Good connection but no remote control

Good connection but no remote control

Postby mudshark » 2011-04-14 03:05

Want to remotely take control of 64-bit Win7 PC running uvnc server 1.0.8.2 x64.

From any other PC I connect from I can log in to uvnc server; the wallpaper goes away and the target PC gets a balloon from the tray that win7 is now in basic video mode BUT no mouse or keystrokes (even the CTRL-ALT-DEL from the toolbar) are executed on the target PC.

Any ideas?
RichieG
mudshark
20
20
 
Posts: 36
Joined: 2007-09-15 23:55

Re: Good connection but no remote control

Postby B » 2011-04-14 14:20

Make sure the view-only password and "VNC password" are different from one another.
B
Super-Mod
Super-Mod
 
Posts: 2347
Joined: 2009-09-09 14:05

Re: Good connection but no remote control

Postby mudshark » 2011-04-14 14:27

Ah HA! I didn't read and assumed the 2nd P/W text entry box was a "confirm password" box. Thanks, I'll chk that out tomorrow.
RichieG
mudshark
20
20
 
Posts: 36
Joined: 2007-09-15 23:55

Re: Good connection but no remote control

Postby mudshark » 2011-04-16 02:18

Strange. I am now sure the password for VNC & View-Only are different and still, logging in to the server PC from a browser on another PC I can view the server desktop but cannot effect any control.
The symptoms as previously listed are unchanged.

I didn't mention it but I am trying to access the server PC via a web browser via a URL, such as:
http://subname.dyndns.org:12345

At home in the router port forwarding is:
incoming port 12345 = private, internal IP:5800
incoming port 5500 = private, internal IP:5500
incoming port 5900 = private, internal IP:5900

I am open to suggestions.
Thx
RG
Last edited by mudshark on 2011-04-17 00:11, edited 1 time in total.
RichieG
mudshark
20
20
 
Posts: 36
Joined: 2007-09-15 23:55

Re: Good connection but no remote control

Postby redge » 2011-04-17 00:40

known issue
there not possible to double nat with javaviewer, unsupported for now.
or bug ?

so you need to change to:
incoming port 5800 = private, internal IP:5800
othewise fail.

this need a review of javaviewer part redirection port forwarding code source

edit added...
there only single port forwarding work with vncviewer but there double port forwarding with javaviewer,
for fix this issue, single port sharing java and winvnc, feature removed, Hope would come back and requested many time.
Last edited by redge on 2011-04-17 00:42, edited 1 time in total.
UltraVNC 1.0.9.6.1 (built 20110518)
OS Win: xp home + vista business + 7 home
only experienced user, not developer
redge
Super-Mod
Super-Mod
 
Posts: 6815
Joined: 2004-07-03 17:05
Location: Switzerland - Geneva

Re: Good connection but no remote control

Postby mudshark » 2011-04-17 13:51

redge wrote:known issue - there not possible to double nat with javaviewer, unsupported for now. or bug ?
Not doing double NAT. Public IP to my NAT router where the port forwards are.
redge wrote:so you need to change to: incoming port 5800 = private, internal IP:5800 othewise fail.
Router will not allow me to forward 2 incoming ports (12345 & 5800) to same internal port. My intention was to access home PC via http://dyndnsname.org:12345 instead of port 5800 for security reasons. Wrong of me?
RichieG
mudshark
20
20
 
Posts: 36
Joined: 2007-09-15 23:55

Re: Good connection but no remote control

Postby B » 2011-04-18 16:12

redge, I'm not sure I follow you -- it has to have the incoming transmission NATted to the private address in EITHER case, whether or not the port is redirected. What known issue do you mean?

My guess is mudshark would have the SAME issue when using the standard VNC viewer from the remote machine. Could you confirm, mudshark?

I think your "12345" port redirection should be fine, although there's no reason you couldn't simply tell your home PC to deliver the Javaviewer on 12345 instead of 5800; that way there would be no port redirection involved -- you'd go 12345>12345 at the router.
B
Super-Mod
Super-Mod
 
Posts: 2347
Joined: 2009-09-09 14:05

Re: Good connection but no remote control

Postby mudshark » 2011-04-19 04:13

B wrote:My guess is mudshark would have the SAME issue when using the standard VNC viewer from the remote machine. Could you confirm, mudshark?
I do not know what you mean by "using the standard VNC viewer from the remote machine." See below for what I know and what I am trying to do.
B wrote:I think your "12345" port redirection should be fine, although there's no reason you couldn't simply tell your home PC to deliver the Javaviewer on 12345 instead of 5800; that way there would be no port redirection involved -- you'd go 12345>12345 at the router.
I was under the impression that I NEEDED ports opened as such:

incoming port NNNNN = private, internal IP:5800
incoming port 5500 = private, internal IP:5500
incoming port 5900 = private, internal IP:5900

Where NNNNN= any non-standard VNC port for security sake.

