SSH access to the machine hostname.domain.tld, you can run this command on your local machine:
While that is running, you can connect to port 36331 on 127.0.0.1 to get a secure connection to port 36330 on hostname.domain.tld
You may have to close down FAHControl before you'll be allowed to close the ssh connection.
Edit:
If you have Linux/Mac it's very easy to set up an SSH tunnel:
First, reminder that you need permission from the owner of the machine (like your employer if it's a work computer) to run Folding@Home - preferably in writing.
For example, if you have SSH access to the machine hostname.domain.tld, you can run this command on your local machine:
Code: Select all
ssh -L 36331:127.0.0.1:36330 [email protected]
You may have to close down FAHControl before you'll be allowed to close the ssh connection.
Online: GTX 1660 Super + occasional CPU folding in the cold.
Offline: Radeon HD 7770, GTX 1050 Ti 4G OC, RX580
-
- Site Moderator
- Posts: 6373
- Joined: Sun Dec 02, 2007 10:38 am
- Location: Bordeaux, France
- Contact:
Re: How to make remote access work!
You only have to add a password to enable remote control.
Messing with IP settings will only be useful if you have fixed IP address and want to limit access to it. Of course, it is useless on a LAN.
Messing with IP settings will only be useful if you have fixed IP address and want to limit access to it. Of course, it is useless on a LAN.
-
- Posts: 308
- Joined: Wed Feb 16, 2022 1:18 am
Re: How to make remote access work!
Why does mine work with only 127.0.0.1 in the allow box and 0/0 in the deny box, left as default? I'm connecting to it from another computer on a LAN which is 192.168.1.0-255
Either it's broken, or 0/0 denying nothing means it allows everything, so 127.0.0.1 is superfluous.
Either it's broken, or 0/0 denying nothing means it allows everything, so 127.0.0.1 is superfluous.
-
- Posts: 308
- Joined: Wed Feb 16, 2022 1:18 am
Re: How to make remote access work!
It would be simpler if it defaulted to the more commonly known format: 192.168.1.0-255. The other format is mixing decimal with hex or whatever it is.calxalot wrote:deny 0/0 is treated as none instead of all because people had too much trouble using remote FAHControl.
If you really want deny all, use 0.0.0.0/0
Re: How to make remote access work!
0.0.0.0/0 notation is known as CIDR notation. There is a handy calculator for it here: https://www.subnet-calculator.com/cidr.php
Your machine should really not be available from your whole network - can you show the config section from your log? (Don't show the actual config file, because that has the passkey and passwords in it.)
Also a reminder that you have to restart the client - either by restarting the service (if installed as a service) or by logging out of Windows and back in again (if installed as a user-launched program) - before the access settings will take effect.
Your machine should really not be available from your whole network - can you show the config section from your log? (Don't show the actual config file, because that has the passkey and passwords in it.)
Also a reminder that you have to restart the client - either by restarting the service (if installed as a service) or by logging out of Windows and back in again (if installed as a user-launched program) - before the access settings will take effect.
Online: GTX 1660 Super + occasional CPU folding in the cold.
Offline: Radeon HD 7770, GTX 1050 Ti 4G OC, RX580
-
- Posts: 308
- Joined: Wed Feb 16, 2022 1:18 am
Re: How to make remote access work!
There's no need for this peculiar notation I've never seen anywhere else.
I can access it fine with the defaults of 127.0.0.1, 0/0, in both the password section and the free for all section. Perhaps my other machine knowing the password is enough?
No I mustn't show you my passkey or you might do work for me on me behalf! Kinda like giving you my bank account number, all you can do is pay me money, which I would like.
Here it is, although I see nothing relating to IPs in there.
