Update: UltraVNC 1.4.3.6 and UltraVNC SC 1.4.3.6: viewtopic.php?t=37885
Important: Please update to latest version before to create a reply, a topic or an issue: viewtopic.php?t=37864

Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://twitter.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc

Restrict UVNC to the LAN

Post Reply
OldPCGuy
Posts: 4
Joined: 2016-04-10 17:09

Restrict UVNC to the LAN

Post by OldPCGuy »

I don't need or want external access, VPN or otherwise.

How do I configure the "server" service to only accept remote connections from PCs' on my LAN (home network)?
User avatar
Rudi De Vos
Admin & Developer
Admin & Developer
Posts: 6832
Joined: 2004-04-23 10:21
Contact:

Re: Restrict UVNC to the LAN

Post by Rudi De Vos »

The combination of the following parameters you can decide ( ip based) who has access)
You can deny,allow access or popup a messagebox that ask permission to access the PC.


AuthHosts=
+ =allow
- = deny
? = query
syntax:
-:+10.0.60.141:?10.0.31.169:-10.0.20.240:
instead of 10.0.60.141 you can use 10.0.60, then it is valid for the full range of ip addresses..

QuerySetting=2
Define on how to react on the (-,?,+) from the Authhosts.
0="+:Accept, ?:Accept, -:Query"
1="+:Accept, ?:Accept, -:Reject"
2="+:Accept, ?:Query, -:Reject [Default]"
3="+:Query, ?:Query, -:Reject"
4="+:Query, ?:Reject, -:Reject"
It is used to specify a set of IP address templates which incoming connections must match in order to be accepted. By default, the template is empty and connections from all AuthHosts_Tip5="hosts are accepted. The template is of the form:
+[ip-address-template]
?[ip-address-template]
-[ip-address-template]
In the above, [ip-address-template] represents the leftmost bytes of the desired stringified IP-address.
For example, +158.97 would match both 158.97.12.10 and 158.97.14.2. Multiple match terms may be specified, delimited by the ":" character. Terms appearing later in the template take precedence over earlier ones. e.g. -:+158.97: would filter out all incoming connections except those beginning with 158.97. Terms beginning with the "?" character are treated by default as indicating hosts from whom connections must be accepted at the server side via a dialog box. The QuerySetting option determines the precise behaviour of the three AuthHosts options..

QueryTimeout=10
QueryTimeout is the time the messagebox is shown..

QueryAccept=0 ( 0=refuse 1=accept 2=refuse)
This popup a timed messagebox to allow the user (server site) to allow/reject an incoming connect..

QueryIfNoLogon=0
Disable/enable query settings when no user is logged..

If the user is logged on, but has his screensaver on you normal can't get access as "QueryIfNoLogon" find a logged user.
to overwrite this set QueryAccept=2 and QueryIfNoLogon=0 -> no messagebox when screen is locked..
OldPCGuy
Posts: 4
Joined: 2016-04-10 17:09

Re: Restrict UVNC to the LAN

Post by OldPCGuy »

If I want to authorize a range of LAN addresses 10.0.0.XX, is the correct syntax...

-:+10.0.0,
or
+10.0.0,
or something else? i don't understand what the minus sign before the semicolon indicates.

If an AuthHost is set should I or do I have to set the following parameters or will the defaults work?

QuerySetting=2
QueryTimeout=10
QueryAccept=0
QueryIfNoLogon=0
User avatar
Rudi De Vos
Admin & Developer
Admin & Developer
Posts: 6832
Joined: 2004-04-23 10:21
Contact:

Re: Restrict UVNC to the LAN

Post by Rudi De Vos »

QuerySetting=2 2="+:Accept, ?:Query, -:Reject [Default]"

-: Reject all
-:+10.0.0: Reject all but allow 10.0.0.x
-:+10.0.0:?192.168.20: Reject all but allow 10.0.0.x and open a popup to ask permission for 192.168.20.x

With QuerySetting you set the behaviour of the -,+,?
If you use the default, 2 +=accepr, - reject and ? ask

QueryTimeout=10
QueryAccept=0
QueryIfNoLogon=0
This 3 parameters are used to define the accept/reject popup
QueryTimeout=10-> it show 10 seconds
QueryAccept=0 ( 0= If user don't reject within 10 seconds, allow) (1=if user dont allow within 10 seconds reject)
QueryIfNoLogon= Determ how the popup should react when nobody is logged on the system.
OldPCGuy
Posts: 4
Joined: 2016-04-10 17:09

Re: Restrict UVNC to the LAN

Post by OldPCGuy »

thx!
Post Reply