Ultravnc installation and configuration. Incoming Connections - incoming connections. Field “Incoming Connections" - “Incoming connections"

We recommend using UltraVNC only for those users for whom the words DynDNS and Port Forwarding not an empty phrase, since setting up this program is quite complicated. All detailed information By this issue you will find on the page forum.ultravnc.net.

Program installation

The program includes UltraVNC Server and UltraVNC components Viewer version 1.1.9.1. Install the program on both the main PC and the remote machine. When installing the server in additional options Select to register the application as a system service.

Setting up access

On a computer with installed server Hover your mouse over the UltraVNC icon on the Taskbar. Then right click mouse click on the icon and select “Admin Properties”. In the “Authentication” section, set a password for the connection.

Establishing a connection

Now on the control PC, launch the UltraVNC Viewer program and in the “VNC Server” line, specify its DynDNS address (for more details, see dyn.com). Click on the "Connect" button and enter the password for your server. In response to this, UltraVNC will open a new window in which you can see the interface remote computer and control it, performing actions as on a local PC.

Encryption of data transmission

Since UltraVNC itself does not offer any encryption, you need to add it using a plugin. For the server computer, copy the SecureVNCPlugin.dsm file to the C:\Program Files\uvnc bvba\UltraVNC folder. Then right-click on the UltraVNC icon on the Taskbar and select “Admin Properties”. Under the “DSM Plugin” line, check the “Use” box, select the SecureVNC plugin from the list and confirm your choice by clicking on “Apply | OK."

On the computer with the Viewer client, copy the SecureVNCPlugin.dsm file to the C:\Program Files\UltraVNC folder. Now launch Viewer and activate the “Use DSM Plugin” option. Select a plugin from the list and establish a connection to the server. From now on, your connection information, as well as all other data transfer processes, will be encrypted.

Attention. It may happen that Windows firewall will detect data traffic generated by UltraVNC and block the program. Click on "Allow access" to continue working remotely.

Speed increase

You can increase your connection speed by eliminating time-consuming compression of data packets. In the main program window, click on the “Options” button and uncheck the box next to the “Auto select best settings” entry. Now select the “Ultra” option and activate the “Use CopyRect encoding”, “Zip/Tight Compression” and “Jpeg (Tight) - Quality” options. Click on "OK" and then be sure to confirm saving installed settings by clicking on the “Connect” line.

To understand the entire process and some terms, the user must have basic knowledge of the organization computer networks and principles of operation of network programs.

Let's start by installing UltraVNC

1. We launch the installation on the computer to which we will connect - the server.

2. Select the item "UltraVNC_server only".

3. In the next window, when asked “Download Vista addons files now” if you have installed operating system Vista. Click "Next".

4. In the "Download the mirror driver" window, check the box and continue the installation.

5. In the next window, check the following lines:

Start or restart UltraVNC service — stop/restart the UltraVNC service.

Create UltraVNC desktop icons - create shortcuts.

Associate UltraVNC Viewer with .vnc file extension - register extensions. .vnc on the system.

This completes the installation procedure.

Now I’ll briefly tell you about presets , which we enter by opening the “Admin Properties” menu by right-clicking on the blue program logo near the clock.

1. Accept Socket Connections - accept incoming connections - check

2. Ports - ports. Main — port for connecting a uvnc client. Http - port for connecting a java client. leave the default values.

3. VNC Password - password for connection. Come up with it right away New Password and write it down.

4. Remove Aero (Vista) - I advise you to enable this item to speed up the program. It will allow you to disable additional settings graphics in Windows.

5. Remove Wallpaper for Viewers - remove desktop wallpaper - I recommend installing it.

6. Disable Tray icon - remove the server icon from the tray - at your discretion.

7. In the section File Transfer set the value to Enable. This will allow files to be copied between machines.
At this point, the basic settings are completed.

Let's move on to launching the Viewer.

1. In the VNC Server field - you need to enter the server address to make the connection.

How to find out the IP address of a computer and check open ports, described in detail in the question.

This completes the program settings.

The procedure for checking open ports and external IP addresses is described in the answer to the question

If you have any difficulties accessing your PC over the network, ask questions and we will do our best to solve your problem.

