Understanding reverse connections using repeater

Here you will find help for frequently asked questions as well as for your specific question.

Understanding reverse connections using repeater

Postby rattkin » 2011-01-27 17:37

Could someone explain me (or point to a thread/documenation) the exact inner workings of procedure of connecting two machines using reverse connections via repeater?

I'm currently working on a project for a client that the working setup already. Unfortunately their technicians are long gone, so noone can explain my why it actually works. I was hoping to get some detailed response from here.

The client uses repeater. I don't know the configuration of the repeater, but I assume it works in Mode II with proxy on 443. Client uses reverse connections via this repeater. But the way of connecting client and server is a bit unclear to me :

vncviewer ID:2222 -shared -proxy servername:5901
winvnc -id:2222 -connect servername:443 -run

The servername is the same for both cases, the ID obviously changes. This setup allows for reverse connection via repeater and works well. However :

- the "proxy" option in repeater, says that when in proxy mode, the same port (443) will be used for client and server. However it's used only for the server here, while client is "connecting/listening" on 5901 (which is standard repeater mode 2, right?). It works. But when I change vncviewer to use 443 also, it does not work. So how proxy in repeater mode 2 works actually? Does it connect the proxy port with 5901? Can I connect two machines via repeater, using reverse connection, without using proxy?
- winvnc.exe has a commandline option "/repeater" - you can see it when asking with /?. It's not described on the website, though. Why is it in application, and what does it do exactly - or maybe it's just a remnant that should be deleted?
- vncviewer.exe window sometimes shows 5901 as port, and sometimes the ID value (2222) - why is it so random, is anything influencing this?

The repeater page on the website covers very basic scenarios and seem to have outdated screens anyway. Would be very grateful if someone could explain my why this weird syntax and port changes.
Last edited by rattkin on 2011-01-28 07:17, edited 2 times in total.
rattkin
8
8
 
Posts: 9
Joined: 2010-12-15 16:52

Re: Understanding reverse connections using repeater

Postby supercoe » 2011-01-28 03:53

I'll be happy to give you very detailed answers this weekend when I'm working off of more than just a phone.

I had many of these same questions in the past, we'll get the repeater docs updated.

I hope you can wait until then for an answer.
http://www.chunkvnc.com - ChunkVNC - Free PC Remote control with the Open Source UltraVNC wrapper InstantSupport!
User avatar
supercoe
Super-Mod
Super-Mod
 
Posts: 1735
Joined: 2009-07-20 21:27
Location: Walker, MN

Re: Understanding reverse connections using repeater

Postby rattkin » 2011-01-28 07:17

Sure. Thanks for that.
rattkin
8
8
 
Posts: 9
Joined: 2010-12-15 16:52

Re: Understanding reverse connections using repeater

Postby supercoe » 2011-02-01 03:30

I just wanted to update you that the tutorial I started writing is almost doneand I didn't forget. ;)
I'll finish it up and post it tomorrow.
http://www.chunkvnc.com - ChunkVNC - Free PC Remote control with the Open Source UltraVNC wrapper InstantSupport!
User avatar
supercoe
Super-Mod
Super-Mod
 
Posts: 1735
Joined: 2009-07-20 21:27
Location: Walker, MN

Re: Understanding reverse connections using repeater

Postby supercoe » 2011-02-02 00:32

UltraVNC HowTo: Viewer, Server and Repeater Connections.



Let's start off with some basic UltraVNC terminology.

Viewer: The UltraVNC viewer (vncviewer.exe) displays the remote computer desktop in a window. It allows you to connect to a Server directly or through a Repeater. The Viewer also provides you with a toolbar for extra functionality such as file transfer, CTRL+ALT+DEL, etc...

Server: The UltraVNC server (winvnc.exe) runs on the computer that needs to be controlled. By default it will open port 5900 and wait for an incoming connection from the Viewer. When it makes an outgoing connection port 5500 is used by default. (For simplicity of this article we won't get into the other opened ports for the Java viewer. We are also assuming initial setup is completed (passwords entered, etc...))

Repeater: The UltraVNC repeater (repeater108.exe) is a simple TCP rendezvous program which needs to be continually running for the Viewer and Server to communicate with each other through it. As you will soon see the repeater allows for a stationary connection point for both the Viewer and Server. Because of this, firewall configuration to allow an incoming VNC connection isn't necessary on the Server side. The Repeater is can also be referred to as a proxy. (For simplicity of this article we will focus on the Windows based repeater but others have ported it to many platforms.)


