How to make remote access work!

Moderators: Site Moderators, FAHC Science Team

Peter_Hucker
Posts: 306
Joined: Wed Feb 16, 2022 1:18 am

How to make remote access work!

Post by Peter_Hucker »

After spending an ENTIRE DAY trying to get these bloody things to connect remotely, I found a Youtube video which almost worked, and I only had to add the client restarting instruction at the end. So I'll list what I did in case anyone else has this problem - basically you can't connect to your other computers to monitor them! Blood has been extracted from the Folding@Home stone, so here's how I did it (on a local network, don't ask me how to do it over the internet!):

On the remote machine:

Find it's IP address and note it down.
Go into FAH control.
Configure.
Remote Access.
Enter a password of your choice.
Leave the port alone.
DO NOT CHANGE the IP addresses at the bottom, despite what other guides tell you, this does not work! Leave them as they were originally, even though this is utterly illogical:
127.0.0.1
0/0
127.0.0.1
0/0
This looks like it denies all IP addresses, but it doesn't.
You do not have to insert anything into the top ones to allow your main computer to link to it, even though logically you should.
Pause all running work and wait until it's actually showing as paused.
Exit the control program.
Right click the FAH icon in the system tray and quit that.
Restart it by opening the main web control icon. Without a restart it will not take notice of the changes (nothing tells you to do this, terrible interface design here)

On the main computer that you want to view things from:
Go into FAH control.
Click add at the bottom of the left column of clients.
Give it any name you want.
Enter the IP address of it you noted earlier.
Leave the port alone.
Enter the password you chose earlier.
Save it, and it should work.
aetch
Posts: 447
Joined: Thu Jun 25, 2020 3:04 pm
Location: Between chair and keyboard

Re: How to make remote access work!

Post by aetch »

You should have just asked, this has been covered many times before.
viewtopic.php?f=16&t=37337#p352485

FYI
IP addresses are 32-bit numbers normally written as 4 sets of 8-bit numbers, the range being 0.0.0.0 to 255.255.255.255

127.0.0.1 is called localhost
It is an internal loopback network connection on your computer for the network clients to connect to the network services on your computer.
Other computers cannot use it to access your computer, they will only be redirected back to themselves.

0/0 - this will take a little more breakdown
*DO NOT USE* this value, it allows access from any computer to your computer.

You computer should have an IP address somewhere in the 192.168.0.x or 192.168.1.x range, the number you should actually be adding to your config should look more like 192.168.0.0/24
Folding Rigs - None (25-Jun-2022)

ImageImage
calxalot
Site Moderator
Posts: 878
Joined: Sat Dec 08, 2007 1:33 am
Location: San Francisco, CA
Contact:

Re: How to make remote access work!

Post by calxalot »

deny 0/0 is treated as none instead of all because people had too much trouble using remote FAHControl.

If you really want deny all, use 0.0.0.0/0
calxalot
Site Moderator
Posts: 878
Joined: Sat Dec 08, 2007 1:33 am
Location: San Francisco, CA
Contact:

Re: How to make remote access work!

Post by calxalot »

You can use host names in FAHControl.
Eg “myothertower.local”
It doesn’t have to be a numeric address.
gunnarre
Posts: 567
Joined: Sun May 24, 2020 7:23 pm
Location: Norway

Re: How to make remote access work!

Post by gunnarre »

It is also not recommended to use remote control over the public internet - only on a LAN or via VPN connection or SSH tunnel. This is because the protocol is not encrypted, and if a packet sniffer listens to the traffic they can get your password and take over the folding client. While it would be annoying to have someone messing with your folding, the much more dangerous thing is that there could be undiscovered vulnerabilites in both FAHClient (the folding client) and FAHControl (the control GUI) which might make it possible to exploit this to take over your computer in some way. In fact an old version of FAHControl had such a vulnerability, which could make an attack from the client possible.

Edit:
If you have Linux/Mac it's very easy to set up an SSH tunnel:
First, reminder that you need permission from the owner of the machine (like your employer if it's a work computer) to run Folding@Home - preferably in writing.

For example, if you have SSH access to the machine hostname.domain.tld, you can run this command on your local machine:

Code: Select all

ssh -L 36331:127.0.0.1:36330 username@hostname.domain.tld
While that is running, you can connect to port 36331 on 127.0.0.1 to get a secure connection to port 36330 on hostname.domain.tld
You may have to close down FAHControl before you'll be allowed to close the ssh connection.
Image
Online: GTX 1660 Super, GTX 1080, GTX 1050 Ti 4G OC, RX580 + occasional CPU folding in the cold.
Offline: Radeon HD 7770, GTX 960, GTX 950
toTOW
Site Moderator
Posts: 6296
Joined: Sun Dec 02, 2007 10:38 am
Location: Bordeaux, France
Contact:

Re: How to make remote access work!

Post by toTOW »

You only have to add a password to enable remote control.

Messing with IP settings will only be useful if you have fixed IP address and want to limit access to it. Of course, it is useless on a LAN.
Image

Folding@Home beta tester since 2002. Folding Forum moderator since July 2008.
Peter_Hucker
Posts: 306
Joined: Wed Feb 16, 2022 1:18 am

Re: How to make remote access work!

