Overview of VNC

home -|- index -|- networks

Warning: Work construction GIF image In Progress
THIS PAGE IS UNDER HEAVY CONSTRUCTION
the contents may change regularly

Essentially, the VNC Viewer s/w connects to the VNC Server s/w, authenticates and negotiates, then the VNC Server sends screen image information to the VNC Viewer, and the VNC Viewer sends mouse and keyboard actions to the VNC Server, which passes this information to the underlying OS for action, thus facilitating remote control of the 'host' by the 'client'. Other actions, like file transfer may also be included.

It also usually involves the ROUTER given to you by your Internet Service Provider (ISP) - its correct setup can also quite critical - and if you do not wish to use a 3rd party to aid in the connection, you must have a static (read constant, permanent) IP address assigned to your connection. You do not need a specific 'Domain Name', as the public IP address of the router will be your connection point. Through 'port forwarding', the router should send your 'client' packets on to the particular 'host'.

Remote Access Services

You can read a generalized description of Remote Access Services (RAS) on wikipedia - see wiki/Remote_Access_Service ... There it suggests the original RAS was coined by Microsoft and embedded in their New Technology (NT) operating system of the time. Probably, this operating system open-ness to remote 'control' was why virus makers originally targeted Windows, as well as the fact that windows was and still is the most popular operating system. But others picked it up quickly, like Apple Remote Desktop (ARD), and VNC, sometimes through a secure Virtual Private Network (VPN) tunneling, is the more generic term for other operating systems ...

Dynamic IP Address

If you only have a dynamic IP address through your ISP, that is, your IP address can change on a daily basis, then there are a number of companies that offer a piggy-in-the-middle (PITM) service. Here you log in to your account with them, and their server will facilitate the traffic between your 'client' and 'host' machines. Some that offer this PITM service are as follows. Note, none have been tried by me! -

http://www.no-ip.com/ Support, Guides and Tips - a FREE service
http://www.dnsexit.com/ DNS Service & Management
http://www.dnsstuff.com/ Network and DNS Tools
http://www.tzo.com/ Using TZO with various routers
http://www.vpntools.com/ VPN Ports: Your Entry and Exit
http://crossloop.com/ connect 2 computers without setting network connections
http://www.remotepc.net/ view the desktop of the RemotePC enabled computer (Host)
https://secure.logmein.com/ PC from anywhere, LogMeIn Pro

This list is in no way exhaustive. It is just a list of site I came across in trying to get a VNC connection to work.

Static IP Address

If you have a 'static', that is a fixed, or permanent IP address, then you will be able to set up a Remote connection using this address. This is whether or not you have a public 'Domain Name' associated with this IP address.  If you do not know whether you have a 'static' or 'dynamic' IP address, you can go to sites like - http://www.whatismyipaddress.com/ - on successive days, and check your IP address.

Note it may stay the same, that is give the appearance of 'static', for many days, so this rough test has to be over many days. Most ISP charge money for a static IP address, so you should also know from your account details. If you do not pay for it, then there is a good chance it is only 'dynamic' ;=()

This 'static' IP address will be the 'Server Name' in the VNC 'client' software. For example, in the UltraVNC vncviewer application, this 'static' IP address is used when it asks for the VNC Server: [ 1.2.3.4 ]. This VNC Viewer has a [Browse] button, but this is only to load from .vnc files.

Setting up your Router

The router, as the name implies, is a hardware device for routing traffic from your computer to the network (WAN), internet, and when data arrives from internet, it is routed to your computer. The packet data is always two ways, but we must differentiate between 'connections' which (a) originate from your computer, and any replies to that traffic, and (b) data that originates from some remote computer. In general, the router is wide open to traffic from your computer to internet, and handles any replies that generates - that is OUT-BOUND TRAFFIC - and blocks all IN-BOUND TRAFFIC that is not directly the result of your outgoing traffic.

In other words, it effectively acts like a Firewall - only in-bound traffic generated by your computers out-bound traffic is allowed through. But to be able to establish a remote connection from the 'client' machine, we want certain other IN-BOUND traffic to also get through to the 'host' machine. So it is necessary to set up a port forwarding table in the router.

Also, at this point it is necessary to understand a little about IP addresses. The 'public' IP address of your router, that is the 'static' IP address given to you by your ISP, will be used by the 'client' machine to make a connection, but your  'host' machine must also have a fixed IP address. Normally a router will automatically assign an IP address to your machine, when you connect to internet, but for a remote VNC connection, you must give your machine what is called an 'internal' IP address.

RFC 1918 (http://www.faqs.org/rfcs/rfc1918.html) states what range this 'internal' IP address should be in. Typically your router itself will have an internal IP address of 198.168.1.1. This is the address you use to log in to the router to do the port forwarding setup. Also typically, you will use a username of 'admin', and a password of 'admin' to log into the router from your 'host' machine - it is normally only necessary to put http://198.168.1.1 into the address line of your browser, and click [ Go ] to bring up the authentication dialog to log into your router. Then you must navigate to the 'port forwarding' section, usually 'advanced', and 'NAT' are the keywords.