How about an example? :D


Here is a diagram of a typical situation, two local networks connected to the internet:

Code: Select all
ComputerA <-------> RouterA <-------> ( ( Internet/WAN ) ) <-------> RouterB <-------> ComputerB
                                                ^
                                                |
                       Repeater <---------------/


ComputerA: Has a local IP address 192.168.1.100 assigned to it via DHCP from RouterA.
RouterA: DCHP server, Firewall, NAT for ComputerA and has a WAN IP of 1.1.1.1
RouterB: DCHP server, Firewall, NAT for ComputerB and has a WAN IP of 2.2.2.2
ComputerB: Has a local IP address 192.168.2.200 assigned to it via DHCP from RouterB.
Repeater: Has a WAN IP of 3.3.3.3 and is running on a server directly connected to the internet.




How would you control ComputerB from ComputerA with UltraVNC?

1) Run the Server on ComputerB.
2) Configure RouterB to open port 5900 on it's firewall and direct that request to ComputerB's local address (192.168.2.200).
3) ComputerA could then connect to port 5900 on 2.2.2.2 (RouterB) with the Viewer which would forward the request to ComputerB.

Connection direction:
Code: Select all
ComputerA -------> RouterA -------> ( ( Internet/WAN ) ) -------> RouterB -------> ComputerB


Command line:
Code: Select all
SERVER / ComputerB
"winvnc.exe"

VIEWER / ComputerA
"vncviewer.exe 2.2.2.2::5900"



Not that hard you say? 8)
Let's make it a bit more difficult!


What happens when you don't have privileges to modify the firewall settings in RouterB but you do in RouterA?
There's no way for ComputerA to make a connection directly to ComputerB unless RouterB specifically allows for it.
This is why UltraVNC allows the Server to make the outgoing connection to the Viewer!

Since we can control the firewall on RouterA we'll open a port and forward it to ComputerA.

1) Run the Viewer in listen mode on ComputerA
2) Configure RouterA to open port 5500 on it's firewall and direct that request to ComputerA's local address (192.168.1.100).
3) ComputerB can then tell the Server to make a connection to the Viewer (aka reverse connection).

Connection direction:
Code: Select all
ComputerA <------- RouterA <------- ( ( Internet/WAN ) ) <------- RouterB <------- ComputerB


Command line:
Code: Select all
VIEWER / ComputerA
"vncviewer.exe -listen 5500"

SERVER / ComputerB
"winvnc.exe -connect 1.1.1.1::5500 -run"



OK, now that we are warmed up, let's get crazy. :D


What happens when you don't have privileges to modify any firewall settings?
The best part about most firewall solutions is that they will allow outgoing connections to anything on the internet so we won't have to configure any firewalls this time!
Since the Repeater is publicly accessible on port 5900 for the Viewer and port 5500 for the Server it only requires an ID number to match for it to connect a Viewer and Server.

1) Start the Repeater in "Mode II" with a Viewer port of 5901 and a Server port of 5500.
2) In any order connect the Server and Viewer to the Repeater with ID 1234.


Connection direction:
Code: Select all
ComputerA -------> RouterA -------> ( ( Internet/WAN ) ) <------- RouterB <------- ComputerB
                                              |
                                              |
                     Repeater <---------------/



Command line:
Code: Select all
VIEWER / ComputerA
"vncviewer.exe -proxy 3.3.3.3::5901 ID:1234"

SERVER / ComputerB
"winvnc.exe -ID:1234 -connect 3.3.3.3::5500 -run"
http://www.chunkvnc.com - ChunkVNC - Free PC Remote control with the Open Source UltraVNC wrapper InstantSupport!
User avatar
supercoe
Super-Mod
Super-Mod
 
Posts: 1735
Joined: 2009-07-20 21:27
Location: Walker, MN

Re: Understanding reverse connections using repeater

Postby supercoe » 2011-02-02 00:58

Now to be more specific with your questions. :)


Could someone explain me (or point to a thread/documenation) the exact inner workings of procedure of connecting two machines using reverse connections via repeater? I'm currently working on a project for a client that the working setup already. Unfortunately their technicians are long gone, so noone can explain my why it actually works. I was hoping to get some detailed response from here.

I hope my writeup covers this for you, the problem here is that the Windows Repeater can be used in different "modes".
Mode II is the only one that I ever use (I believe the other modes are legacy), this is the mode that will accept and ID number from both the Server and Viewer and then just connect them.