VNC is a system remote control computer desktop. User VNC client sees the desktop image VNC servers and controls it with a mouse and keyboard just like your own computer.

The VNC server can be launched on a work computer, and, if necessary, accessed from home. Or vice versa. To connect, you need to make sure that TCP port, used by the server (default 5900) is available for incoming connections from the client.

UltraVNC is taken on . Other well-known VNC implementations are RealVNC and TightVNC, more options can be found. Theoretically, they are all compatible with each other, although some special functions(clipboard or file transfer) may not work between different implementations.

Helping newcomers

VNC is also convenient for helping other users. It is much easier to help by seeing what is happening on the screen.

However, many people have routers and firewalls, and it is unrealistic to require a beginner to be able to open for incoming connections desired port. Comes to our aid reverse connection(reverse connection). In this mode, the connection is initiated by the VNC server.

An experienced user launches a VNC client in listening mode (vncviewer.exe /listen) and makes port 5500 accessible from the outside. A beginner can only download and launch the VNC server and connect to the client at the specified IP address.

Here is a special page with instructions for the beginner. Think, experienced user detailed instructions Not needed. I will only note that during the connection the clipboard becomes shared, and that if a beginner has a screen resolution higher than yours, then in the client you can scale the image to an acceptable size.

Additionally

The advantages of VNC are multi-platform and free. If you have Windows XP installed everywhere, then for remote access The built-in tools will probably work for you - Remote Desktop or Remote Assistance. It seems that they can also be connected via reverse connection.

If you have a dynamic external IP address, it’s convenient to make one for yourself (free) Dynamic DNS, for example at dyndns.com. A small program will run on your computer (and some routers have such built-in functionality) that notifies the DynDNS service about changes in your IP. As a result, the domain you choose, for example pupkin.dyndns.org, will always point to your current IP address

If you are professionally engaged technical support, then you may find it especially convenient. This is a special lightweight version of the VNC server, which can only make reverse connections and only to IP addresses that you have previously configured. Of course, then you must be authoritative enough for the user to agree to download and run this configured VNC server from your own site.
(Oh, who am I kidding here... Many users will already launch everything that is offered to them)

This post is just to give a link, and not to describe all this over the phone every time for friends, acquaintances, employees and everyone else.
So that's it. Firstly, Ultr@VNC is free and secondly, it works great. Minimal knowledge required for installation in English and some skills in setting up any programs, and of course administrator rights. Naturally, if the Internet goes through a router or is somehow complicated, then everything is much more fun. I won’t write about port forwarding and so on, this is already enough for any piece of hardware.
For example, let's take the fresh UltraVNC 1.0.6.4; the old ones had something different, but not much.

To get started, download the latest version of UltraVNC from the website.
You start the installation. Next, next, next. To the window for selecting installed components:

Full Inslamination– installs everything at once, both the server and the client (aka viewer). It is installed by default and this is correct.
UltraVNC server only– server only. I usually bet on remote machines only him.
UltraVNC server only “silent”– the same thing, only he won’t ask unnecessary questions. (good when updating version)
UltraVNC viewer only– viewer only. Maybe someone needs only him.

If there is Vista somewhere, then check the box. If it doesn’t, then we don’t install it. Logical.

Mirror driver is a useful thing, it speeds up and improves and visually enlarges. Let's put it on.

We choose for the server to be a system service and start with the system. Desktop icons and association with the .vnc type if desired.

Right-click on this blue eye and a menu will pop up. IN this moment we need admin properties. As a result, we see all the UVNC server settings.

These are my typical settings. It's not far from what is by default.
A brief description of the buttons and checkboxes, going from top to bottom and left to right:
“Incoming connections” section
Accept Socket Connections– must be enabled for everything to work.
Display– I still don’t understand why this is.
Ports– indicates the port on which the program will work. By default, auto, ports 5900 and 5800 respectively. (there is a glitch in builds 1.0.6.x; ports can be entered manually only by editing the ultravnc.ini file). Let the car remain, it’s not critical.
Enable JavaViewer (HTTP connect)– ability to connect through any browser with java. Healthy.
Allow Loopback Connections– allows short circuit(aka loop), only for performance testing.
Loopback Only– the same thing, but cuts off all connections from the outside. No need.
Section “Authentication”
VNC password– password for connection. There is only Latin alphabet, the rest of the requirements are the same as for all passwords.
Require MS Logon(and everything related to it) – to control access by names and passwords windows users. I don't use it.
Section “File Transfer”– enables the ability to transfer files. Need to.
Section “DSM Plugin”– the ability to encrypt data, for the paranoid. I indulged and turned it off.
Section “When last client disconnects”– indicates what to do when the connection ends. Nothing, block the computer, end the session. I turn on nothing. Less problems.
Section “Keyboard & Mouse”– when connecting, either the keyboard/mouse on this computer is disabled (useful so that they do not interfere), or it does not allow the one who connected to steer. Japanese language support sometimes helps solve problems with Russian.
Section “Query on incoming connection”– if you check the box, then when someone connects to local computer A window pops up with the question “let me connect or not?”. You can specify the time after which the connection will be automatically either rejected or accepted. Sometimes useful.
“Multi viewer connections” section– regulates what will happen if several clients connect at once.
“Disconnect all existing connections”- but then the forester came and drove everyone out of the forest. The last one to connect throws out everyone else.
“Keep existing connections”- in crowded but not mad. Everyone sits and interferes with each other.
“Refuse the new connection"- whoever stood up first gets the slippers. The first person to connect does not let anyone in.
“Refuse all new connections”– an incomprehensible variation of the previous paragraph.
section “Misc.”– there are all sorts of useful things for convenience, speeding up work, reducing traffic.
Remove Aero (Vista)– when connected, it disables whist decorations, and rightly so.
Remove Wallpaper for Viewers– removes wallpaper from the desktop. Healthy.
Enable Blank Monitor on Viewer Request– gives the client the opportunity to turn off the monitor. Users are more frightened by a suddenly blank screen than by a computer running on its own.
Enable Alpha-Blending Screen Blanking- the same thing, only implemented differently.
Capture Alpha-Blending– unknown.
Disable Tray icon– disables the tray icon. It may be useful to someone, although you can see by the color of this icon whether someone is connected or not.
Forbid the user to close down WinVNC– prohibits disabling the server. Sometimes useful.
Default Server Screen Scale– screen scale when connected. I have 1/1 everywhere, because you can always reduce it in the client when connecting.
Log debug info to the WinVNC.log file- writes the server log, and hides it deep in system folder. Not interested.

We turn on what we want, click “OK” and then this warning may appear.

Uncheck the box and agree. We contribute to White list(or exceptions) firewall two programs: winvnc.exe and vncviewer.exe with the corresponding ports (default 5900 and 5800). You should already know how to do this. As a last resort, turn it off.

In theory, the server is configured and working. It is advisable to restart the computer, just in case. To check the operation, you must be allowed to connect to yourself, launch UltraVNC Viewer.

If we don’t know our IP, go to the website http://ip-address.domaintools.com/ and see what it says there. We only drive it in if the ports are standard. If you came up with the ports yourself, then something like your_ip_address:your_port (about what you have Domain name There’s no point in talking, why are you reading this then?). Everything else is auto. In theory it should prompt for a password. If it doesn’t show up, instead of the IP address, enter localhost, this is where you should definitely ask for the password. If it asks, it means there are some problems with incoming connections from the network. We are looking for a plug in the settings of the antivirus, router, or something else that stands between the computer and the Internet. If it still doesn’t ask, you need to read the error, smoke the manual and dance with a tambourine. But I haven’t encountered this; it’s difficult to do something wrong.
It’s also worth mentioning that for many providers the IP address may change with each connection to the Internet. For normal and long work you will either have to register at https://dyn.com/ or https://www.noip.com/, or order the service of a permanent IP address (aka white, aka static) from your provider. As a last resort, call someone near the remote computer so they can look and tell you.

Briefly about the client settings (this is UltraVNC Viewer):
Let me say right away that all these settings can be changed once connected, if you don’t like something. In the main window, the address of the remote computer is entered, and the picture quality is selected depending on the connection speed. You can check the following boxes: “only view” (for voyeurs or those who do not want to immediately interfere with the work), automatically change the scale depending on the size of the window, request exit confirmation. All of them are used depending on the situation.
If you decide to use the DSM Plugin or a proxy server, use it; there is also an option to quickly specify them. Well, if you find the ideal parameters, you can make them used by default.

For enthusiasts and those simply inquisitive, you can delve deeper into the settings.

Format and Encoding– First of all, connection settings, compression and number of colors. You can play around, but it only makes sense if the speed is low and traffic is expensive. In such cases, simply select the minimum comfortable settings.
Misc:
share the server– whether other clients can or cannot connect.
deiconify on bell– it seems even the developers don’t know what it is.
disable clipboard transfer– disables synchronization of clipboards between the server and client. Sometimes it's a necessary thing.
Mouse and Keyboard – for some reason, you can reconfigure the mouse buttons and enable support for Japanese fonts (again, it helps with Russian ones too). Also adjusts cursor behavior on remote computer: repeat movements from the client, do not repeat, do not show the cursor at all.

Warning: all arriving slippers will be sold, tomatoes will be eaten, eggs will be fried, and spoiled ones will be thrown away. Those who think that we are toiling around with bullshit - you guessed it, take a pie from the shelf. The author does not call for throwing bags chest-first into embrasures. He doesn’t call for anything at all - he’s not a politician or a citizen with an active civic position. But if you want to discuss, you are welcome. Today I will tell you an interesting story about replacing Teamviewer with UltraVNC.

Why do we need such troubles at all, because Teamviewer is so awesome? In my case this is due to several reasons. The work required a system for remote management of servers and user workstations, and we have >1000 of them supported. Teamviewer controlled third party company and it is unknown what it does with traffic. Teamviewer is not trusted by some of our clients. We needed unique IDs for all users. Well, its cost for a fairly large infrastructure is very decent, which also influenced the decision. At the same time, we have fairly wide communication channels and no strict requirements for response speed, which eliminated the main disadvantage of UltraVNC, namely, more low speed work.

How it works

The original architecture of the VNC protocol was poorly designed to work over global networks. There are several reasons for this.

Lack of encryption of transmitted data.
Short passwords (8 characters per modern world? Are you seriously?)
Lack of end-to-end numbering of servers, connection via IP.
Inability to work due to NAT.

Of course, I haven't listed everything. But these are the main shortcomings that prevented us from considering this decision seriously. As a result, all of them were overcome in one way or another. The current workflow looks something like this:

The client UltraVNC server connects to our repeater, which looks at the Internet with one of its ports (non-standard) and accepts connections. And we connect to the same server via internal address from the inside and from there - to the client. Connections are encrypted with RSA2048/AES256. Since servers and clients connect to different ports, you can flexibly limit who has the right to connect and from where, without affecting the ability of UltraVNC servers to connect to the repeater.

Installing UltraVNC repeater

Since the repeater will be the only public service, maximum attention should be paid to its configuration. Use non-standard ports, block suspicious activity, such as port scanning, and strictly determine where Viewers can connect from. But let's start with the simplest thing - installation and configuration. The server is configured in the second mode, the third (via SSL) requires special builds of viewers and servers, so we decided not to use it.

So, we go to the server, which is destined to become a future repeater and begin the witchcraft. The installation will be described for Ubuntu 16.04. We install the necessary dependencies.

Sudo apt-get install build-essential
Create a user to launch the repeater.

Sudo useradd -c "UltraVNC Repeater User" -M -s /sbin/nologin uvncrep
Download the repeater sources.

Wget http://www.wisdomsoftware.gr/download/uvncrep017-ws.tar.gz
Unpack the repeater and go inside the folder.

Tar -xzvf uvncrep017-ws.tar.gz && cd uvncrep017-ws
We assemble the repeater.

Make
We install the repeater into the system.

Sudo ./install.sh
We are all ready for a successful launch, but we need to change the settings file a little. Therefore, open /etc/uvnc/uvncrepeater.ini in your favorite editor and bring the settings to the following form:

Viewerport = 5900
Due to a strange whim of the author, the port number differs from the standard one. We will set a non-standard port on our firewall.

