Setting up VNC Server and viewer
jim_hill_au-24 "at" yahoo.com.au
Sun Apr 2 04:31:01 2006
(I sent this yesterday but Thunderbird addressed it
only to Andreas, not to the list.)
in reply to Andreas Gieryic:
i think your first option won't work.
This looks more right.
> ... install the server piece on all the remote workstations (after hard
> coding all their private IP addresses) and then install the viewer on my
> home system to allow me to connect to them.
but won't you need to open a port in your router for each w/s?
or perhaps it's possible to install vnc viewer on the file
server, and daisy-chain; ie, connect from home to server,
then from server to w/s. (someone who knows pls advise:)
Actually I do this part in reverse -- get the user on the w/s
to make their vnc server call my listening viewer
(at home i have a fixed ip address).
You should encrypt your connection from home.
I use sTunnel, and have attached an sTunnel config note.
(Was hoping to expand it to a complete VNC/sTunnel how-to,
but didn't get time yet, as usual ;)
sTunnel configuration file
In this section we look at these elements in stunnel.conf:
* client =
* accept =
* connect =
"client" refers to sTunnel itself, not to whatever runs through it.
sTunnel is a server if it listens for connections from a remote host.
It is a client if it listens for requests from localhost (and then
calls a remote host).
sTunnel does not initiate connections of it's own accord; when started
it does nothing but listen.
It does not establish a connection until it gets a request from one of
the 'services' listed in stunnel.conf.
accept and connect
These go in pairs: exactly one of each under each service heading.
For each service, sTunnel listens on the 'accept' address:port and
forwards to the 'connect' address:port.
The value of "accept" in a sense identifies the service to sTunnel,
and each service must have a unique address:port.
When it starts, sTunnel listens on the 'accept' address:port given
under every service heading.
This is an address and port that sTunnel listens on. (Not an address
to accept calls from.)
sTunnel can accept requests coming in on any local interface.
if you put accept = 127.0.0.1 it can accept only on the loopback
Loopback hears only calls that originate from a local process, and
cannot receive from a remote machine.
Use 127.0.0.1 for security, whem you want to accept requests only from
0.0.0.0 means any address, so in this context it means any local
interface (including loopback).
Use 0.0.0.0 to accept requests from remote hosts, when you don't have
any reason to specify a particular interface.
It's more convenient than having to know a specific address, and it
works if you don't have a fixed IP address.
This is an address and port that sTunnel forwards traffic to.
It can be 127.0.0.1 if accepting from a remote host and connecting to
a local process.
Otherwise it must be the address of a remote host, to a port on which
sTunnel is listening.
In the table below, only one port number has to be as shown here, and
With all the others you can choose your own numbers.
(But of course, you have to match calling and receiving ports, as i
and use the same ports in VNC where applicable.)
Scenario client= accept= connect= VNC connect to VNC listen on
VNC server listens no 0.0.0.0:custom_port 127.0.0.1:55901
VNC viewer calls yes 127.0.0.1:55901 remote_address:custom_port
VNC server calls yes 127.0.0.1:55500 remote_address:custom_port
VNC viewer listens no 0.0.0.0:custom_port 127.0.0.1:5500