VNC over Broadband/internet

pts.
Tags:
Desktop management applications
Desktops
DHCP
DNS
Firewalls
Forensics
Incident response
Intrusion management
IPv4
IPv6
Management
Microsoft Windows
Network protocols
Network security
Networking
Networking services
OS
Security
Servers
SQL Server
VPN
Wireless
Hi all, My IP skills are somewhat rusty - could someone please help me with some high-level steps to remote control using VNC over the internet... scenario: Customer down the road is always requiring assistance - usually I need to jump in the car & go there to sort out the latest dilemma. I'd like to set up VNC so that I can remotely resolve most of the problems. We both have broadband and local LAN's. How do I configure his and my LAN / client PC's /routers / VNC etc. to enable me to do remote control over the internet. (Securely preferably). Many thanks.

Answer Wiki

Thanks. We'll let you know when a new response is added.

scoobaman,

You have to configure YOUR router to accept TCP port 5500 (or what ever port you have chosen with the VNC software) in from the outside. 5500 is the default port. This is called NAPT or Network Address Port Translation. (similar to NAT but uses ports as well as ip addresses instead of just ip addresses).

Depending on the router, you may have to allow his to allow traffic out on that port.

here is a link with some helpful solutions that may get you going in the right direction.

http://www.vnc.com/support.html

Discuss This Question: 10  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Ligmania
    Basically you need to install the vnc server on the machine you want to remotely connect to and the vnc viewer onto your machine. The VNC software package contains both the server and viewer applications. The programs each have a default port they listen on which is 5500 - Listening Client, 5800 - Java Applet Server,5900 - Server. The Java applet server will let you connect via a webbrower, although performance isn't that great. You'll need to open the appropriate ports on each router for the traffic to flow through.
    0 pointsBadges:
    report
  • TylerG
    If you have a firewall on both sides, you can set it up so that you only have to open up one firewall, your own. Initial setup is basically what has already been said. 1. Install the VNC server service on the machine you want to work on. 2. Install VNC viewer on your machine. 3. Configure a rule to allow incoming connections on your firewall on port 5500 (you have the freedom here to enable this policy each time you need a session and disable this policy when the session is over) Now, once the software is installed and the firewall port on your end is open, you want to do this: 1. You need to start the 'vnc listening viewer'(there will be a second icon that appears in your system tray). 2. Find out what your external IP is (it's as easy as going to www.whatismyip.com) 3. Have the person running the VNC server right click the VNC icon in their system tray and select "add new client". 4. Tell them to enter the IP of your firewall by entering the IP that you found in Step 2, click ok, and their desktop should appear in a VNC window on your machine. This method bypasses manually configuring a policy on an unkown router and having to leave it open for eternity. Using this method gives you complete control over the policy on your firewall which is a distinct advantage. Just a thought. Good luck.
    0 pointsBadges:
    report
  • Senthilnathan
    Is it a Static IP or a Dynamic IP assigned for ur customer if it is a dynamic ip then you will have to check for the ip everytime. For that you have something called the dynamicDNS you can get it from the www.Dyndns.com and register for free then they will resolve your ip to a domain name and keep your ip updated on their server every time you connect to the internet, so you can run the vnc client by using this domain name to connect. If it is a Static then you can NAT the port to the system as mentioned in the earlier posts and access through vnc
    0 pointsBadges:
    report
  • SCOOBAMAN
    Thanks for all the help. To expand on the setup: - The remote LAN has several PC's on it - all of which may need to be Controlled. - Both LAN's run DHCP, and use private addresses (192.168.X.X.) Could someone please tell me; When I launch the VNC viewer from my LAN, what to I put in as the target machine to control? - is it the remote router's IP? - if so, do I need to port forward to the individual PC to control. This means a re-configure every time a different PC needs to be controlled? I can quite easily port forward to a single PC and control it, however, the bit I'm struggling with is controlling different PC's remotely without having to re-configure the router for each one. What am I missing here? Many thanks, Scoobaman
    0 pointsBadges:
    report
  • FlyNavy
    Don't know if VNC is capable of tunnel in tunnel. I use RDP and have 1 RDP session from my local machine to one remote machine on the other network. I then have RDP shortcuts to each machine in the other LAN. More overhead per packet, but the only way I know off to do it with SOHO type routers.
    0 pointsBadges:
    report
  • J88tru
