Port forwarding for VNC®
By far the most common problem encountered by first-time users of VNC is an inability to connect to a VNC Server that is behind a firewall or a NAT router. This problem manifests itself with one of two error messages:
- Connection refused—This means that the IP address entered into the VNC Viewer is valid, but that nothing is listening on the port you have specified (or 5900 if you did not explicitly specify a port number).
- Connection timed out—This means that nothing responded on the IP address entered into the VNC Viewer, not even to reject the connection.
The most common reason for seeing either of these error messages is that you are entering the wrong IP address. The usual way of obtaining the IP address of your VNC Server is to hover the mouse pointer over the system tray icon:
However, it is common for computers not to be directly connected to the Internet, but to be behind a firewall or a NAT router. In this case, the IP address displayed by VNC Server is a private IP address and is only valid if you are connecting from a computer behind the same firewall/router. From any other location, the same IP address may correspond to a different computer, or it may not correspond to any computer at all.
To determine whether or not the IP address displayed by VNC Server is the one you want, visit our VNC Server test page from the computer running VNC Server. This page will tell you the IP address of the computer from which you are browsing and also whether or not a VNC Server is contactable at that address.
If the IP address displayed by that web page is not the same as the one displayed by VNC Server when you hover the mouse pointer over the system tray icon, then you are behind a NAT router, and the IP address on the web page is the one you should use to connect from any computer on the other side of that router (you might want to consider running a free dynamic DNS client if this address changes frequently or you have difficulty remembering it). If the web page indicates that it is not able to connect to a VNC Server at that address, then you will have to configure port forwarding on your router.
Accessing more than one computer
If you have more than one computer behind your router, you will need to assign each one a different external port. For example, if you want to access computers A and B, which are behind the same router, you could configure your router to forward port 5900 to A:5900 and port 5901 to B:5900. Some routers do not allow the external and internal port numbers to be different; in this case you would have to reconfigure the VNC Server running on B to accept connections on port 5901 and configure your router to forward port 5901 to B:5901.
From outside your LAN, you can connect to A using router-ip:0 (or just router-ip) and to B using router-ip:1, where router-ip is the IP address of your router, as determined in the previous section.