1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Using Tight VNC and No-ip.com

Discussion in 'Tomato Firmware' started by Danielink, Jul 25, 2007.

  1. Danielink

    Danielink LI Guru Member

    I have downloaded Tight VNC on two of my PCs at home (one Win XP Pro and the other Win 2000 Pro), and on my work PC (also Win 2000 Pro). I am able to remote between my two home PCs with no problem, but am unable to remote into my home PCs from work and vice versa. I have a WRT54GL, recently flashed with Tomato 1.07. Maybe I'm just not familiar enough with how to do port forwarding and how to set up VNC using No-ip.com. Any help would be greatly appreciated. Also, as a side note, would DD-WRT be an easier firmware to configure in a situation like this? I first flashed my router with that, but then flashed it again with Tomato because of all the good feedback I saw regarding Tomato. Thanks again for any input. :biggrin:
     
  2. ifican

    ifican Network Guru Member

    The firmware setup will be the just about the same across any of them, the only thing that really might differ a little is the name of the tab where forwarding information is located. I belive tight vnc is port 5900, if that is the case you will need to forward port 5900 to the machine that you want to connect too. Then when you connect to your routers ip (the ip your router gets from your isp) it should forward that port to the machine you have chosen to forward too. That is of course assuming your work is not blocking anything outgoing.
     
  3. kameleon

    kameleon LI Guru Member

    And for multiple computers being accessible outside the home network you will need to do it like this for example:

    Say you have PC1 at home with an IP address of 192.168.1.100 and leaving the VNC port alone on the machine.
    External port: 5900
    Internal port: 5900
    IP address: 192.168.1.100

    And for multiple computers being accessible outside the home network you will need to do it like this for example:

    And you have PC2 at home with an IP address of 192.168.1.101 and leaving the VNC port alone on the machine.
    External port: 5901
    Internal port: 5900
    IP address: 192.168.1.101

    That way when you connect to your home pc's from work you will just open the vncviewer and put myhost.no-ip.com:0 for the first pc and myhost.no-ip.com:1 for the second.

    I have multiple pc's setup this way and it does work. If you need any more assistance don't hesitate to ask.

    And as a side note... if your work does block certain outgoing stuff you can do it this way. ;)

    PC1 at home with an IP address of 192.168.1.100 and leaving the VNC port alone on the machine.
    External port: 80
    Internal port: 5900
    IP address: 192.168.1.100

    PC2 at home with an IP address of 192.168.1.101 and leaving the VNC port alone on the machine.
    External port: 443
    Internal port: 5900
    IP address: 192.168.1.100

    That way you still connect to the machines (using normal HTTP and the HTTPS ports) but it is a little more difficult on the viewer end.
     
  4. Danielink

    Danielink LI Guru Member

    For some reason or other, I am unable to connect up using "<username>.no-ip.info" in my Tight VNC logon screen. Used to work fine with Ultra VNC. I have checked in my WRT54GL setup menu, and verified that No-IP is the default service. Anything else I should look for? :confused:
     
  5. kameleon

    kameleon LI Guru Member

    Find your actual IP address and try that. If that works then it is an issue with no-ip.com settings. Also make sure you are putting the display number behind the host. Like :0 for the first one :1 for the second and so on.
     
  6. Danielink

    Danielink LI Guru Member

    I decided to try using Ultra VNC again, and have been able to remote into my home Win XP PC from my work Win 2000 PC successfully. My concern with using Ultra VNC has been security, and so I wanted to make sure I could use available encription. Right now I have both PCs set to use AESV2Plugin.dms, and was wondering if that will be adequate, or whether either of the other two available DSM plugins would be better. If there is still a better way to ensure security, I'm open to recommendations.
     
  7. kameleon

    kameleon LI Guru Member

    You could always run it through an ssh tunnel or use a VPN. Or even both like I do.
     
  8. Danielink

    Danielink LI Guru Member

    Thanks, kameleon. I'm still trying to sort out my security options for remote access. Would I use ssh tunneling along with my DSM plugin or instead of it? Also, would I want to use a third-party program like PuTTY to set up an ssh tunnel, or would that be unnecessary? I have seen the section in Tomato where Port 22 is associated with ssh ... any further need for configuration in setup? :unsure:
     
  9. kameleon

    kameleon LI Guru Member

    The easiest way to do it is to have an ssh server running on the machine with vnc. then use putty to tunnel. Then you bypass the whole router port 22 deal as you are sshing into the machine with the vnc and forwarding the port to vnc. I will see if I can dig up that link that showed how to do it very easily.
     
  10. Danielink

    Danielink LI Guru Member

    Thanks, kameleon, I'd really appreciate that!
     
  11. kameleon

    kameleon LI Guru Member

  12. Danielink

    Danielink LI Guru Member

    Thanks, kameleon! I have Tight VNC working on all my home PCs, and can get to my Win XP PC at home from work now. I'm still concerned about security, so I'll be interested to check out the link you provided
     
  13. kameleon

    kameleon LI Guru Member

    Also on a side note. If you connect from work mostly you can install tomato 1.07 w/ openvpn support. That way you have a vpn on top of whatever else security you use. I have been running it for a few weeks and love it. Super easy to setup also.
     
  14. NateHoy

    NateHoy Network Guru Member

    You are most certainly going to want to secure that VNC. :)

    I run a Kubuntu machine for remote access, and when I started I just started VNC on a nonstandard port and forwarded the port in my router. Being lazy, I would manually start the X11VNC server at a command line instead of putting it in my system startup script.

    Well, that was a very revealing thing to do. In the first night of running it, I had no fewer than 50 connection attempts from at least a dozen different source IP addresses, and that was using a nonstandard port (up in the 14,000 range). Fortunately, I had set up a long and hard-to-guess password for VNC access.

    I now run a SSH tunnel with an equally long password, and use PuTTY on the remote PC to set up a secure tunnel for the actual VNC client. I have not gone to the extra step to use key authentication, but I do have a 20-character password rich in special characters to make SSH "reasonably" secure.

    X11VNC is then started manually from the PuTTY command-line session (so it isn't sitting there waiting for connections all the time), then the VNC server also has a long password (which is sent encrypted over the SSH tunnel).

    I still get connection attempts on the SSH connection, of course, but I turn off that forwarding on my router when I'm not going to be on the road, so the SSH server is only available when I'm likely to want to use it.
     
  15. Danielink

    Danielink LI Guru Member

    Amen! Thanks for the info. I have been pretty busy the last few days, and so have had to put this on the back burner for a while. I'm still learning about my options regarding security for Tight VNC ... still trying to sort out the differences, pros, cons, etc. between the options (SSH, VPN). Recommendations are still :welcome: .
     

Share This Page