    Scoobaman, I recently had the same dilemma and, after weighing the alternatives and trying out several that were unsatisfactory, I found a neat little program called Log Me In. If you have a single PC to remote control, it is ideal. It uses HTTP, port 80, and SSL, port 443, which will not be blocked by routers or firewalls. Encryption is 256bit. They have a free version that does not include ftp, but the interface is so fast, you can just download most stuff through their Internet connection. The company is at www.logmein.com (which looks like German, but it's just the way the letters flow). For about $79 a year, you can buy PRO, which includes ftp and some other stuff. Ordinarily, I would just stop here, but I had some issues understanding the program and getting it running, so all is not perfect. What follows will help you on the learning curve, because their web site is a little counter-intuitive. Tips: LogMeIn runs as a server on the target PC. You have to install it on the target, in IE initially, and assign a unique email address and password for that PC's account. Ignore the temptation to "set up your account" as yourself. After you have apparently "installed" the LogMeIn service, while on the target pc, you have to go to LogMeIn.com and log in once. This "associates" the target PC with the "account" you set up. Once setup and running, go to ANY pc (yours, or one at the other site) and go to www.logmein.com, log in with the credentials you just set up for the target PC. This rather awkward process is necessary because, in LogMeIn's mindset, the program is intended to let you remotely control "your pc" from out on the road. However, you are actually controlling the other guy's PC, so you have to log in with the target's credentials. (It loads another Active X control, if you are in IE, or you can load a PlugIn for FireFox.) At this point, you are now connected to the target over an SSL link. Check _open in separate window, and click Remote Control. Next, you enter the admin password of the target, and after a slight delay, you see a secondary login screen for the target pc. Click the box that says to login automatically. The remote desktop appears, and you are in remote control. You can size the window to Full Screen to make the text more readable. Both mouse and keyboard inputs are active, so you can use this to "look over their shoulder" and do training. You could also use this target PC to do remote desktop to other PCs inside the remote network, without having to install VNC or Ultra or mess with firewalls, ports, or anything else. Just one more note. This same outfit has a cool program called RescueMe that allows you to gain remote control of a user's PC, as long as they are present to approve the process, and have credentials to allow an Active X control to load. You set up a "ticket number" on your host. In IE (only), they go to the RescueMe site, type in a short number, approve the ActiveX, and in a few moments, you are seeing the remote desktop. Again, this uses ports 80 and 443. You have to purchase the "technicians console" for about $110/mo, but if you do this a lot, it is not unreasonable. Also, you can download a free trial. I do want to say that I have no connection to this company, but have just found their products useful. They are really nice people, and even responded over the holiday to help get me started on remote control of a pc 1000 miles away. I used a trial of Rescue Me to install LogMeIn on the other PC and in about 1/2 an hour was up and running, even considering the extra roadblocks that IE and ZoneAlarm tossed in. (LogMeIn lets you switch users, by the way, using separate "terminal sessions"). Hope this helps you out, j tru
    0 pointsBadges:
    report
  • Spadasoe
    Word of caution regarding VNC: check the security settings, as VNC security can be very weak. Though RDP has had some recent issues, for me it responds better across the WAN. Enable 3389 inbound on his side. You can remote to one of his inside machines and then vnc from there to all of his internal network. Have you thought about setting up VPN connection? Enable the VPN on his router, then you get a secure tunnel to his network. Once inside, use remote desktop, VNC, pcanywhere or anything else to see all his machines
    5,130 pointsBadges:
    report
  • Boecherer
    I second the vote for LogMeIn. I've been using it for quite a while now and it saves a LOT of driving time. Another way to go is EchoVNC in which you set up a VNC server on a server of your own and it becomes the gateway for VNC traffic much as the LogMeIn server is the gateway for LogMeIn traffic. I have not tried setting up EchoVNC yet since LogMeIn works well.
    0 pointsBadges:
    report
  • JoshTech
    There are many flavors of VNC (Tight, real, Ultra...) Some also have encryption for security. I's suggest if you are planning ro remote control a server or PC across the internet, that you choose a secure flavor. And yes it does cost money for those. To get to it is easy after that. Just put in the IP address of the machine you want to control and the password.
    0 pointsBadges:
    report
  • greatjubee
    I use Logmein.com to access my service Computers, I live 60 miles from my Customer and find I am able to use even the free logmein version to do most anything to help my Client.
    165 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following