Here is what I want to do that is not working:
- Run UVNC server on my new 64-bit Windows 7 PC so I can use any browser from anywhere to access my PC remotely by way of entering a URL such as http://myDYNDNSname.org:NNNNN

I have this working on my old (32-bit) XP PC with an old version of UVNC. I assumed I ought to upgrade to newest UVNC for the usual reasons but more so for the 64-bit difference.
RichieG
mudshark
20
20
 
Posts: 36
Joined: 2007-09-15 23:55

Re: Good connection but no remote control

Postby redge » 2011-04-19 21:50

mudshark, wish version support java port forwarding success ?

incoming 12345 --> 5800 --> 5900
outgoing 5900 ---> 5800 --> 1245

i know only old version have the single port sharing override this limitation.
so you only need to forward 1 port and not 2 ports.

anyway, there a rule of VNC port jump +10 or -10
5800 to 5899
5900 to 5999

forward 5840 external to 5800 internal
forward 5940 external to 5900 internal
Last edited by redge on 2011-04-19 21:54, edited 1 time in total.
UltraVNC 1.0.9.6.1 (built 20110518)
OS Win: xp home + vista business + 7 home
only experienced user, not developer
redge
Super-Mod
Super-Mod
 
Posts: 6815
Joined: 2004-07-03 17:05
Location: Switzerland - Geneva

Re: Good connection but no remote control

Postby mudshark » 2011-04-20 04:50

redge wrote:mudshark, wish version support java port forwarding success?
I do not understand.
redge wrote:incoming 12345 --> 5800 --> 5900
outgoing 5900 ---> 5800 --> 1245
Here you show ports forwarding twice. Again, I do not understand. There are OUTSIDE (public, incoming) ports and private ports inside the LAN that go directly to a PC with a static IP address. That is a single forward only for each port that needs to be forwarded.
redge wrote:i know only old version have the single port sharing override this limitation. so you only need to forward 1 port and not 2 ports.
anyway, there a rule of VNC port jump +10 or -10
5800 to 5899
5900 to 5999
forward 5840 external to 5800 internal
forward 5940 external to 5900 internal
I complete do not understand. It is here much more complex than it should be. Sorry to be so thick. :(
RichieG
mudshark
20
20
 
Posts: 36
Joined: 2007-09-15 23:55

Re: Good connection but no remote control

Postby mudshark » 2011-04-20 06:15

Problem solved

We got hung up on the port forwards when in fact I had that correct from the begining.

I just now copied the server's PROPERTIES and ADMIN PRROPERTIES as configured on a working PC and now this one works too.

Is there a great guide explaining all the available settings in the 2 different properties screens?
RichieG
mudshark
20
20
 
Posts: 36
Joined: 2007-09-15 23:55

Re: Good connection but no remote control

Postby B » 2011-04-21 15:26

I was just saying you should test with UltraVNC Viewer (the program) instead of using the browser (Java) viewer. But I'm glad you got it fixed.
B
Super-Mod
Super-Mod
 
Posts: 2347
Joined: 2009-09-09 14:05


Re: Good connection but no remote control

Postby mudshark » 2011-04-22 05:03

B wrote:I was just saying you should test with UltraVNC Viewer (the program) instead of using the browser (Java) viewer.
So you are saying I can use the viewer app across the internet the same way as I would use a browser? Enter the URL:port and voilà? I suppose then I can also use DSM encryption...
RichieG
mudshark
20
20
 
Posts: 36
Joined: 2007-09-15 23:55

Re: Good connection but no remote control

Postby B » 2011-04-22 15:28

Well, yeah! The browser feature was always a nice-to-have, but is not where the real VNC action is, or was.

As long as you've already forwarded the VNC server's listening port at your router/firewall (which you have, if the browser viewer is working), you can use the full VNC viewer from a remote machine, connecting to your.machine.com::xxxx where xxxx is the listening port number and your.machine.com (or its public IP address) is the DNS name for the public IP address held by your VNC server's router.

