Kaseya Community

Remote Control - Point to Point or still all through server

This question has suggested answer(s)

In K4, when you remoted a machine on your own network, you were able to do a peer-peer connection within your LAN and performance was great.

In K5, peer-peer connection was removed and all remote connections flowed through the KServer.

At 2009 User Conference Kaseya explained that the new version would utilize the KServer only to establish the connection and then the remainder of the session would be peer-peer and not tie up the KServer or Kservers network connection.

In the Help for Remote it mentions "helpers" that are suppose to find the best path, but the best path appears to always be the KServer.   Has anyone confirmed if the peer-peer solution works and if there are any firewall rules that need to be added to allow this?

All Replies
  • Yes it does work.  Nothing needs to be done on the client side but you do have to open up UDP on port 5721 to your KServer.  To test the connection and see how Kaseya is relaying, there is a hidden link in LiveConnect.  Put your cursor just above the (%) sign in Memory and just to the right of Help.  Hold down the Alt key and click.  A pop up will come up that shows how the LC connection is relayed.  It takes a little practice to find it but I promise it is there.

  • Firewalls and router also block some ports outgoing ports unless the traffic is specifically requested from inside the network. The remote agent uses a STUN server that reaches out to the "helper" for the hand-off. STUN is similar to SIP, so check your SIP settings on the firewall, or other P2P settings.

  • Ok so what does this say to me?

    That my connection go through my Kserver and not P2P?

    Also we have changed our default check in port to 80 but in the info below it says 5721!?

     



    [edited by: grape at 11:55 PM (GMT -8) on 1-3-2011] Updated picture
  • Yes for this particular connection, the relay is going through the KServer.  However, next time you do it, it may go P2P.  It's not an all or nothing thing.  

  • ok roger that, though it seems that I get routed through the Kserver everytime this day.

  • Is UDP open for port 5721 on your firewall?  

  • Just to the LEFT of help in case anyone else is looking.

  • Okay need some more advice on this.   We never see this connectiing as P2P always through the KServer.   Othe problem is that it always tries the P2P and we have to wait for the timeout to happen.  As soon as it gives up on P2P and goes through the KServer, KLR starts to work fully.   So I'm looking at recommendations on what might be misconfigured on the firewall that is blocking P2P or is there a way to turn this off.

  • Even when relaying through Kaseya my live connect takes no more than 10 seconds.  When you say timing out, what do you mean?

  • ispire, What kind of firewall do you have at the client site and your kserver? Do you have UDP forwarded on the kserver on the same port as you host kaseya services?

  • By the way, remote control has been amazingly fast for me the last couple of weeks. I don't know what changed, but I think they have been changing something.

  • I have an untangle firewall at host side and various firewalls at client side.  UDP port is open and forwarded.   Do get a peer to peer connection sometimes now, but speed is still not great.

  • So after a few back and forths with support and no full explanation, following is what I have found in relation to at least my situation with Live Connect.   We are utilizing Untangle at most sites for a firewall.

    1) We need to allow UDP and TCP both into the K-Server on port 5721.   We’ve always had to allow TCP on port 5721.  UDP is used for KLC.

    2) We need to allow UDP and TCP outbound from the K-Server.   This appears to go to a STUN server.   We saw this going to 99.x.x.x on port 5721 and started to get concerned, but it does appear to be a STUN thing going on specifically related to KLR.

    3) We need to allow UDP and TCP outbound from any client sites to the K-Server.  We’ve always had to allow TCP on port 5721.

    4) Success of the connection is dependent on the type of NAT.  Kaseya says P2P will not work if both machines are behind a symetric NAT.

    5) Additionally we may need to open ports 5721-5750 outbound from the K-Server and Client sites as the outgoing port vary.

    6) In Untangle, we’ve had to allow STUN and Freenet in Protocol filter.  Both of these originally blocked KLR.

    On a good day, our KLR sessions take about 5 seconds to load to the point that we see non-KLR components like Audit and another 5+ seconds to see the KLR options like Remote Control or Task Manager.   Probably another 5-10 seconds to execute a feature like Task Manager.

    At the top righ, just before the H in help, you can Alt-Click on a hidden spot that will show the status of the connection.  Note, regardless of the type of connection, the last line always shows "Relayed through K-Server".   Can't get any response back as to whether this is suppose to be that way.   At top it will say P2P successful and at bottom still saying relaying.

    Just to the right of Current User: (right of the colon) you can Alt-Click and it will show you the location of the log files.

    I have asked Kaseya to post some details on their knowledge base about how this works as I expect I'm still missing something.

  • ispire

     

    At the top righ, just before the H in help, you can Alt-Click on a hidden spot that will show the status of the connection.  Note, regardless of the type of connection, the last line always shows "Relayed through K-Server".   Can't get any response back as to whether this is suppose to be that way.   At top it will say P2P successful and at bottom still saying relaying.

     

    ispire: It WILL say "Connected through P2P" at the bottom if it is actually connected through P2P. - It says "Relayed Through K-Server" when it is *NOT* P2P

     

  • So it appears from this, that I've never been able to get a P2P connection and can't get Kaseya to provide any useful information on how to make this work.   Have any suggestions.   I'm assuming this is a firewall issue.