I am trying to set up something for my job, which will be secure, and easy to implement. Logmeinrescue was perfect, except the cost. Anyway, heres where I am at:
I am using SCIII(i think), and the SSL repeater. So far, I have verified that both the SC server(reverse connection) and viewer(tech support) can connect using only SSL. While this was exactly what i wanted to achieve until i realized one detail: anyome can connect as a server OR A VIEWER on ssl. I would like to either be able to only allow server connections through SSL, and require the viewer to use another port(so that a firewall can limit communications), or limit which IPs the repeater will accept viewer connections on, but allow anyone to connect as reverse server. Basically heres the end goal:
we would host the SSL repeater server in our DMZ. The users could go to a web page and run the SC server file, and connect to the repeater via SSL, entering the PIN provided by tech support(already have this part down). Tech support would connect the inside of the network, if necessary not using SSL since the device is in our control, using the VNC viewer, to support the user. I only want people to be able to connect to the repeater using the viewer is behind our secure network. For simplicity sake, it would be ideal if just SSL could be used on both ends but if not thats understandable.