VNC over VPN questions
alan "at" eshelmanappraisals.com
Mon Jan 3 07:22:00 2005
I use VNC over VPN too so I can share some experiences even if I cannot
answer all your questions.
First of all what brand of VPN are you using? There are at least two -
IPSec and PTPP. I use the latter so my responses are based on it. I also
use dynamic IP address assignment on both my home LAN and my work one -
different ranges on each, not by design but the routers (Linksys at work
and Siemens at home) assign different default ranges and I have never
found a reason to change from the default. When I place the cursor over
the VNC Server icon I get different results depending on whether the VPN
is connected or not. Before the VPN is connected, it displays a single IP
address - the IP address of the VNC Server machine. If the VPN is
connected it displays two IP address, separated by a comma - the first one
is the IP address of the VNC Server machine, the second one is the IP
address of the VPN connection on the VPN server. It seems to continue
displaying both IP addresses even if the VPN connection is broken. If you
are not using PTPP the results may be quite different!
Have you tried turning off the XP firewall completely? I don't mean
permantently but just to see if that allows you to connect. If it does,
you have learnt a lot (you know the problem is the XP firewall) and you
can figure out what to do. The VPN connection comes from outside the LAN
so I suspect it does come through the firewall.
Eshelman Appraisals, Inc.
alan "at" eshelmanappraisals.com
Phone (760) 692-4302
Fax (760) 692-4303
Kurt Rosenhagen said:
> I'm running VNC over VPN between two PC's running Windows XP SP2 and
> Windows 2000. Both machines are behind hardware firewalls (SMC Barricade
> the Windows XP PC, Sonicwall for the Windows 2000 PC), but as they are
> connected by VPN I believe that is not an issue - no need for
> port-forwarding etc.
> Windows 2000 PC is on a LAN and has a static internal IP Address.
> Windows XP is on a home network and uses DHCP - however, when the VNC
> server is running
> putting the mouse over the VNC server shows an internal IP address.
> Windows 2000 PC as server and Windows XP PC as client works fine.
> Windows XP PC as
> server and Windows 2000 PC as client (connecting to the internal IP
> address as noted above) does not work ("Failed to connect to server").
> The Windows XP PC is running the Windows XP SP2 firewall. When I tried
> to run VNC server from the Windows XP PC, I was asked if I wanted to
> allow VNC
> server an exception to the firewall. I said no, as I dont want to allow
> VNC connections except over the VPN connection. Is this my problem?
> Also, our hardware firewalls are set up for defaults, which I believe
> would keep all ports closed unless specifically opened. I cannot connect
> using the external IP
> address,and can only connect to the internal IP address if VPN is
> running, so I think I'm safe. But it would be nice to get confirmation.
> Last, I also use unix boxes running solaris as VNC servers. It seems
> (from the flavor of FAQ's and postings to lists such as this) that when
> using a unix server, I can
> only view "virtual machines", I can't use the VNC viewer to see the
> physical desktp of the console of the server that VNC server is running
> on. When using a PC
> server, the opposite is true; I can only see the physical desktop of the
> PC that VNC server is running on; I cant view virtual machines. Is this
> correct? Why is it so
> If it makes a difference, I'm using TridiaVNC. Thanks in advance for
> any and all help.
> VNC-List mailing list
> VNC-List "at" realvnc.com
> To remove yourself from the list visit: