Sunday, July 06, 2008

Remote support through NAT firewalls

Remote support with tools like Remote Desktop, (Tight|Real|Ultra)VNC servers and clients etc. normally requires forwarding ports through NAT routers/firewalls on one side or the other.

In practice, this doesn't quite work: guiding the remote user over the phone to configure his router is unrealistic. He probably doesn't even know his router's password.

An alternative is to use reverse connections, so you deal with the port forwarding on your own router. But this doesn't work either if you are away from home and connect through someone else's router.

There are services which allow you to use someone else's server in the middle of the connection. But these services are usually expensive, charging a monthly fee, and besides you may not want the data to go through some third party's server for security reasons.

One nice solution I found for Windows is to use UltraVNC Single Click, and to run an UltraVNC repeater on my own server. The principle is shown here.

(I'm still looking for an equivalent solution to connect to remote Macs, so if you have suggestions, please post a comment).

So if you have a server with a public IP address you can do this to support Windows users.

Install a repeater on your server:

For my Debian Linux server, I installed the Linux version of the UltraVNC repeater from here:

After unzipping and moving into the directory, compilation was trouble free with a simple make.

The rest consisted of the following steps (which were quickly adapted from this post, and could probably be improved):
  • Create a new user: adduser uvncrep (with the shell set to /bin/false)
  • Edit the .ini file to produce a /etc/uvncrepeater.ini resembling this (use your server's IP for the "ownipaddress" value, and any numbers you like for the "idlistx" values).
    viewerport = 5900
    serverport = 5500
    ownipaddress = aaa.bbb.ccc.ddd
    maxsessions = 10
    runasuser = uvncrep
    allowedmodes = 2
    logginglevel = 3

    requirelistedid = 0
    idlist0 = 1800
    idlist1 = 1801
    idlist2 = 1803

    useeventinterface = false
  • Copy the repeater executable to /usr/local/sbin/uvncrepeaterd
  • Create /etc/init.d/uvncrepeater:


    #if service file does not exist then exit the script

    if test ! -x $UVNCREPSVC ; then
    echo $UVNCREPSVC file was not found.
    echo Exiting...
    exit 2

    #Create the file to start the service if it does not exist

    if test ! -x $UVNCREPRUN ; then
    echo '#!/bin/sh' > $UVNCREPRUN
    chmod +x $UVNCREPRUN

    case "$1" in
    echo -n "Running UltraVNC Repeater..."
    start-stop-daemon --start -b -m -p $UVNCREPPID --exec $UVNCREPRUN -- $UVNCREPLOG
    echo "."
    echo "Stopping UltraVNC Repeater..."
    start-stop-daemon --stop -p $UVNCREPPID
    echo "Usage: $0 {start|stop}"
    exit 1
    exit 0
  • Start the daemon with /etc/init.d/uvncrepeater start

Configure the Single Click executable

This is the small executable which your clients will download and run so that you can access their computer.

You can follow the instructions here.

For the helpdesk.txt file, you can use the one provided in However, it is a bit messy, and has a few typos/spelling mistakes. If you prefer, you can try this alternative template or this sample file instead. Both will need editing, particularly to set your server's hostname and one of the IDs you configured on the server .

Then set up a page from which your clients can download the SC executable.

Set up the UltraVNC viewer

After installing UltraVNC on your machine, start the viewer, and configure it like this:

VNC Server: ID:xxxx (where xxxx is the id number used in your repeater .ini file and when creating the SC executable). "ID" must be in uppercase, and there must be no space in the whole field.

Check Proxy/Repeater and enter your repeater's name or IP and port. For example:

UltraVNC Viewer settings


As far as I can tell, VNC Reflector looks like it would provide the same functionality as the repeater. I haven't tried it.

To support Vista users, there are some difficulties. Apparently there may be solutions in this lengthy thread, but I haven't tried them yet. (Fortunately, I have been able to mostly avoid Vista until now.)

And, as mentioned at the beginning, I would be glad to find a solution to support Mac users from my Windows box through my repeater.

Labels: , , , ,


Anonymous Anonymous said...

Try TeamViewer

24 May, 2009 08:46  

Post a Comment

<< Home