You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

How can I use my Mac at work from home (not using terminal/ssh)?

I used to to use TeamViewer but they want too much money. I'd like use Apple Remote Desktop to share my Mac screen at work from my home Mac but can't seem to figure that out. The work network has as shared IP on a cable modem so I can't share it just by IP address. Is there a way to share a single computer on a shared IP network? I see how to do it on SSH but I want to screen share not use terminal commands (unless a terminal command allows me to take full control of the screen). Thanks in advance.

Posted on Aug 29, 2023 4:13 PM

Reply
Question marked as Top-ranking reply

Posted on Aug 30, 2023 8:13 AM

For Dave from Greenhaven, I still think TailScale.com would be the least hassle. It would deal with the NAT router issues (shared IP address), would encrypt traffic between the 2 Macs, and make it simple to just use built-in macOS Screen Sharing.


I get the impression that Dave from Greenhaven works in a small business, or has his own small business, and does not work for a Fortune 500 company. So setting up a VPN server at work would be a big hassle. That is why TailScale.com would be ideal for Dave, as it would give him the benefits of a VPN, without the hassle of setting up his own VPN server.


On a personal note, I do work for a Fortune 500 company, and we have to use the Cisco AnyConnect VPN client to access work. Before I started working from home full time, I would the same things Luis does. My work Mac had a corporate IT assigned fixed IP address with a corporate assigned domain name.


I would use Cisco AnyConnect to connect to work, then Finder -> Go (menu) -> Connect to server-> vnc://corporate.assigned.domain.name


But I do not think Dave has that luxury, and has to be his own IT guy.


The other approach, if Dave can ssh into his work Mac, is to set up a VNC tunnel.


ssh -L 59022:localhost:5900 address.that.connects.work.mac


Then Finder -> Go (menu) -> Connect to server-> vnc://localhost:59022


The fun part is making the ssh connection.


For my Macs at home and when connecting to my Mom’s Mac, I have to configure my home router to port forward a high numbered port to the inside the house Mac’s ssh port 22. Then I can use an ssh tunnel


ssh -p high-numbered-port -L 59022:localhost:5900 home.router.ip.address


And the Connect to server -> vnc://localhost:5900


to make life easier, get a free dynamic DNS name from No-IP.com, but that then requires running software in the destination Mac to to keep the dynamic DNS name up to date if the ISP assigned IP address changes.


All in all, TailScale.com is much easier to setup and operate for a small business or user that needs to “Phone Home” while away.

Similar questions

13 replies
Question marked as Top-ranking reply

Aug 30, 2023 8:13 AM in response to Dave from Greenhaven

For Dave from Greenhaven, I still think TailScale.com would be the least hassle. It would deal with the NAT router issues (shared IP address), would encrypt traffic between the 2 Macs, and make it simple to just use built-in macOS Screen Sharing.


I get the impression that Dave from Greenhaven works in a small business, or has his own small business, and does not work for a Fortune 500 company. So setting up a VPN server at work would be a big hassle. That is why TailScale.com would be ideal for Dave, as it would give him the benefits of a VPN, without the hassle of setting up his own VPN server.


On a personal note, I do work for a Fortune 500 company, and we have to use the Cisco AnyConnect VPN client to access work. Before I started working from home full time, I would the same things Luis does. My work Mac had a corporate IT assigned fixed IP address with a corporate assigned domain name.


I would use Cisco AnyConnect to connect to work, then Finder -> Go (menu) -> Connect to server-> vnc://corporate.assigned.domain.name


But I do not think Dave has that luxury, and has to be his own IT guy.


The other approach, if Dave can ssh into his work Mac, is to set up a VNC tunnel.


ssh -L 59022:localhost:5900 address.that.connects.work.mac


Then Finder -> Go (menu) -> Connect to server-> vnc://localhost:59022


The fun part is making the ssh connection.


For my Macs at home and when connecting to my Mom’s Mac, I have to configure my home router to port forward a high numbered port to the inside the house Mac’s ssh port 22. Then I can use an ssh tunnel


ssh -p high-numbered-port -L 59022:localhost:5900 home.router.ip.address


And the Connect to server -> vnc://localhost:5900


to make life easier, get a free dynamic DNS name from No-IP.com, but that then requires running software in the destination Mac to to keep the dynamic DNS name up to date if the ISP assigned IP address changes.


All in all, TailScale.com is much easier to setup and operate for a small business or user that needs to “Phone Home” while away.

Aug 29, 2023 8:03 PM in response to Dave from Greenhaven

One other way: Share your screen using Messages on Mac - Apple Support This works, but expects a user to approve the sharing request. Whether somebody can approve the session?


As an alternative to the ARD product (which does screen sharing and much more), the built-in screen sharing client works:

Share the screen of another Mac - Apple Support

(Once initially launched, I usually drag that app icon into the Dock to make it easier to get at for next time.)