That's the "normal" way to use VNC, though it's arguably a little less convenient than the browser viewer (you need to be able to run a VNC viewer, the UltraVNC version is only on Windows, etc., there may be firewall or proxy issues, etc.)

Keep in mind that <b>all</b> that the browser version you're using does is download a Java applet that then connects to the SAME open VNC server port as the regular VNC viewer would. That is, port 5800 just delivers the Java app, period. Port 5900 (or the port of your choosing) does the real VNC work in all cases.
B
Super-Mod
Super-Mod
 
Posts: 2347
Joined: 2009-09-09 14:05

Re: Good connection but no remote control

Postby mudshark » 2011-04-23 03:41

OK, I don't know why I'd assumed the VIEWER was a LAN-only tool and across the internet I'd use a browser. Hated that via a browser the 8 character password limit.
I can carry the viewer on a flash drive I almost always have with me and thus use a DSM plug-in BUT THEN, if I should get stuck w/o my flash drive, I'd never be able to log in from just any browser.
* Agonizing decision *
RichieG
mudshark
20
20
 
Posts: 36
Joined: 2007-09-15 23:55

Re: Good connection but no remote control

Postby B » 2011-04-27 17:46

It's not that tough:

a. You can do both, using the USB stick ordinarily but leaving the web version available on an obscure port with a good password.

b. You can always download a fresh copy of the standard VNC viewer, though it might be a little tricky if the encryption you've chosen is not public key. (Even then, you could leave yourself a key file downloadable from a password protected web or ftp site or e-mail account.)

There are about a zillion other ways to slice it too (VPNs and other tunnels, proxies, repeaters, etc.)
B
Super-Mod
Super-Mod
 
Posts: 2347
Joined: 2009-09-09 14:05

Re: Good connection but no remote control

Postby mudshark » 2011-04-28 00:21

B wrote:You can do both, using the USB stick ordinarily but leaving the web version available on an obscure port with a good password.
I don't understand doing both.
If the server has encryption=ON then I cannot use the browser method, which is limited to an 8-bit, unencrypted password. Right?
If I can open an "obscure port" and have "a good password" then I don't need the VNCviewer app. But, & correct me if I'm wrong but, can you really have a good password of only 8 characters? This would seem to demand using the viewer app plus encryption.

Either way I've run into 2 problems, 1 for each access method!
Problem #1: via web browser - At one server's location I cannot find a way to obscure the incoming port in their router (a Cicso RV016)! I can only open/forward ports that externally & internall match.. i.e. incoming port 12345 will only forward to 192.168.n.n:12345.
At present for this location I have port 5800 forwarding to port 5800. (I assume the other 2 required ports, 5500 & 5900 are OK to not obscure.)
Problem #2: via VNCviewer app - Can only get the viewer to work from inside the LAN *and* addressing the VNCserver by the machine's IP address. Using the viewer from outside the LAN never works. Using the URL (http://myname.dyndns.org:12345) in a browser (even off-LAN) does work. Using the viewer by specifying a hostname in or outside the LAN (even with the double :: such as http://myname.dyndns.org:12345) never works. Yes I test with the firewall=OFF.

B wrote:b. You can always download a fresh copy of the standard VNC viewer, though it might be a little tricky if the encryption you've chosen is not public key. (Even then, you could leave yourself a key file downloadable from a password protected web or ftp site or e-mail account.) There are about a zillion other ways to slice it too (VPNs and other tunnels, proxies, repeaters, etc.)
Sheesh! I can worry about encryption once I get the viewer working unencrypted!!
About the "standard VNC viewer"... Is THAT what goes on a USB key? I tried using the install pkgs to install the viewer to my key but all that did was not work on the key and break the viewer already installed on my PC!
Thanks much
RG
RichieG
mudshark
20
20
 
Posts: 36
Joined: 2007-09-15 23:55

Re: Good connection but no remote control

Postby B » 2011-04-28 14:58

I believe you can make the DSM plugin usage available but optional, but don't hold me to that. And of course a good password can be 8 characters (particularly if you change it occasionally), as long as the server slows down a brute force guessing attack. (But again, I'm not sure how WinVNC reacts to such an attack.) As to trasmitting it in the clear, VNC doesn't actually do that; I believe it's hashed.

Re: "Problem #1", you don't need to keep using 5800 and 5900 on the WinVNC server itself -- just change the listening ports in the WinVNC server properties to match the ones you want your router to forward!

Re: "Problem #2", are you really entering "http://" each time? As I tried to make clear in another response to you, it is NOT appropriate to enter those kind of URLs into the normal VNC Viewer! Just enter the hostname::port as I mentioned.


