1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Setting up Ultra VNC thru Tomato

Discussion in 'Tomato Firmware' started by Danielink, Jun 11, 2007.

  1. Danielink

    Danielink LI Guru Member

    I just upgraded the firmware on my Linksys WRT54GL to Tomato 1.07 this past weekend. Previously I was using a D-Link wired router, and was able to remote into my home PC (Win XP Pro) from work using Ultra VNC (and No-IP). Now my Ultra VNC is not working, and I assume it's because I have to configure my router to be able to do that. I'm still not very familiar with Tomato. Is this a port forwarding issue? Any help would be appreciated :biggrin: .
     
  2. roadkill

    roadkill Super Moderator Staff Member Member

    you need to port forward 5900 tcp to the workstation IP
    Port Forwarding->Basic
     
  3. Danielink

    Danielink LI Guru Member

    Thanks, roadkill, I'll try this when I get home this evening :agree: .
     
  4. zhenya

    zhenya LI Guru Member

    roadkill is correct, although I'd like to mention that using Ultra VNC this way provides no encryption to your connection, and doing this over the Internet is a very bad idea, as your user/pass is sent unencrypted, and with your port forwarded to that computer, provides direct access to your machine. VNC should only be used in this scenario over an ssh or vpn tunnel. My apologies if you are already doing this. :)
     
  5. roadkill

    roadkill Super Moderator Staff Member Member

    using Ultra VNC DSM plugin you can encrypt the connection anyway I would highly recommend using a different external port...
     
  6. Danielink

    Danielink LI Guru Member

    Thanks, zhenya, and again, roadkill, for the advice. Actually, I have always run Ultra VNC over the Internet (using no-ip) ... wasn't aware of the security risk :redface: . I take it that Tomato would allow me to set up something more secure, e.g., VPN tunnel, as you suggested. Would I also do that thru Tomato's Port Forwarding menu, or a different area of Setup?
     
  7. roadkill

    roadkill Super Moderator Staff Member Member

    you can use Tomato Mod with OpenVPN to create a VPN server on your router, sadly Zhenya is right because VNC has some nasty exploits, but the DSM plugins also encrypt the connection created to the VNC server.
     
  8. zhenya

    zhenya LI Guru Member

    I am not familiar with the plugin that roadkill suggested (although I'm sure it would work fine, and might be easier to setup). My method has always been to use ssh, or, these days, a vpn. Of these two options, tunneling over ssh is probably easier to manage.

    What you need to do:
    - Setup an ssh server on the machine you want to log in to.
    - Set up your router to forward port 22 to the ssh server
    - Have an ssh client on the remote client machine
    - Setup your ssh client to forward your vnc session. If your client is running windows, and you are using putty, this would be done by:
    - going to connection -> ssh -> tunnels
    - creating a local port forward: enter Source Port: 5901, Destination localhost:5900. Click 'Add.' Go back to 'Session' and save it (make sure to enter your no-ip address first).

    Launch Putty and login to your ssh server on the remote machine. Then launch the VNC client, and use localhost:1 as the server. You should be prompted for your vnc password, and now everything is encrypted.

    There are a variety of ways of doing this, and a google for vnc over ssh will net you dozens of more complete tutorials.
     
  9. roadkill

    roadkill Super Moderator Staff Member Member

    DSM Plugins only require you to install one of these on the VNC Viewer and Server but I do believe VPN with 2048 bit key is the best security available...
     
  10. Danielink

    Danielink LI Guru Member

    Thanks both to roadkill and zhenya for your input. I may try each method to see which one I prefer. I think I still need to tweak port forwarding in Tomato setup ... this firmware is different than my old D-Link wired router :exclimation:
     
  11. paped

    paped LI Guru Member

    For secure access you could use the free community edition of SSL explorer, once setup it allows you to RDP, VNC etc and allows web forwards to other websites such as your router interface all over a secure encrypted SSL web interface and using java. Also as it uses port 443 you can use it anywhere as 443 is SSL and a standard browser port so virtually no firewalls block it, where RDP 3389 and VNC 5900 can often be blocked. However if you use it remember to forward port 443 to the PC with SSL explorer installed on your router!!!!!
     
  12. Danielink

    Danielink LI Guru Member

    Thanks for the suggestions. Looks like I'll have to do some configuring in order to get Ultra VNC to work with my WRT54GL and Tomato 1.07. Regardless of which method I use, will I still have to use the Port Forwarding feature in Tomato?
     
  13. tstrike2000

    tstrike2000 Network Guru Member

    Port forwarding is needing to be done and would have to be done no matter which firmware flavor you choose. Also, I would use a UltraVNC repeater so you're not using the standard 5900 vnc port.
     
  14. zhenya

    zhenya LI Guru Member

    That's a good suggestion, although if you encrypt your session over ssh or set up a vpn, that won't be an issue.
     
  15. Danielink

    Danielink LI Guru Member

    I used port 5900 in my last Ultra VNC setup. Unfortunately I didn't know about the security plug-ins ... guess i was fortunate that I never got hacked! Would it be easier to set up my Ultra VNC thru Tomato 1.07 using port 5900 w/ plug-ins, or a different port, or would it matter? Also, are there any recent posts that would outline the best way to set up a VPN on my system? Again, I appreciate all your input :thumbup: .
     
  16. paped

    paped LI Guru Member

    It does not really matter you could use any port and within the port forwarding have the router forward it to port 5900 on you PC i.e. you could connect to "your internet IP or URL":10001 (port 10001) then add port forwarding into the router for port 10001 (Ext Ports column) to forward to port 5900 (Int port column) on " your PC's internal IP address".
     
  17. Danielink

    Danielink LI Guru Member

    Thanks, paped. BTW, I didn't mention that in my old Ultra VNC setup, I was using No-IP to keep my connection current in the event that my public IP address might change. Is this also advisable with my new WRT54GL setup, or would that be unnecessary :confused:
     
  18. paped

    paped LI Guru Member

    It would make it a lot easier to use as then you do not need to know your new IP when it changes it just works by typing in your NO-IP URL:port number, I think that you should also be able to setup the router using tomato to update the NO-IP systems as well, to make the update of any ip address changes automatic. I use the DynDNS service which is similar and it works really well.
     

Share This Page