[...]
[...]
[...]
In any case, you install the VNC server on the computer you want to connect
*to* (ie. you want to access it's display remotely), and the viewer on the
computer you want to connect *from*. Exactly as with *any* network service.
The server is the machine you are connecting to, the client is the machine
you are connecting from.
Think of VNC as of "graphical mode telnet" ;-). If you want to access some
machine via telnet, you need to have a telnet server on the machine you want
to connect to, and a telnet client on a machine you are connecting from.
So, if you want to view several workstations' displays from your home
machine, each of these workstations has to have VNC server installed, and
you have to run VNC viewer on your home machine.
Regards,
Jaroslaw Rafa
***@ap.krakow.pl

(I sent this yesterday but Thunderbird addressed it
only to Andreas, not to the list.)

in reply to Andreas Gieryic:

i think your first option won't work.
This looks more right.
but won't you need to open a port in your router for each w/s?

or perhaps it's possible to install vnc viewer on the file
server, and daisy-chain; ie, connect from home to server,
then from server to w/s. (someone who knows pls advise:)

Actually I do this part in reverse -- get the user on the w/s
to make their vnc server call my listening viewer
(at home i have a fixed ip address).

You should encrypt your connection from home.
I use sTunnel, and have attached an sTunnel config note.
(Was hoping to expand it to a complete VNC/sTunnel how-to,
but didn't get time yet, as usual ;)

jim
sTunnel configuration file

In this section we look at these elements in stunnel.conf:
* client =
* accept =
* connect =

client =

"client" refers to sTunnel itself, not to whatever runs through it.
sTunnel is a server if it listens for connections from a remote host.
It is a client if it listens for requests from localhost (and then
calls a remote host).

sTunnel does not initiate connections of it's own accord; when started
it does nothing but listen.
It does not establish a connection until it gets a request from one of
the 'services' listed in stunnel.conf.

accept and connect

These go in pairs: exactly one of each under each service heading.
For each service, sTunnel listens on the 'accept' address:port and
forwards to the 'connect' address:port.

The value of "accept" in a sense identifies the service to sTunnel,
and each service must have a unique address:port.

When it starts, sTunnel listens on the 'accept' address:port given
under every service heading.

accept =

This is an address and port that sTunnel listens on. (Not an address
to accept calls from.)

sTunnel can accept requests coming in on any local interface.

if you put accept = 127.0.0.1 it can accept only on the loopback
interface.
Loopback hears only calls that originate from a local process, and
cannot receive from a remote machine.
Use 127.0.0.1 for security, whem you want to accept requests only from
internal processes.

0.0.0.0 means any address, so in this context it means any local
interface (including loopback).
Use 0.0.0.0 to accept requests from remote hosts, when you don't have
any reason to specify a particular interface.
It's more convenient than having to know a specific address, and it
works if you don't have a fixed IP address.

connect =

This is an address and port that sTunnel forwards traffic to.

It can be 127.0.0.1 if accepting from a remote host and connecting to
a local process.

Otherwise it must be the address of a remote host, to a port on which
sTunnel is listening.

In the table below, only one port number has to be as shown here, and
that's 5500.
With all the others you can choose your own numbers.
(But of course, you have to match calling and receiving ports, as i
have here,
and use the same ports in VNC where applicable.)

Scenario client= accept= connect= VNC connect to VNC listen on
Normal mode
VNC server listens no 0.0.0.0:custom_port 127.0.0.1:55901
127.0.0.1::55901
VNC viewer calls yes 127.0.0.1:55901 remote_address:custom_port
127.0.0.1::55901
Reverse mode
VNC server calls yes 127.0.0.1:55500 remote_address:custom_port
127.0.0.1::55500
VNC viewer listens no 0.0.0.0:custom_port 127.0.0.1:5500
127.0.0.1::5500

That makes it much clearer. One more question. Since every workstation I
want to connect remotely, I know each will run VNC server. I then need to
open a port for each workstation (5900, 5901, 5902...)on the router-on the
remote side. Is this correct or is there a better way?
Thanks!

-----Original Message-----
From: vnc-list-***@realvnc.com [mailto:vnc-list-***@realvnc.com] On
Behalf Of Jaroslaw Rafa
Sent: Saturday, April 01, 2006 4:32 PM
To: vnc-***@realvnc.com
Subject: Re: Setting up VNC Server and viewer
Server
[...]
network
[...]
[...]
In any case, you install the VNC server on the computer you want to connect
*to* (ie. you want to access it's display remotely), and the viewer on the
computer you want to connect *from*. Exactly as with *any* network service.
The server is the machine you are connecting to, the client is the machine
you are connecting from.
Think of VNC as of "graphical mode telnet" ;-). If you want to access some
machine via telnet, you need to have a telnet server on the machine you want
to connect to, and a telnet client on a machine you are connecting from.
So, if you want to view several workstations' displays from your home
machine, each of these workstations has to have VNC server installed, and
you have to run VNC viewer on your home machine.
Regards,
Jaroslaw Rafa
***@ap.krakow.pl

Yes, you have to open a port for each workstation.
Someone here suggested the use of VNC viewer in listening mode, where the
connection is made in the opposite direction: from server to viewer. If you
have a public IP address for your home machine (or can open a port), maybe
you can try that way. But I have no experience with listening mode, so maybe
someone else will be of better help.
Regards,
Jaroslaw Rafa
***@ap.krakow.pl

John Burns napisal(a):
[Charset iso-8859-1 unsupported, filtering to ASCII...]
What do you exactly mean by this?
Certainly, VNC is not able to automatically open the required port *on the
router* and forward it to the target machine. And I guess that's what the
original poster asked about (he was talking about having his workstations on
a LAN behind NAT).
Regards,
Jaroslaw Rafa
***@ap.krakow.pl

John Burns napisal(a):
[Charset iso-8859-1 unsupported, filtering to ASCII...]
I still don't get your point.
Suppose you have 30 VNC servers on a NAT'ed LAN and want to connect to them
from outside.
Certainly you will have to forward 30 ports *on the router* to those 30
machines to be able to connect.
Ie. if external address of the router is x.x.x.x
then x.x.x.x:5900 is forwarded to, say 192.168.0.10:5900
x.x.x.x:5901 is forwarded to 192.168.0.11:5900
x.x.x.x:5902 is forwarded to 192.168.0.12:5900
and so on...
How do you want to connect without port forwarding?
Regards,
Jaroslaw Rafa
***@ap.krakow.pl

Possibly a better way would be to use SSH to tunnel connections to a
specific machine which can act as a "gateway" server. Then port forward a
port for each workstation from that machine. Then from the viewer you can
use the "loopback" to connect to each workstation you want to reach -- i.e.
127.0.0.1:5923 for the 22nd workstation (you pretty much can't use :5900, as
that's reserved for the viewer machine.)
John

Jaroslaw:

Heya. Similar to Jerry's suggestion, if you run a tunneling
utility (like SSH, EchoVNC, or even a SSL VPN) across the router, you
don't need to open one-port-per-PC.
For VNC, it's relatively easy to workaround this limitation,
obviously. But for other apps that use a set of TCP/UDP ports, a
tunnel may be the only scalable solution.

cheers,
Scott


<snip>
<snip>