07:57:42:<config>
07:57:42: <!-- Network -->
07:57:42: <proxy v=':8080'/>
07:57:42:
07:57:42: <!-- Remote Command Server -->
07:57:42: <password v='*****'/>
07:57:42:
07:57:42: <!-- Slot Control -->
07:57:42: <power v='FULL'/>
07:57:42:
07:57:42: <!-- User Information -->
07:57:42: <passkey v='*****'/>
07:57:42: <team v='224497'/>
07:57:42: <user v='PeterHucker_1HK9mWMp2xTK3f7fjowi1mCCbczu2EgFyR'/>
07:57:42:
07:57:42: <!-- Folding Slots -->
07:57:42: <slot id='0' type='CPU'>
07:57:42: <cpus v='6'/>
07:57:42: </slot>
07:57:42: <slot id='1' type='GPU'>
07:57:42: <gpu-beta v='True'/>
07:57:42: <opencl-index v='0'/>
07:57:42: <pci-bus v='0'/>
07:57:42: <pci-slot v='2'/>
07:57:42: </slot>
07:57:42: <slot id='2' type='GPU'>
07:57:42: <pci-bus v='1'/>
07:57:42: <pci-slot v='0'/>
07:57:42: </slot>
07:57:42:</config>
Yeah the restart is annoying, it really should inform you a restart is required.
I can access it fine with the defaults of 127.0.0.1, 0/0, in both the password section and the free for all section. Perhaps my other machine knowing the password is enough?
No I mustn't show you my passkey or you might do work for me on me behalf! Kinda like giving you my bank account number, all you can do is pay me money, which I would like.
Here it is, although I see nothing relating to IPs in there.
07:57:42:<config>
07:57:42: <!-- Network -->
07:57:42: <proxy v=':8080'/>
07:57:42:
07:57:42: <!-- Remote Command Server -->
07:57:42: <password v='*****'/>
07:57:42:
07:57:42: <!-- Slot Control -->
07:57:42: <power v='FULL'/>
07:57:42:
07:57:42: <!-- User Information -->
07:57:42: <passkey v='*****'/>
07:57:42: <team v='224497'/>
07:57:42: <user v='PeterHucker_1HK9mWMp2xTK3f7fjowi1mCCbczu2EgFyR'/>
07:57:42:
07:57:42: <!-- Folding Slots -->
07:57:42: <slot id='0' type='CPU'>
07:57:42: <cpus v='6'/>
07:57:42: </slot>
07:57:42: <slot id='1' type='GPU'>
07:57:42: <gpu-beta v='True'/>
07:57:42: <opencl-index v='0'/>
07:57:42: <pci-bus v='0'/>
07:57:42: <pci-slot v='2'/>
07:57:42: </slot>
07:57:42: <slot id='2' type='GPU'>
07:57:42: <pci-bus v='1'/>
07:57:42: <pci-slot v='0'/>
07:57:42: </slot>
07:57:42:</config>
Yeah the restart is annoying, it really should inform you a restart is required.
-
- Site Moderator
- Posts: 1161
- Joined: Sat Dec 08, 2007 1:33 am
- Location: San Francisco, CA
- Contact:
Re: How to make remote access work!
If you only set a password, you should not need a restart. At least that’s how it used to be. I haven’t tested this for years.
-
- Posts: 308
- Joined: Wed Feb 16, 2022 1:18 am
Re: How to make remote access work!
But why is mine working without adding IPs allowed to contact it?
-
- Site Moderator
- Posts: 1161
- Joined: Sat Dec 08, 2007 1:33 am
- Location: San Francisco, CA
- Contact:
Re: How to make remote access work!
allow 127.0.0.1 explicitly allows the localhost
deny 0/0 is treated as deny none when a password is set
So by default, once a password is set, anyone who knows the password can connect
deny 0/0 is treated as deny none when a password is set
So by default, once a password is set, anyone who knows the password can connect
-
- Posts: 308
- Joined: Wed Feb 16, 2022 1:18 am
Re: How to make remote access work!
A rather complicated unintuitive set of boxes to fill in. So if you enter a password, only the deny box is looked at by the program? So why is the allow box there in the password protected (top) section?
-
- Site Moderator
- Posts: 1161
- Joined: Sat Dec 08, 2007 1:33 am
- Location: San Francisco, CA
- Contact:
Re: How to make remote access work!
Yes, confusing. Which is why you can just set a password and not worry about the ip stuff.
allow and deny are there for people who want to restrict access by IP address
allow and deny are there for people who want to restrict access by IP address