Update: UltraVNC 1.4.3.6 and UltraVNC SC 1.4.3.6: viewtopic.php?t=37885
Important: Please update to latest version before to create a reply, a topic or an issue: viewtopic.php?t=37864

Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://twitter.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc

Password protection for connecitons made via Repeator

Any features you would like to see in UltraVNC? Propose it here
Post Reply
swinster
20
20
Posts: 32
Joined: 2007-04-13 10:52

Password protection for connecitons made via Repeator

Post by swinster »

Hi,

This was mentioned in this post [topic=12867][/topic], but I think it deserves its own feature request.

We need to monitor a lot of computers behind different firewalls and gain access to them with no users present, 24/7. The only way I can think of to complete this task is to use the repeater in Mode 2 with the UltraVNC servers establishing a reverse connection automatically to the repeater, then a viewer can connect to a given Host ID, via the repeater.

This connection however, does not ask for a password even if one has been set. I know you can set filters on the repeater to limit the IPs of the connection or Host ID, but it would still be essential to provide password protection on each connection.
Last edited by swinster on 2008-08-25 13:47, edited 1 time in total.
Chris
swinster
20
20
Posts: 32
Joined: 2007-04-13 10:52

NO SECURITY in Mode 2!!!!

Post by swinster »

I have just realised that you can use the "Only Allow Connection to Sever" lists in Mode 2!

This means that their is absolutely NO SECURITY when trying to use the repeater in Mode 2 to manage remote servers set up to connect automatically to the repeater.

I had thought the the "Only Allow Connection to Sever" would act like an Access Control List in Mode 2, stopping any Viewer from connecting unless they were on the list.

In addition, I had anticipated the "Only Allow ID" could be used to only allow server with the relevant ID to connect.

It is a real shame that these lists cannot be used in Mode 2, especially give the fact that there is no password. I'm not sure how much work it would be to implement at least the ACLs, but probably not as much as to implement the password.
Last edited by swinster on 2008-08-26 10:59, edited 1 time in total.
Chris
DOL
Posts: 1
Joined: 2008-12-19 07:17

Re: Password protection for connecitons made via Repeator

Post by DOL »

Hi Swinster,

I've been looking at very much the same sort of thing and have ended up modifying the linux repeater source to implement 'Mode 2 Allowed Viewer IP Addresses' in the same way that it already allows restrictions on Mode 1 Server addresses.

This means that the repeater is open to anyone who wants point their server (SC in our case) at it, but will only accept viewer connections from our office.


I'm new to SC and currently trying to get encryption working :-(
swinster
20
20
Posts: 32
Joined: 2007-04-13 10:52

Re: Password protection for connecitons made via Repeator

Post by swinster »

Hi DOL,

I got around the issue of "Allowed viewer IPs" by running a firewall on the OS hosting the repeater. I actually run a virtual XP machine with COMODO firewall which I could then tune to allow specific IP addresses (either from servers or viewers if needed - but I plumped for viewers only - the same as you). The same I'm sure could be done with Linux.

I would however, still like to be able to implement a password to connect via the repeater (to give a two layer security), and to be able to encrypt the traffic both from the server to repeater, and viewer to repeater.

If you manage to come up with anything then please let me know.
Chris
Post Reply