- the "proxy" option in repeater, says that when in proxy mode, the same port (443) will be used for client and server. However it's used only for the server here, while client is "connecting/listening" on 5901 (which is standard repeater mode 2, right?). It works. But when I change vncviewer to use 443 also, it does not work. So how proxy in repeater mode 2 works actually? Does it connect the proxy port with 5901? Can I connect two machines via repeater, using reverse connection, without using proxy?

Many corporate networks block most outgoing ports except 443 so it's common to have the Server make a reverse connection to the Repeater on this port. You'll want to keep the repeater in "Mode II" and change the Server port to 443 while keeping the Viewer connecting on port 5901.
To my knowledge the other settings such as "Enable Proxy 443" and "Mode I" are only used by PCHelpware and SCIII
Also, try not to confuse a HTTP proxy with the Repeater (which is also referred to as a proxy because of how it relays the connection between the Viewer and Server).


- winvnc.exe has a commandline option "/repeater" - you can see it when asking with /?. It's not described on the website, though. Why is it in application, and what does it do exactly - or maybe it's just a remnant that should be deleted?

Not sure, hopefully redge or Rudi can chime in on this one.


- vncviewer.exe window sometimes shows 5901 as port, and sometimes the ID value (2222) - why is it so random, is anything influencing this?

Can you clarify what you mean? In the status window?


The repeater page on the website covers very basic scenarios and seem to have outdated screens anyway. Would be very grateful if someone could explain my why this weird syntax and port changes.

But then ChunkVNC wouldn't be as popular now would it? j/k :P I think once we figure out what all the repeater options are then the page should be updated.
In my experience most users prefer the Linux or Perl repeater instead of the Windows one anyway.
http://www.chunkvnc.com - ChunkVNC - Free PC Remote control with the Open Source UltraVNC wrapper InstantSupport!
User avatar
supercoe
Super-Mod
Super-Mod
 
Posts: 1735
Joined: 2009-07-20 21:27
Location: Walker, MN

Re: Understanding reverse connections using repeater

Postby rattkin » 2011-02-02 01:13

This is a great tutorial, I appreciate the effort. So now I know that the 443 port is not a proxy, just an alternative port to 5500 when it is blocked on firewall.

As for my viewer question and changing infos - yes, that's on status window, the small one appearing before you get the connection. The port sometimes shows the port, and sometimes the ID used. It does not seem to affect the actual connection, though. Could it be some timing issues with repeaters maybe?
rattkin
8
8
 
Posts: 9
Joined: 2010-12-15 16:52

Re: Understanding reverse connections using repeater

Postby supercoe » 2011-02-02 01:15

Not sure, I've never really paid attention to the status window. :P I'll make an effort to look at it.
http://www.chunkvnc.com - ChunkVNC - Free PC Remote control with the Open Source UltraVNC wrapper InstantSupport!
User avatar
supercoe
Super-Mod
Super-Mod
 
Posts: 1735
Joined: 2009-07-20 21:27
Location: Walker, MN

Re: Understanding reverse connections using repeater

Postby redge » 2011-02-02 08:47

- winvnc.exe has a commandline option "/repeater" - you can see it when asking with /?

Only Rudi can explain, i have no idea how to use it
i did a short test and fail

vncviewer -repeater host::5900 id:1234
winvnc.exe -id:1234 -repeater host::5500 -run
UltraVNC 1.0.9.6.1 (built 20110518)
OS Win: xp home + vista business + 7 home
only experienced user, not developer
redge
Super-Mod
Super-Mod
 
Posts: 6815
Joined: 2004-07-03 17:05
Location: Switzerland - Geneva

Re: Understanding reverse connections using repeater

Postby YY » 2011-02-02 17:25

- winvnc.exe has a commandline option "/repeater" - you can see it when asking with /?

This option solves an old problem. It is used to bring up the "Initiate Outgoing Connection" window (now name as "Initiate Connection").

At long time ago, during developping his project SC_Prompt, JDaus wanted to use the Cmdline to bring up the "Initiate Outgoing Connection" window, by using the "-connect" and "-run" options. However, he found they were not able to work as what he expected.

He then asked the developer to add a command option for this feature. Rather than creating a new option, the developer modified the "-connect" to satisfy his requirement, but that modification also resulted some side effects.

I don't know if the "-repeater" option is created due to the above mentioned reason, but it does that job exactly. To use it:

1. Assume the UVNC is not running (either service nor application)
2. Run this command:
  winvnc.exe -repeater host_name:port -run
YY
200
200
 
Posts: 996
Joined: 2006-11-13 15:11


Return to General help

Who is online

Users browsing this forum: No registered users and 3 guests

cron