Saturday, March 23, 2013

Setting up TigerVNC for secure connections to Windows with bVNC

This guide is for configuring TigerVNC on Windows for secure VNC connection using bVNC Secure/Free bVNC Secure, but is completely applicable to any VNC client that supports VeNCrypt. Only the VNC client configuration would be different.

bVNC Secure is an Android and Blackberry Playbook/OS 10 application, available on Google Play and App World respectively. Find it on your mobile device or here:

Google Play, for devices running Android 2.2 and up, or here:

App World for BB Playbook and OS 10 devices.


Setting up TigerVNC:

    - Download and install TigerVNC v1.1.0 from Sourceforge:
http://sourceforge.net/projects/tigervnc/files/tigervnc/1.1.0/TigerVNC-1.1.0.exe/download

Please note that newer versions may have stability issues (I tried v1.2.0, and it crashes all the time), so you've been warned.


    - Then, when the TigerVNC icon shows up in the task-bar (it is an eye of a tiger), right-click on it, select "Options", and configure it as shown in the screen-shot below. Note I've clicked on "Configure" to set a password.

    - Important! Since you're reading this, you must be conscious about security. Set an exactly 8-character password using no dictionary words and preferably containing numbers and punctuation and other symbols for enhanced security. Write down this password as you will need it in the last step.

Click on the screen-shot below to see the whole image:



Configuring Windows Firewall:

    - Open the Control Panel.
    - Find and open "Windows Firewall"
    - Click on the "Exceptions" tab.
    - Click on "Add Port", name the rule something like "VNC", and enter 5900 in the port, and click "OK".

Click on the screen-shot for an illustration below:



Finally, configuring bVNC:

    - Create a New Connection in bVNC.
    - Under "Connection Type", select "Secure VNC over VeNCrypt".
    - Enter the IP address of the computer where you installed TigerVNC in the "VNC Server" field.
    - Don't enter a "VNC Username"
    - Enter the password you set in the previous step into the "VNC Password" field.
    - Tap connect and you should be happily connected over an encrypted channel.


Additional notes for connecting over the Internet:

- If you need to connect to your computer over the Internet and you have a router, you need to forward a port on the router to your internal computer running TigerVNC. Do a Google search for how to forward a port on your particular router model.

- If you are connecting over the Internet, consider forwarding a non-standard external port to port 5900 of the machine running TigerVNC. This way, it will be less likely hackers will attack your TigerVNC service to try to crack your password. For example, forward a random-looking 5-digit port number like 62563 to port 5900 of the computer running TigerVNC.

- You also need to discover your external IP address (you can do a Google search for "what is my ip".

- If your external IP address changes (it is dynamic), it is also advisable to set up "Dynamic DNS" which will track your external IP address so you don't have to rediscover it when it changes.

3 comments:

  1. I tried this method as well, it says "establishing handshake" for a while then I get an error message saying "java.net.socketexception: address not supported by protocal family"

    Do you have any solutions?

    ReplyDelete
    Replies
    1. Hi Jacob, I know my reply comes very late, I apologize. This error typically means there is no network communication between client and server. I would suggest revisiting the firewall configuration, and verifying that your mobile device and computer are on the same network. The latest version of VeNCrypt also has a bunch of VeNCrypt changes and improvements.

      Delete
  2. it would be super great if you could port your application to ios

    ReplyDelete