## Control my computer’s desktop (graphically) via VNC

Since all my computers are Linux-based, I have OpenSSH installed on them so I can connect to them remotely. If I am not on the home network, I either have ports forwarded from the router or VPN to my home network in order to connect to my destination. In addition, I almost always use screen for all my terminal sessions. Thus, once I ssh to the computer remotely, I can resume my screen session.

What if I wanted to control the current desktop of my computer, i.e., control applications graphically? Answer: VNC. On Ubuntu 10.10, vino is installed by default and it could be configured from within GNOME by going to System > Preferences > Remote Desktop. For other VNC Servers, see this.

To keep things secured, I don’t port forward port 5900 from my home router to the main computer. If I wanted to VNC into the machine, I will VPN to the home network first. Or better yet, I can port-forward via SSH.

### Encrypted Connection via SSH port-forwarding

As the data from VNC is not encrypted, it is not safe to use across the internet. To use an encrypted connection, one can use the port-forwarding feature of OpenSSH to create one.

On the local machine (VNC from), type the following in the shell:

ssh -L 5900:localhost:5900 username@remote.computer ## VNC to; if on local network via VPN, use local ip or hostname


Now, from the local machine, I can connect to localhost from any VNC client. Vinagre is the default on Ubuntu, accessible via Internet > Remote Desktop Viewer.

This is quite cool.

## home server + port forwarding

so i started running my own servers, one at school and one at home to test things such as a webserver. at school, no problem. got them to give me a hostname and to open certain ports (22 and 80).

at home, since i’m on a home network which has one public ip to my router, i have to use port forwarding for the outside world to connect to my home server. i had a lot of trouble with this as i couldn’t access my home server from inside, blaming that the problem was from my westell 9100em router, the one that came with verizon fios. i tried to bridge another router (as my main router) since i thought the router was the problem. however, the instructions were too damn complicated and the actiontec instructions did not match my westell. to fix it i even managed to switch from coax connection from the ONT box to ethernet and ran my own cable, and using my own router (trendnet). however, after setting up port forwarding, things still did not work.

long story short, i got it to work learning 2 things: 1. u can’t connect to your public ip from inside the network. u have to connect to the public ip from outside the network. to test this, i ssh to my server at school and ssh back home. 2. even though u set ur router to forward the port, ur computer may still be blocking outside connections. this was the case for mac os x. u have to set it to accept all incoming connections or to allow certain services/port; turning those servers on were not enough. in mac os x, u go to system preferences > security > firewall.

for servers in your home network, you should set them up to have a static ip, preferably outside the dhcp range. for ex, dhcp should give 100-255, and use 2-99 for static. i forward 22 -> 22 (ssh) and 80 -> 80 (http) for one of my server. to get my laptop going, i set something like 80000 -> 22 and 90000 -> 80. that way i can access both computers.

this took a lot of trial and error and learning. i have to say i took like 3 attempts, each with about 3 days of work to figure out. very inefficient i must say, but now i got things working so i can channel my energy to things that are more important to me, although these aren’t done in vain…i will make use of these servers for the things i’m about to do for school.

another note. i set the router to update a dyndns, and i forward my domain to this dyndns name. this way even if my ip refreshes i can still update it.

i like my cheap trendnet router so far. since the actiontec was not at fault, i could have gone back to coax. however, i ran a cat6 cable…this should be good. even if i get fios tv, i think i can go from my router (or any router i choose) to the actiontec and still have things working. i like the fios to be ethernet based so i am free to choose any routers i want, like my cheap wireless n trendnet router.