Remote Desktop Between Ubuntu/Linux and Windows, Part II

Wednesday Jan 28th 2009 by Eric Geier
Share:

In Part I we saw several options for remoting between Linux and Windows machines, and settled on VNC. Part II will address how to configure routers for connections over the Internet,and how to safely encrypt remote graphical desktop sessions.

In Part I of this two-part tutorial we discovered options on remoting between Linux and Windows machines. Plus we setup the VNC solution on each platform. Now we'll continue by configuring our router for connections over the Internet. Additionally, we'll see how to encrypt the connections and how to remote into the native display. Let's get started!

Telling your router to forward

Before you can remotely connect to your computer from another location over the Internet you must properly configure your router. The router acts as an distributor for your network traffic. If you don't tell your router where to forward the remote desktop traffic, it won't do anything and your remote connections won't work. Thus you must create a port forward or virtual server entry for the appropriate ports to the IP address of the desired computer. Then when incoming traffic on those ports comes from the Internet, your router will forward it onto the computer and the remote desktop server will response.

Depending upon the protocol, use one of the following ports (or port ranges):

  • RDP uses TCP port 3389
  • VNC uses TCP port 5900+ (Each remote connection to a server uses a different port; display 1 uses 5901, display 2 uses 5902, etc) It's best to define a port range when creating the forward or virtual server entry, such as 5900 - 5905.

You want to bring up the web-based configuration page for your router, by typing it's IP address into a web browser. Then go to the Virtual Server or Port Forwarding page. You'll probably have to name the entry, use a combo box to select the desired computer or manually enter the computer's IP address, type in the public and private (both are the same) port or port range, and click Save.

You need to make sure the computer keeps the same IP address on the network. If available, use the DHCP reservation feature to force the current IP address to the particular computer. Otherwise you'll have to set your computer's network adapter with a static IP address.

If you have multiple computers you want to remotely connect to over the Internet using VNC, you'll need to a create a separate entry for each computer. Make sure each computer is on a different port, which is represented by the tunnel or display number shown when you run the vncserver command in Linux, for example. Also make sure each entry forwards to different IP addresses.

The password exchange between the VNC client and server is always encrypted, however everything after that is not. This should be fine when remoting to a local computer on a secure network. When remoting over the Internet, though, you should make sure the entire connection is encrypted. This secures everything from hackers or eavesdroppers that may intercept the traffic while its traveling the information super highway.

One way to create a secure tunnel between the client and server, for the VNC traffic to travel within, is to establish a Secure Shell (SSH) connection between them. To do this, you must install a SSH server on the computers you want to remotely access, and a SSH client on the computers you want to connect from. In some cases, you might want to just install both on each computer. On Windows PCs you can download and use freeSSHd for the server and PuTTY for the client; both are GUI based. For the Linux, machines, try OpenSSH.

Before you start trying to make SSH connections, be sure to configure your router to forward the traffic and firewalls to allow it. The default SSH port is TCP 22. If connecting via the Internet, configure a port forward or virtual server entry (like discussed earlier for the VNC traffic) for this port on the router where the remote incoming computer is located. On both the server and client computers, open the port as discussed in the previous part.

After installing the SSH server, create private and public keys, and place them in the proper place. For the SSH servers on Linux, use the OpenSSH utility to generate the keys. For Windows PCs, you can use PuTTygen. To connect from Windows to Linux, bring up PuTTy, go to the SSH Tunnel settings and input the VNC port you're wanting to use based upon the display number. Then on Session settings, enter the Linux machine's IP and click Open. On Linux machines, use the OpenSSH client, also creating a tunnel, to connect to the IP of the remote computer. Once you have a SSH connection, bring up VNC viewer as discussed in the previous part, but instead of the remote computer's IP, enter localhost.

As you've probably figured out by now, VNC connections by default use another X display, rather than using the native display, or the one you see when physically using the computer. This can be quite an annoyance if you were working on the computer before remoting into it and you want to resume with the applications you had opened on the computer itself. One of the easiest ways to remote into the native display is to use the x0vncserver instead of vncserver, which we'll discuss next. Another option that's more embracive but provides for better performance is using the vnc.so module.

One of the easiest ways to remote into the native display is to use the x0vncserver instead of vncserver. From the terminal you can type x0vncserver password=YOURPASSWORD SecurityTypes=none. This will start hosting the display 0 for remote connections, protected by the password you choose. Use a VNC viewer like discussed in the previous part, however you don't have to include a display number with the IP address.

Getting help

We discussed how to use remote desktop connections between Linux and Windows. We also configured our firewalls to let the traffic flow and our router to forward the traffic onto the host computer. Plus we figured out how to secure the VNC connections that pass through the Internet. Lastly we discovered how to remote into the native X display, to see exactly what is shown on the computer rather than a virtual display.

For documentation on the Linux components, remember you can use the manual pages by running the following in Terminal:

  • man vncserver
  • man vncviewer
  • man x0vncserver

Also, don't forget to review the FAQ and support pages on the website of the particular developer.

Eric Geier is an author of many computing and networking books, including Home Networking All-in-One Desk Reference For Dummies (Wiley 2008) and 100 Things You Need to Know about Microsoft Windows Vista (Que 2007).

This article was first published on LinuxPlanet.com.

Share:
Home
Mobile Site | Full Site
Copyright 2017 © QuinStreet Inc. All Rights Reserved