Tunneling?

Am I missing where we can tunnel, or is this not possible with the syncro? We use tunneling extensively to access everything from routers to rdp to servers and computers, to manage nas boxes. It would be silly to have to get into a machine and then do it locally from there.

  • sorry for having this uncategorized, but wasn’t sure quite what category it belongs in

No tunneling in Syncro. I believe Domotz offers that. I typically just remote into a machine/server onsite using my ScreenConnect. Syncro offers Splashtop or the Backgrounding Tools for remote access/remote command line.

2 Likes

@anon47640642 Might be good in Feature Requests.

When we need to Tunnel we use SimpleHelp. Works most of the time.

I have a VPN server that I can dial into for each client site. Most decent routers have this facility built in. Useful for when you need access to ILO/IDRAC, router, switch, NAS etc without having to jump from a machine/server on site. Very useful for when nothing works (remote access wise) VPN server saves the day.

I agree that adding a Tunnel to Syncro would be a great addition. If they team that with a list of internal URLs at a clients site (like an address book) that would round out the Tunnel capability nicely.

love simplehelp, but the plan was to move from it to syncro, not to continue it with syncro. also don’t like the idea of having vpn access open at all client sites, it’s another set of credentials and another entry for hackers, not to mention the time that it would take to setup a connection the client site every time we need to access. we use tunneling enough that this could be a make it or break it for syncro unfortunately

Other RMMs use a network probe to facilitate tunneling. For some reason Syncro hasn’t developed a network probe yet. This would open up so many other doors such as push installs, network scans, etc. I used this often before to access network devices.

Arguable - having the ability to push installs over network access just meant your devices was open for attacks - just saying. Only domain installs and physical installs (with admin rights) should be allow.

In the mean time - there are scripts you could run to “probe” for devices on the network. In some cases, there are APIs you can call on the router as well to find devices/IP tables. Keep in mind, most probes can still be trick and/or give the wrong information. I know I have been writing a script that gathers this information already and even compares MAC IDs to known hardware. So far it works a good chunk of the time, but I also known it doesnt work on that last 20% too.

For tunneling, it would be nice. I know some routers are starting to include it in their supported feature list as well.

The probe must properly authenticate to the device using either domain creds or local admin creds. Many RMMs and other platforms have been doing this for years. It usually just requires a few things like File and Printer Sharing and access to the admin$ share. I think some if not a lot of RMMs are still using psexec.

Agreed, setting up VPN access to every client site would not be a solution I would want to implement for lots of reasons. Top of that list is credentials, but managing and implementing the “VPN Server” at each customer site wouldn’t work for us. There are too many customer sites.

We mostly use SimpleHelp in our tech stack as an alternative to TeamViewer. IMO, Syncro cannot be an alternative to TeamVeiwer. I don’t see SimpleHelp as a full RMM either, its kind of in between, and certainly low cost compared to any other RMM. After the first year SimpleHelp can even be free if you want to stop paying and get no support/upgrades.
True, like a VPN, I guess we have credentials for each and every SimpleHelp device, but we find that easy to manage.
I see a network probe as a seperate feature to tunneling. Though I would like to see Syncro implement both.

1 Like

In other RMMs, the network probe is what allows all the back-end network functionality, including tunneling. Similar to SNMP, you will need a dedicated agent that will handle the handshake and tunneling. Tunneling to a device with an agent on it can be added to the agent, but tunneling to a non-agent device requires more network awareness, so a probe would be the next logical step.

I disagree completely. Tunneling doesn’t require snmp or network probes to be running. You are basically proxying a network connection through a remote device. The device you are proxying through does not need to know anything about the device you are trying to reach, it just needs to be on the network with it.

SNMP is a different thing completely, as would be a network probe cataloging and scanning through the network.

2 Likes

Yes but Syncro’s agent doesn’t have really anything “networking” programmed into it besides SNMP. You may be taking the word probe too literal. It’s more of a master agent, which is how Syncro’s SNMP works at the moment. This is technically a “network probe” without them using the term. I like this definition of a network probe. " A network probe is really just a messenger." You would not want more than 1 agent acting as a master agent to facilitate tunnels, there’s just no need to have all that network traffic. In your definition of being able to tunnel, you are essentially saying you must input the IP of the device to tunnel, which is half-baked if they are going to add tunneling. Just like their SNMP is now, you can’t walk a device through Syncro. We just don’t need another half solution baked in.

I agree with @anon47640642
A Network Probe feature is not a Tunneling feature.
A Network Probe feature is a feature that scans the LAN and reports back what it finds.

A Tunnelling feature is a feature that is a doorway to a single and specific IP address and port combination on the same LAN as the device facilitating the Tunnel.

I feel that it is vital not to merge the two features into dependancies of each other otherwise the implementation will get pushed ever further into the never never due to the features appearing too hard.

BTW:
.net - Implementing SSL tunnel in C# - Stack Overflow

SSL Stream Class

If Syncro was to add this capability to every agent, then the agent size and resource usage goes up. There’s also a concern of security if every agent can perform network functions. This could also add to network traffic on the LAN/WAN. Network probes in RMMs have expanded capabilities beyond just scanning the network. It enables all kinds of network functionality, including tunneling. Call it something else if you are hung up on the term, most RMMs call it some variation of the word probe, but Syncro will need to add something that will handle network functions and IMO it’s a bad idea to build it into the agent.

Thanks @Jimmie
Yes I am concerned about security as well.
Every agent can currently perform read/write disk operations, terminal operations, script operations, custom field operations in the Syncro Cloud database.
Yet, network functionality is somehow a line not to cross?
I don’t understand that.

BTW: Did you see these threads requesting improved security in Syncro?
Are you in support of these concerns?
Limit global admin access to IP addresses - Feature Requests & Suggestions - Syncro Support Community (syncromsp.com)

Script history disappears when script is deleted! - Scripting & APIs / Scripts - Syncro Support Community (syncromsp.com)

+1 vote for Domotz. Coming from NinjaRMM, the lack of a good RMM dashboard (not one focused on ticket stats) was evident. Domotz fills that need, and offers things we never knew we wanted or needed! Tunneling is a great tool, that till we had Domotz we didn’t even think to look at. It’s well worth the cost per site, IMHO