Access VNC server from WAN without NAT
by Antoine - categories : Network VNC SSH Administration
Traditionnaly, connections from the WAN to a VNC host (server) require additional configuration of the router managing the host network trafic : the VNC port (5900 by default) must be forwarded to the host IP address.
This makes VNC unusable in situations where the client (viewer) can't access/edit the host's router configuration.
This document describe a workaround using a Virtual Private Server (VPS) that will act as a relay.
Prerequisites
- SSH installed on the host (VNC Server)
- A VPS running a SSH server
Step 1 : on the host (VNC Server)
- Make sure the VNC server is running and listening port 5900
- Make sure the VNC server has loopack connexions allowed
- Open a powershell terminal
- Run the following command to open a reverse SSH tunnel towards the VPS, routing all the trafic from/to the local port 5900 to the VPS port 5901.
ssh -f -N -R 5901:127.0.0.1:5900 username@vps_ip
NB : setting localhost instead of 127.0.0.1 could cause connectivity problems if the server isn't listening on IPv6. Writing the localhost address excplicitely in IPv4 format will prevent this.
Of course, ensure that firewall configuration is not blockings the port 5900.
Step 2 : on the VPS
At this step a SSH tunnel is established between the VNC host and this VPS. Any trafic received by the VPS on the port 5901 will be routed to the VNC host.
There is nothing to do but check that the connection is being established.
sudo ss -tulnpt
The standard output should display something like :
tcp LISTEN 0 128 0.0.0.0:5901 0.0.0.0:* users:(("sshd",pid=5525,fd=7))
tcp LISTEN 0 128 [::]:5901 [::]:* users:(("sshd",pid=5525,fd=9))
Step 3 : on the client (VNC Viewer)
Open the VNC Viewer and connnect to the VPS IP address with port 5901 vps_ip:5901.
This will establish the connection on the VPS through port 5901. The received trafic will then be routed by the SSH tunnel towards the host, port 5900 which is listened by the VNC Server.
Be the first to comment 🡮