Monday, September 17th, 2007...4:12 pm
GEEK: How to setup a VNC connection with Vine (OSXvnc) and Chicken of the VNC
Want to be able to control a remote Mac OS X server remotely? This tutorial will show you how to set up a VNC connection from a client outside a firewall wall to a server inside the firewall.
Download the Vine server to the host machine. For the purposes of this example, we’ll call the host machine dev, with an i.p. address of 198.160.1.39. We’ll also assume that dev is behind a firewall named gateway.example.com.
To download, run this command:
$ curl -O http://sourceforge.net/project/downloading.php?group_id=64523&filename=VineServer2.2.dmg
To install on the host machine, click the installer dmg, then copy and paste the Vine.app to your Applications folder. Click to launch.
Select the “Connection” preferences, and set the Display Number to 1 and the port to 5901. ( Apple Remote Desktop also starts up a VNC server that listens on port 5900. Setting the port to a different number helps prevent conflicts. )
Click “Stop Server”, then “Restart Server” to make your settings take effect.
To determine if your VNC server is running, and verify that it’s listening on port 5901, run the following command:
$ /usr/sbin/lsof -i -P | grep -i ‘OSXvnc’
You should see something like this in the output:
OSXvnc-se 13624 crasch 8u IPv6 0x0740b3a0 0t0 TCP *:5901 (LISTEN)
OSXvnc-se 13624 crasch 9u IPv4 0x08ae8ff4 0t0 TCP *:5901 (LISTEN)
You’re VNC server should now be able to accept connections from your client.
To establish a connection from the client side, you must first set up an ssh tunnel through your firewall machine, to allow your VNC client to talk to the internal machine. To set up a tunnel, execute the following command on the client machine:
$ ssh -vv -N -L 5901:198.160.1.39:5901 gateway.example.com
-vv – turn on verbose logging; this is helpful when you’re trying to debug a connection issue. You may wish to turn it off once you can reliably connect, as it probably slows down the connection.
-N – Do not execute a remote command.
-L 5901:198.160.1.39:5901 – Specifies that the given port (5901) on the local (client) host is to be forwarded to the given host (198.160.1.39) and port (5901) on the remote side. This works by allocating a socket to listen to the port (5901) on the local side. Whenever a connection is made to port 5901, the connection is forwarded over the secure channel, and a connection is made to port 5901on the host from the remote machine.
gateway.example.com – the gateway through which ssh connects to the host machine.
If you successfully establish the tunnel, you should see something like this in the output:
debug1: Authentication succeeded (publickey).
debug1: Local connections to LOCALHOST:5901 forwarded to remote address 198.160.1.39:5901
debug1: Local forwarding listening on ::1 port 5901.
debug2: fd 12 setting O_NONBLOCK
debug1: channel 0: new [port listener]
debug1: Local forwarding listening on 127.0.0.1 port 5901.
You can run it as a background process without too much logging with this command:
$ ssh -N -L 5901:198.160.1.39:5901 gateway.example.com &
Next, you will need to download and install your VNC client. I use Chicken of the VNC:
$ curl -O http://easynews.dl.sourceforge.net/sourceforge/cotvnc/cotvnc-20b4.dmg
Click on the installer, and copy the app to your Applications folder. Then click on the app to launch.
Select the “Connection” menu. The Host text field should have be “localhost”. Enter “1″ into the Display text field. Uncheck the “View only” box (so that you can move things around), and check the “Allow other clients to connect” (assuming that you want others to be able to control the machine at the same time).
Click Connect. If all goes well, you should see a window displaying the screen of the remote server.
Debugging tips
———————
Once you’ve installed the Vine server, click the Startup tab. Note the settings “Start server when the application launches” and “Restart server if it terminates unexpectedly.” If you click the latter, Vine will install a script at /Library/Startupitem/OSXvnc, that will try to restart Vine if it dies. This can be a bother, if you’re trying to kill Vine so that you can start fresh.
On that same menu, if you click “Start system Server”, the VNC client will start a system server that will start when the machine boots, and run independent of the desktop servers. This can be confusing if you’re trying to debug a connection issue, since VNC servers started from the gui will start, but will listen on ports higher than the default port.
Leave a Reply
You must be logged in to post a comment.