Here we assume you have given your 'host' machine an 'internal' IP address of 198.168.1.2. Typically this router port forwarding table will consist of the following items -
This is from an INVENTEL router (in France, called LiveBox) -

Service Protocol Port External Port Internal IP of server Delete

This is from a NetComm NB9W router (in Australia) -

Server Name External Port
Start
External Port
End
Protocol Internal Port
Start
Internal Port
End
Server IP
Address
Remove

This site - http://www.portforward.com/ - has some fabulous HELP on setting up many different routers. You just choose your router and model from a giant list, then choose the 'service' you want to connect to, and it will tell you the ports required, and show you examples. For this page, the main service is VNC, and as that site states - VNC requires you to forward the 5500, 5800, 5900 ports - They depict it as six(6) entries in the table, as follows -

Service
Name
External
Port
Protocol Internal
Port
VNC1

5500

TCP

5500

VNC2

5800

TCP

5800

VNC3

5900

TCP

5900

VNC1

5500

UDP

5500

VNC2

5800

UDP

5800

VNC3

5900

UDP

5900

Note they have separated the protocols into two lines for each. This may be an over kill in that we were able to get VNC connected just using a single line -

VPN

5900

 TCP/UDP 

5900

Host Machine Setup - VNC Server

So far all we have done is enable the router to forward unsolicited in-bound traffic of a particular port, like say 5900 (VNC) on to your 'host' machine. That 'host' machine must also be configured to run the particular 'service'.

Macintosh Tiger Setup

This site - http://www.macminicolo.net/Mac_VNC_tutor.html - gives good detail of setting up a MAC running Tiger ... the essential items is - Enabling VNC and giving it a PASSWORD, like -

Enabling VNC on a Tiger Mac

Mac OS X Server Setup

This is VERY SIMILAR to the above, but this Mac OS X Server page adds some Mac OS X Server screen shots.

Other Operating System Setup

Other Operating Systems may also have built-in software to support VNC, but at the moment I have not found it in Windows. The closest thing I have found is 'Terminal Services', that comes with Windows 2000, but it does not seem to support Remote Frame Buffer (RFB) protocol used by VNC.

But windows XP DOES have it own 'Remote Desktop' 'host' and 'client' applications. At present I have only tried these across a LAN, where they worked very well. This Microsoft site - remote intro - explains the setup of both the 'client' and the 'host' machines.

In the 'host', in brief, you MUST :-

  1. enable - green tick 'Allow users to connect remotely to this computer' in System Properties -> Remote;
  2. set/select users if to be other than the machine administrator;
  3. make sure 'Don't allow exception' is cleared in Security Center -> Firewall -> General;
  4. Remote Desktop is checked under Security Center -> Firewall -> Exceptions;
  5. The computer has a name under System -> Computer Name -> Full computer name:

And e. although it is not specifically mentioned, you must be using a PASSWORD to log in. For year, I have had no password, but when I tried to login remotely over my LAN, I got an error - Failed due to Account Restriction - I am the 'Administrator' so I should NOT have restrictions, and when I added a password, I could log in easily.

Client Machine Setup - VNC Viewer

Macintosh Tiger Setup

Again the MAC appears to shine here. It has a Remote Desktop Client (RDC), for the 'client' machine, which is essentially a VNC Viewer that connects to Apple Remote Desktop (ARD), which acts as a VNC Server in the 'host' machine, so MAC-TO-MAC connections are a breeze ;=))

Other Operating System Setup

This is much more diverse. Each system either has built-in software, like the MAC and XP, but for some you will have to download and install 3rd party software.

Windows XP to Windows XP

For example Windows XP to Windows XP has built in software. This Microsoft site - remote intro - explains the setup of both the 'client' and the 'host' machines.

In the 'client' you just run Start -> All Programs -> Accessories -> Communications -> Remote Desktop Connection, enter the computer name, or a domain name, or IP address, if remote, then the Username and Password. It is interesting that the 'host' screen changes to the login (blue) screen, and the 'host' desktop replaces the 'client' desktop. You can reduce its size, and run it within a window, then you can have access to your local desktop as well.

Of course, across a LAN, the XP-TO-XP connection is very snappy. There is almost no delay in executing actions, and the screen is almost as if you were really sitting at that machine. In fact, if it were not for the small extra bar at the top of the screen, giving the name of the remote machine, it would be easy to be confused in which machine you were actually operating ;=)). And let's hope this power and ease of use stays when Vista fully arrives.

Sites like this - http://www.uwsp.edu - show this is already being put to good use in universities, and other education institutes. It is an immensely simple way to work from your home, and still have full access to your files on the campus network ...


top

checked by tidy   Valid HTML 4.01 Transitional