The difficulty with ARD and Screen Sharing is establishing the path into the target system, as firewalls will block this access. This usually means a VPN into the target firewall or punched all through into the target Mac. If you don’t VPN, be very careful with which remote hosts can access VNC/ARD/screensharing, as the riffraff routinely poke at that port.


ssh used to be able to kickstart to trigger an ARD session, but that support was removed in macOS 12, and the only way available now is via MDM:

Use MDM to enable Remote Management in macOS - Apple Support

Enable remote management for Remote Desktop - Apple Support


Here are some threads with replies of mine with some remote-access-related configuration info:

how do I setup ARD to work across the int… - Apple Community

What is needed in terms of network protoc… - Apple Community

Apple Remote Desktop Over WAN - Apple Community


As for a completely different approach, iCloud Files and Documents allows multiple Macs to be configured for sharing the same files. This isn’t screen sharing, it’s file sharing via iCloud.


Aug 30, 2023 2:51 AM in response to Dave from Greenhaven

I do all that without any third party software, or even Apple Remote Desktop.


NOTE: My workplace has a real VPN. Macs have VPN support built-in. There is no reason to use those pesky "public VPN"!


1) I asked the IT department to assign a fixed (local) IP to my own mac.


2) In my work Mac, I turned on Screen Sharing in System Settings->General->Sharing


3) From home, I connect to the work VPN. (at this point, I am virtually on my workplace network; that is, it is as if I my home mac were connected to an ethernet plug in my office)


4) I connect to my work mac: it can be done either by using the Screen Sharing application (built-in to every mac), or by entering the remote connection URL in Safari:

vnc://your.workmac.ip.address


  • actually, I can use a name instead of the URL, because I manually added an entry to /etc/hosts in my home mac:


vnc://mymacname

Aug 29, 2023 4:56 PM in response to Dave from Greenhaven

Your work network would need to be configured to allow you to connect into it. That would normally be done with a VPN (a real one, not the bogus privacy scam ones advertised all over claiming to protect you from evil trackers).

Your work network should have a hardware preventing access to the network from the internet. Basically you have to poke a hole in that firewall. There are secure and unsecure ways to do that. A VPN is one secure way to do that. You should not provide access to devices on that network because if you can access it, everyone else has access, too. It might be harder for them to get into, but there is a vector.


TeamViewer or ARD would require being allowed into the work network, also.

ARD requires a paid component. The client is built into macOS, but the management computer needs to be running the paid ARD software.

Aug 29, 2023 8:15 PM in response to Dave from Greenhaven

Dave from Greenhaven wrote:

…We have a couple of people that like to work remotely so I'm hoping to set up point to point remote access. Yes, we use NordVPN as our paid VPN.


First-few-hops VPNs protect agains a problem that largely hasn’t existed for a decade or so, and too often badly, and too often with privacy and security concerns.


This case would usually involve an end-to-end VPN and not a first-few-hops VPN app, and the end-to-end VPN works rather differently from how the first-few-hops VPN apps work.


An IPSec/L2TP VPN client is built in, among other choices.

Aug 29, 2023 10:35 PM in response to MrHoffman

Which commercial VPN product would recommend? The reports on Nord have always been good as far as I can tell for paid VPNs in terms of not tracking their customer data (from what's reported online about their no-logs policy). But if there is credible data that shows they do, I'll recommend our users pick a different commercial VPN. Our SE (systems engineer) prefers Express VPN. My experience is that while using the VPN, I don't get any retargeted ads whereas I do whenever I don't use the VPN, so it seems like it's solving the problem its meant for? Again, I'd like to hear if that's not true and if that problem can be mitigated without a first-few-hops VPN.


But since we're a small office and can't really do end-to-end encryption, as I understand it, we've been using TeamViewer to do remote screen control when one of our users wants to connect to with one of their office computers. But their pricing is getting pretty high ($39/user/month now) so we're trying to sort out of if it's worth it or not for remote access.

Aug 30, 2023 4:59 AM in response to Dave from Greenhaven

NordVPN is ilk are not a VPN. They are just scams using fear, uncertainty, and doubt to get you to give them money or your information. They do use obfuscation to anonymize your Internet activity to the rest of the world.

The VPN we are talking about is a piece of hardware that isolates your internal network from the rest of the world, but allows certain users to get in to the network and use it as if they are connected to it directly Inside the network

Aug 30, 2023 8:30 AM in response to BobHarris

Embedded VPN servers are my preference for small configurations, such as those from Zyxel with the USG series, or otherwise. Various of these can tie into dynamic DNS services, as well. I’d not typically choose Cisco gear here, as they’re not in the same market.


But this also gets back to remote screen-sharing services also being a reasonable approach, too. They deal with this stuff.


Aug 30, 2023 10:10 AM in response to BobHarris

Yes, that's exactly right. We need a solution as cheap and simple as TeamViewer used to be. We can't buy more hardware, set up firewalls, set up routing tables to static IPs, or use SSH to communicate. The solution we use needs to be for users that are construction trade workers and it can't require regular IT support (since I'm there maybe once a month). They just have a very basic ask - use their work computers from home from time to time. Their work computers are on a comcast shared IP network. So the TailScale does look like a reasonable solution for us. Thanks!

How can I use my Mac at work from home (not using terminal/ssh)?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.