Hey guys,

I hope you forgive me for reviving an old thread, but I found it while doing a search on this site for help. I am trying to do as this OP did, but am not having luck VNCing into my PC over the internet.

My setup for the server:
XP SP2
CopSSH (running standard 22 port)
UltraVNC (running standard 5900 port)
WRT54G router (forwarding port 22 to XP)

When on my local network, I can easily log into my PC via VNC on my N800; e.g., my.local.ipaddress:5900 or just my.local.ipaddress

When on the internet (tethering through my cell phone), I can easily SSH into my PC; e.g., ssh -L5901:127.0.0.1:5900 XP_username@my.internet.ipaddress. I get prompted for my password, and I successfully log in.

However, at this point when I launch my VNC viewer, I try to access my PC, but the viewer can't make a connection; I try 127.0.0.1:1, 127.0.0.1:2, localhost:1, localhost:2, etc.

I was at this for a good 4 hours last night without any luck. Any ideas what I may be doing wrong? I don't think I need to open up port on 5900 on my router, right? (That doesn't seem right to me.)

Finally, let me just add that this thread is THE BEST and MOST INFORMATIVE writeup on the internet that explains how SSH tunneling and VNC works. Nothing else on the web did a better job.

H.

OK, you tested:

• Direct VNC connection from LAN
• SSH connection from WAN
• Tunneled VNC connection from WAN (where things failed)

There's one possibility you didn't check, that IMHO should have been done before moving out to the WAN testing phase: a tunneled connection from the LAN. Anyway, I'm almost certain that this will fail too, so it doesn't matter much...

I suspect uVNC is rejecting connections from loopback interfaces; not sure how to fix this, as I'm using tightVNC ATM, but presumably there should be a "reject loopback connections" or similar setting somewhere.

I'm not into windows now, but ultravnc has an option to accept loopback connections. You have to check that since it's disabled by default.

Edit: also, I don't know the vnc port for maemo, but normal vnc will assume a local area connection and adjust the parameters for the highest quality, so you'll probably have to override those to get an acceptable performance over the wan.

Thank you for the tip, Benson and luca. You know, I'm going to take a look at that tonight to see if I can make the loopback change! FINGERS CROSSED. If that doesn't work, I'm going to try out tightVNC instead since it looks like it has been successfully used in this type of setup.

I'm really looking forward to making this work. I'll be traveling for over a month in South America; so, I want to be able to log back home to send files back and forth (file backups, pictures, update my MP3s, download recorded TV shows, etc.) So far, I've got my home networked with 3 Linksys WVC54GCA webcams so I can keep an eye on things while I'm away; these work BEAUTIFULLY through the N800 browser, BTW.

BTW, this is the screenshot of the admin screen I just found on the net (this isn't my setup).


http://www.uvnc.com/install/configuration.html

For me, using RealVNC, I had to turn off the options to use the Windows usernames and passwords and make it use its own password.

Right then, make sure "Allow Loopback Connections" is checked.

A note: be sure to check also the option "Loopback only". This way no one can connect to your XP server directly using a VNC client. Only connections from localhost are allowed, and thus connections from the outside are possible only if a proper ssh tunnel was established.

you guys are GENIOUSES!!! Changing the loopback settings did the trick! one thing that was odd was that i forwarded 127.0.0.1, but i could only vnc into localhost. 127.0.0.1 was nonresponsive ... isn't it usually the other way around? anyhow, THANK YOU!!!!

Hi everyboy,
BRAVO!!! to anyone that contributed because there are really a lot of informations.

However, I had had a problem that I still can't solve by combining (SSH+VNC), even after I read the entire topic.

The following picture give a view of the situation.



I would like to remote, if possible, any computer at home from work.
using my tablet. thank you.

Note: I already fixed the problem using the combination (HAMACHI+ VNC), but I would like to use SSH because it is more secured.

The question is for everyone.

The problem is that 50.0.0.10 is the only IP visible "from outside" in your home. Then, the ssh connection from the Nokia should be addressed to this IP. But this will try to connect with the router, which is nonsense.

Routers have the possibility of redirect some port numbers to some other IPs (and port numbers). You can instruct your router to redirect any connection to 50.0.0.10:22 (standard ssh port) to, say 192.168.1.22:22. This way, when you try to connect via ssh from the tablet to 50.0.0.10, you will be actually connecting to PC-1

After this all should be easier. Once a ssh connection is got, you can create a ssh tunnel to any other PC at home. For example:

Will create a tunnel to tablet's 5901 port to "localhost" 5900 port. In this context, "localhost" represents PC-1, so when you then launch vnc viewer in the tablet and connect to display :1, you will see the display :0 of PC-1

But this gets better:

This creates two tunnels. The first was already explained. The second connects 5901 port in the tablet with 5900 port in 192.168.1.23 (this ip is seen "from the point of view of PC-1, which is the machine to which ssh is actually connected). This means that launching vnc viewer in the tablet, and pointing it to display :2, you will see the screen of PC-2

Note that you can even launch two viewers, one to display :1 and other to display :2, and see PC-1 and PC-2.

You can guess how to do for any other PC :-)

Note however that this solution allows you to connect via VNC to any PC, but not via ssh. As explained, the ssh connection is always received by PC-1. (Incindentally this means that you can remove ssh server from the other PCs). This also means that, when you connect to PC-2 to see its display, the VNC server of PC-2 is sending indeed the traffic to PC-1, which redirects it through the tunnel. This traffic from PC-1 to PC-2 is not encrypted (but I assume that your wifi is encrypted anyway).

A solution in which you make the ssh connection directly to the same PC in which you will plug the VNC viewer is also possible, but this means that you should configure your router to redirect a different port for each one. For example, let's say ports 2221 to PC-1, 2222 to PC-2, and so on. In this case, in the Nokia you should use option -p in ssh to tell which por you want to connect to. For example, ssh -p 2222 50.0.0.10 will connect to port 2222 in the router. If all is properly configured, this will be redirected to PC-2 and then you can login via ssh in PC-2 or in any PC. For this case the complete command would be:

And then, vnc viewer on display :1 will lead to PC-2

I guess this is getting too confusing. Feel free to ask again.