Post by Peter_Hucker »

Why does mine work with only 127.0.0.1 in the allow box and 0/0 in the deny box, left as default? I'm connecting to it from another computer on a LAN which is 192.168.1.0-255

Either it's broken, or 0/0 denying nothing means it allows everything, so 127.0.0.1 is superfluous.
Peter_Hucker
Posts: 306
Joined: Wed Feb 16, 2022 1:18 am

Re: How to make remote access work!

Post by Peter_Hucker »

calxalot wrote:deny 0/0 is treated as none instead of all because people had too much trouble using remote FAHControl.

If you really want deny all, use 0.0.0.0/0
It would be simpler if it defaulted to the more commonly known format: 192.168.1.0-255. The other format is mixing decimal with hex or whatever it is.
gunnarre
Posts: 567
Joined: Sun May 24, 2020 7:23 pm
Location: Norway

Re: How to make remote access work!

Post by gunnarre »

0.0.0.0/0 notation is known as CIDR notation. There is a handy calculator for it here: https://www.subnet-calculator.com/cidr.php

Your machine should really not be available from your whole network - can you show the config section from your log? (Don't show the actual config file, because that has the passkey and passwords in it.)

Also a reminder that you have to restart the client - either by restarting the service (if installed as a service) or by logging out of Windows and back in again (if installed as a user-launched program) - before the access settings will take effect.
Image
Online: GTX 1660 Super, GTX 1080, GTX 1050 Ti 4G OC, RX580 + occasional CPU folding in the cold.
Offline: Radeon HD 7770, GTX 960, GTX 950
Peter_Hucker
Posts: 306
Joined: Wed Feb 16, 2022 1:18 am

Re: How to make remote access work!

Post by Peter_Hucker »

There's no need for this peculiar notation I've never seen anywhere else.

I can access it fine with the defaults of 127.0.0.1, 0/0, in both the password section and the free for all section. Perhaps my other machine knowing the password is enough?

No I mustn't show you my passkey or you might do work for me on me behalf! Kinda like giving you my bank account number, all you can do is pay me money, which I would like.

Here it is, although I see nothing relating to IPs in there.

07:57:42:<config>
07:57:42: <!-- Network -->
07:57:42: <proxy v=':8080'/>
07:57:42:
07:57:42: <!-- Remote Command Server -->
07:57:42: <password v='*****'/>
07:57:42:
07:57:42: <!-- Slot Control -->
07:57:42: <power v='FULL'/>
07:57:42:
07:57:42: <!-- User Information -->
07:57:42: <passkey v='*****'/>
07:57:42: <team v='224497'/>
07:57:42: <user v='PeterHucker_1HK9mWMp2xTK3f7fjowi1mCCbczu2EgFyR'/>
07:57:42:
07:57:42: <!-- Folding Slots -->
07:57:42: <slot id='0' type='CPU'>
07:57:42: <cpus v='6'/>
07:57:42: </slot>
07:57:42: <slot id='1' type='GPU'>
07:57:42: <gpu-beta v='True'/>
07:57:42: <opencl-index v='0'/>
07:57:42: <pci-bus v='0'/>
07:57:42: <pci-slot v='2'/>
07:57:42: </slot>
07:57:42: <slot id='2' type='GPU'>
07:57:42: <pci-bus v='1'/>
07:57:42: <pci-slot v='0'/>
07:57:42: </slot>
07:57:42:</config>

Yeah the restart is annoying, it really should inform you a restart is required.
calxalot
Site Moderator
Posts: 878
Joined: Sat Dec 08, 2007 1:33 am
Location: San Francisco, CA
Contact:

Re: How to make remote access work!

Post by calxalot »

If you only set a password, you should not need a restart. At least that’s how it used to be. I haven’t tested this for years.
Peter_Hucker
Posts: 306
Joined: Wed Feb 16, 2022 1:18 am

Re: How to make remote access work!

Post by Peter_Hucker »

But why is mine working without adding IPs allowed to contact it?
calxalot
Site Moderator
Posts: 878
Joined: Sat Dec 08, 2007 1:33 am
Location: San Francisco, CA
Contact:

Re: How to make remote access work!

Post by calxalot »

allow 127.0.0.1 explicitly allows the localhost
deny 0/0 is treated as deny none when a password is set

So by default, once a password is set, anyone who knows the password can connect
Peter_Hucker
Posts: 306
Joined: Wed Feb 16, 2022 1:18 am

Re: How to make remote access work!

Post by Peter_Hucker »

A rather complicated unintuitive set of boxes to fill in. So if you enter a password, only the deny box is looked at by the program? So why is the allow box there in the password protected (top) section?
calxalot
Site Moderator
Posts: 878
Joined: Sat Dec 08, 2007 1:33 am
Location: San Francisco, CA
Contact:

Re: How to make remote access work!

Post by calxalot »

Yes, confusing. Which is why you can just set a password and not worry about the ip stuff.

allow and deny are there for people who want to restrict access by IP address
Post Reply