Tunneling through a firewall to a vncserver.

Chris Gokey cgokey "at" mediaone.net
Mon, 04 Mar 2002 15:07:18 +0000


On Thu, 2002-02-28 at 17:39, Michael Ossmann wrote:
> On Thu, Feb 28, 2002 at 05:15:12PM -0500, Chris Gokey wrote:
> > 
> > I'd be interested in any feedback this group can offer, regarding best
> > encryption to use, best way to compress data, security concerns, etc.
> 
> Zlib compression is great, although it would be unnecessary if you use
> TightVNC with tight encoding or zlib encoding.  AES or Blowfish are
> probably the best ciphers to use.

I believe zlib is the default implementation for compression in Java,
but you can specify other compressions schemes as well (like gzip).  
I'm currently using blowfish for my small application.  I just checked
out TightVNC, I'll give that a try, sounds like it should really improve
the performance over a typical modem.  Just with my simple program, I
was getting fairly good compression ratios, so since this is built
directly into the VNC protocol, I'd imagine the performance would be
much better as well.

> 
> The trusted 3rd party architecture (both ends initiate a connection to
> an intermediate host) is interesting, though more complicated than most
> people need.  

I agree, this 5-step process is a bit much, and probably can be reduced
with few scripts.. But it was done more as a exercise rather than
anything else.  Also, an important feature is that nothing in this code
is tied directly to VNC, so you could use this code to attach to any
server process behind a firewall (as long as the server doesn't
negotiate any other anonymous ports for the client to also connect to.)


> VNC already has a mechanism for dealing with servers that
> are behind firewalls which allow no incoming connections: the vncconnect
> program tells Xvnc to connect to a viewer that is listening at the other
> end (there is also a way to do this with WinVNC).  

Where can I find documentation on this..  I found this link:
http://www.uk.research.att.com/vnc/xvnc.html

    Xvnc can now make reverse connections to a listening viewer 
    (normally connections are made the other way round - the viewer 
    connects to the server). This is done with a helper program called 
    vncconnect. Simply run:

    vncconnect host

I don't understand, how can I connect to "host" if it is behind a
firewall?

> However, your
> architecture would be particularly useful in a situation where neither
> the client nor the server allow incoming connections.
> 
> I strongly recommend you get to know SSH:
> 
> http://www.openssh.org/
> 
> If you are interested in continuing to learn-by-doing along these lines,
> a Java SSH2 implementation would be a great contribution to the
> community.  There are SSH1 classes available, but open source SSH2
> classes are sorely missing.

Thanks, this does sound like an interesting project. 

> 
> Also, I noticed your download link is broken.  It has "localhost" as the
> host name in the URL.

This should be fixed.  Thanks for your feedback.

Chris



> 
> -- 
> Mike Ossmann, Tarantella/UNIX Engineer/Instructor
> Alternative Technology, Inc.  http://www.alttech.com/
> ---------------------------------------------------------------------
> To unsubscribe, mail majordomo "at" uk.research.att.com with the line:
> 'unsubscribe vnc-list' in the message BODY
> See also: http://www.uk.research.att.com/vnc/intouch.html
> ---------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, mail majordomo "at" uk.research.att.com with the line:
'unsubscribe vnc-list' in the message BODY
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------