Re: the VNC Viewer, it's pretty much a standalone executable. I've run multiple different versions from the same PC without much issue. You can just copy vncviewer.exe (from, for example, your installed UltraVNC directory) to your USB stick.
B
Super-Mod
Super-Mod
 
Posts: 2347
Joined: 2009-09-09 14:05

Re: Good connection but no remote control

Postby mudshark » 2011-04-29 18:33

B wrote:Re: "Problem #1", you don't need to keep using 5800 and 5900 on the WinVNC server itself -- just change the listening ports in the WinVNC server properties to match the ones you want your router to forward!
I do not know what each port is for.
I know that when I did have it working I had opened 3 ports thru the router: 5500, 5800, & 5900, with 5800 being obfuscated by a random 5-digit port for access to my server via a web browser. (The other 2 ports pass-thru at their actual port number.)
Can you Identify what each port is for? Ought I close or obfuscate the other 2 ports?
My ultimate intention is to have access to the VNCserver on my LAN and also to allow SC clients to get thru to a 'listening' viewer, but I'll get to that after I get past this 'cannot use viewer from outside the LAN' problem!
B wrote:Re: "Problem #2", are you really entering "http://" each time? Just enter the hostname::port.
Correct (sorry, I mistyped). When trying to access the server with the viewer am entering NOT a 'real' URL, am entering myname.dyndns.org::12345 which never works. (From browsers add the http:// at the beginning and use only 1 : and it does work.)
Thanks for all you attention. It is very much appreciated. Rich
RichieG
mudshark
20
20
 
Posts: 36
Joined: 2007-09-15 23:55

Re: Good connection but no remote control

Postby B » 2011-04-29 19:37

5900 is the meat-and-potatoes remote control port on a VNC "server". It's what VNC actually uses to communicate.

5800 is ONLY used as a "mini web server" to deliver the Java applet. Once that Java viewer applet is running, the applet connects back across port 5900 to do remote control.

5500 is used in "listening" reverse-connecting viewer AND in repeaters.

NONE of those port numbers are hard-coded; they can (and should in my estimation) all be changed to "obscure" high numbered ports when enabling Inbound Internet access.

If, for example, you changed them to 15900, 15800, and 15500 in the WinVNC server, listening viewer, and/or Repeater applications, you would just have your router forward those same ports through to the relevant server and/or repeater machines. (The port 5800 and 5900 connections should go to the SAME machine).

So if as you say you have just one VNC server on your internal LAN, and you want to have one listening viewer (and you're not using a repeater), you'd forward ports 15900 and 15800 (for example) to your VNC server PC and port 15500 (For example) to your listening VNC viewer PC. You'd also make sure those ports were defined in the VNC server and viewer properties.

When you connect with the remote VNC viewer, you'd use myname.dyndns.org::15900 -- NOT the same port number you'd use for the web client! Again, the web client's port number is ONLY for delivering the Java applet.

I hope this helps. (Also, someone please let me know if I've gotten anything wrong.)
B
Super-Mod
Super-Mod
 
Posts: 2347
Joined: 2009-09-09 14:05

Re: Good connection but no remote control

Postby redge » 2011-04-29 21:42

mudshark

for remote support (alternate SC)
try chunkvnc


3 basic port information of VNC

5900 TCP winvnc listen for incoming connection or vncviewer initiate outgoing connection to port 5900
5800 TCP javaviewer redirected internal to winvnc port 5900
5500 TCP winvnc initiate outgoing connection to vncviewer or vncviewer listen port 5500 for incoming connection of winvnc
UltraVNC 1.0.9.6.1 (built 20110518)
OS Win: xp home + vista business + 7 home
only experienced user, not developer
redge
Super-Mod
Super-Mod
 
Posts: 6815
Joined: 2004-07-03 17:05
Location: Switzerland - Geneva

Re: Good connection but no remote control

Postby mudshark » 2011-04-29 22:23

B wrote:When you connect with the remote VNC viewer, you'd use myname.dyndns.org::15900 -- NOT the same port number you'd use for the web client! Again, the web client's port number is ONLY for delivering the Java applet.
Ah. No, I was using the same port in the viewer as I was in the web client. Excellent. Thank you! And thank others here also.
RichieG
mudshark
20
20
 
Posts: 36
Joined: 2007-09-15 23:55


Return to 1.0.8.X (stable)

Who is online

Users browsing this forum: No registered users and 3 guests