What's the best way to establish a VNC connection to a computer located behind a firewall/router, to which you don't have access? I have a home Linux computer on a Comcast connection, which explicitly blocks incoming requests, so I can't hit the IP directly, but I'd like to remote into it from an arbitrary Internet connection. How would I work around this?
I've witnessed some commercial products, such as one employed by Dell tech support, which appears to use a public web server, which you visit from the target computer in order to "expose" it to an incoming VNC connection. Is there anything similar that's free/cheap for personal use?
25 Answers
You can try tunneling VNC over SSH, but you may find the performance to be a bit slow. You may also want to look into freenx, which is already secure by running over SSH and is much faster than VNC.
If you don't mind using a 3rd party, I really like LogMeIn for it's security and simplicity all in one. All I need is a browser to connect to my PC at home. Your weak link is going to be the password you use for your account, so make sure it's a good one.
2You can usually just forward port 5900 from your firewall to the computer that you want to VNC into and then connect to your external IP, or get a DDNS provider if your router/firewall supports it.
2... visit from the target computer in order to "expose" it to an incoming VNC connection. Is there anything similar that's free/cheap for personal use?
TeamViewer. You'd run the quick-support (or full) module on your target and take with you the session code and password it provides. Enter these into the TV full module on your away machine to connect to the target.
Assuming for simplicity that you have only one client (but which can have arbitrary IP's), that the VNC server runs behind a firewall where you can't open ports, but the client has no such problems, a workaround would be to do put this command into an on-boot script on the server:
while sleep 100; do ssh vnc_user@$client -R 5900:127.0.0.1:5900; doneThis opens a reverse tunnel from the server to the client. This is possible from behind a firewall.
Ensure you've created a passphraseless ssh-key on the server (ssh-keygen, and press return a couple times) so you can put this in a boot script.
Now, in order to do this from an "arbitrary internet connection", simply get a free account at dyndns.org, and exchange $client in the above command for that dyndns address (e.g. myvpnclient.dyndsn.org). On the client, run sshd, and create a user with very little access:
sudo useradd -m -s /bin/false vnc_userCopy the file server:~/.ssh/id_rsa.pub into client:~vnc_user/.ssh/authorized_keys so that the vnc server has ssh access to the vnc client(s). (The /bin/false ensures the vnc server can't actually run commands on the client, only open a port; if you don't trust the server you can do more hardening in sshd_config.)
Now as long as you run a dyndns daemon on the client (or update your IP address manually at dyndns.org), you can connect to the server. If your client changes IP address, the ssh connection should drop and the server will try reestablishing the connection.
(If the client too is behind a firewall, I guess both client and server could open tunnels to a third machine which has no firewall trouble, but in any case you need at least one server which can run sshd against the open Internet.)
you can use Hamachi (which was bought by logmein). You install the client on all the machines you want to share then you create a new password protected network and join all the machines to it. Its perfectly safe. Even Steve Gibson recommended it a couple years back. I've used it many times and works like a charm.
They have a free non commercial version.