Topic: VNC over SSH through SME server?

[Dub Dublin]

Can someone who's done this PLEASE post a way that is known to make VNC (not netmeeting or anything else) work through a 5.1.2 server?  Here's my config as an example:

5.1.2 server.   I can administer it just fine remotely using PuTTY via localhost:980.  (As described in the PuTTY HOWTO at http://myezserver.com/downloads/mitel/howto/putty-howto.html)

eth0 (internal) address is 192.168.32.1/255.255.255.0.  
eth1(external) address is

The idea is to be able to use VNC through the SSH tunnel to control a Macintosh on the inside of the SME server (at, say, 192.168.32.100) from the outside.

This sounds simple, but after over two hours of trying to somehow build the proper SSH tunnel with PuTTY, I'm ready to tear my remaining hair out.

Surely someone has this working, right?   This should be entirely doable with PuTTY alone (and possibly the SSH on the SME box, too), or in the worst case, with a PPTP tunnel, but since SSH/PuTTY is already working for admin access, that seems like the easier course.  Either way, the VNC link must be reasonably secure - enough to keep the riff-raff out and avoid any egregious exposure that I'll regret later.

A detailed walk-through of a known working solution to this configration problem will be greatly appreciated by myself and MANY others over the coming years.  If someone can even just tell me how to do this, I'll be happy to do the work of writing up and posting a HOWTO based on thier input.

(As I think about it now, I probably need to somehow set up a piece of the tunnel in the SSH on the SME server, too, but don't have a clue what needs doing there, or even which SSH is used in SME.  I *HATE* not having man pages - it makes SME almost unmodfiable. Grumble, grumble...)

[Dan Brown]

It is, in fact, quite simple.  If you've already got the tunnel for port 980 set up, just add this:

On the tunnels screen, enter 5900 for local port.  For forwarded port, enter :5900.  In your example, this would be 192.168.32.100:5900  Keep the radio button set to Local.

That's it!  When you start the VNC viewer, just enter localhost for the address.  If you'd rather use the java viewer through a web browser, replace 5900 with 5800 above.

Nothing needs to be changed on the SME server itself.

[Ron de Boer]

Hi Dub,

It is doable with Putty alone(you can do the same in SSH)

In Putty Configuration Allow Agent Forwarding in Auth under SSH

In Tunnels under SSH

Enter 443 in Source Port
Enter IP Address of the destination PC + ":443" with no quotes

Eg 192.168.32.xxx:443  xxx being the IP of the AppleMac machine

Hope this is what you want and I hope you have some hair left.


Regards
Ron

[paul nesbit]

Dub Dublin wrote:
>
> Can someone who's done this PLEASE post a way that is known to make VNC (not
> netmeeting or anything else) work through a 5.1.2 server?

I see others have provided assistance here.

> I *HATE* not having man pages - it makes SME almost unmodfiable.
> Grumble, grumble...)

The man package is included on the 5.1.2 CD.  To install from CD:

  # mount /mnt/cdrom
  # rpm -ivh /mnt/cdrom/e-smith/RPMS/man-1.5i2-0.7x.5.i386.rpm


Even better, upgrade to 5.5.  man is installed by default.

Cheers,

Paul

[Dan Brown]

Ron, why port 443?  VNC uses 5800/5900.

[Andy Parkinson]

Why even bother using SSH. Why not just use the pptp to set up a VPN Connection to the SME and then just use VNC viewer to connect to whichever machine on the network you want. Takes about 5 mins to set up and works a treat. I have several customers that I remotely administer this way with no problems at all.

[Dan Brown]

In my case, because the firewall at work blocks PPTP but not SSH.

[Dub Dublin]

Setting up the tunnel as Dan suggested is the first thing I tried.  The problem is, it *didn't* work.

After a visit to the remote office I discovered that osxvnc has a distressing "feature":  It defaults to using port *5901* (ugh!) rather than 5900, so I was just stopped dead by some programmer's dain bramage.  (It also apparently has no way of saving settings such as port and password for future sessions - you can change them, but darned if I can figure out how to make them be used the next time around.

I think I'm going to look for a better VNC for OS X, and then all should be well.  Thanks to everyone for the answers.

Dub

[Dub Dublin]

Is there a PPTP setup HOWTO?  (Especially one aimed at use with an SME
server?)  Up to now, I've managed to avoid using PPTP in an effort to
avoid further Microsoft entanglements.  

Unfortunately, most of my VPN experience is with ultra high security
(international banking/military grade) commercial products, so I really
don't even know how to drive SSH, PPTP, and the like.  (Even SSH is not
even remotely secure enough for banking or military use.)  It's a bit
embarassing to know how to secure really high-value links and yet have
no idea how to do something simple like this.  But as they say, the
first step is to know what you don't know...

Dub

Andy Parkinson wrote:


>This message was sent from: Experienced User Forum.
>http://forums.contribs.org/index.php?topic=15071.msg57828#msg57828
>----------------------------------------------------------------
>
>Why even bother using SSH. Why not just use the pptp to set up a VPN
>Connection to the SME and then just use VNC viewer to connect to whichever
>machine on the network you want. Takes about 5 mins to set up and works a
>treat. I have several customers that I remotely administer this way with no
>problems at all.

[ryan]

Dub,

Take a look at tightvnc.com.  TightVnc uses encryption and is more secure than VNC.  TightVNC uses the same ports as VNC, so forward the 5900, 5901,  5800, 5801, etc. ports with port forward to the respective machines on your lan.

Good Luck,

Ryan