Logginglevel = 2
We slightly increase the logging level to see information about port bindings and connections in the log.

Allowedmodes = 2
We prohibit both modes, leaving only 2, because the first one works on a different principle and can create vulnerability for us.

Useeventinterface = false
Disable sending messages. For now we will not send anything to anyone. Maybe later…

We save the file and test the correctness of its settings.

Sudo uvncrepeatersvc /etc/uvnc/uvncrepeater.ini
UltraVnc Linux Repeater version 0.17 UltraVnc Sat Feb 11 16:48:29 2017 > listInitializationValues(): viewerPort: 5900 UltraVnc Sat Feb 11 16:48:29 2017 > listInitializationValues(): serverPort: 5500 UltraVnc Sat Feb 11 16:48:29 2017 > listInitializationValues(): maxSessions: 100 UltraVnc Sat Feb 11 16:48:29 2017 > listInitializationValues(): loggingLevel: 2 UltraVnc Sat Feb 11 16:48:29 2017 > listInitializationValues(): ownIpAddress (0.0.0.0 = listen all interfaces) : 0.0.0.0 UltraVnc Sat Feb 11 16:48:29 2017 > listInitializationValues(): runAsUser (if started as root) : uvncrep UltraVnc Sat Feb 11 16:48:29 2017 > listInitializationValues(): Mode 1 connections allowed: No UltraVnc Sat Feb 11 16:48:29 2017 > listInitializationValues(): Mode 2 connections allowed: Yes UltraVnc Sat Feb 11 16:48:29 2017 > listInitializationValues(): Mode 1 allowed server port (0=All) : 0 UltraVnc Sat Feb 11 16:48:29 2017 > listInitializationValues(): Mode 1 requires listed addresses: No UltraVnc Sat Feb 11 16:48:29 2017 > listInitializationValues(): Mode 2 requires listed ID numbers: No UltraVnc Sat Feb 11 16: 48:29 2017 > listInitializationValues(): useEventInterface: false UltraVnc Sat Feb 11 16:48:29 2017 > listInitializationValues(): eventListenerHost: localhost UltraVnc Sat Feb 11 16:48:29 2017 > listInitializationValues(): eventListenerPort: 2002 UltraVnc Sat Feb 11 16:48:29 2017 > listInitializationValues(): useHttpForEventListener: true UltraVnc Sat Feb 11 16:48:29 2017 > dropRootPrivileges(): privileges successfully dropped, now running as user uvncrep UltraVnc Sat Feb 11 16:48:29 2017 > routeConnections(): starting select() loop, terminate with ctrl+c
Everything is fine, you can run it like this standard service. Stop the repeater using Ctrl+C and start it as a service.

Sudo systemctl start uvncrepeater
We check that the service has started.

$ ps ax | grep uvnc 11168 ? S 0:00 /usr/sbin/uvncrepeatersvc /etc/uvnc/uvncrepeater.ini 11170 pts/0 S+ 0:00 grep --color=auto uvnc
The log file can be viewed at /var/log/uvncrepeater.log.

Installing and configuring UltraVNC server

So, the first obstacle between us and nirvana collapsed with a crash. Now we can connect to clients behind NAT. The next two are the lack of end-to-end numbering and encryption. Setting up a test UltraVNC server. Since our main fleet of managed machines is Windows, the installation of the server and client will be scheduled for them.

SecureVNC Plugin:

Launch the UltraVNC server installer. We accept the terms of the agreement and click Next >.

We read with interest and Next >.

Select to install only UltraVNC Server and click Next >.

Click Next > and no nails.

Check the following boxes to install UltraVNC server as system service and run it immediately after installation. Click Next >.

We look at this screen with looking smart, then press Install.

There is only one button to press. Click on it.

Uncheck the box so as not to watch some latest versions, and press Finish.

The button-pushing part of the mission is over. Now we need to install the necessary components and configure the server. Copy the security plugin to the UltraVNC folder.

Unpack the folder with the driver.

We go to the folder with the appropriate driver and install it by running install.bat.

Attention! The driver must be installed with administrative rights. Moreover, running just install.bat as an administrator will not work, because it launches another program and it will no longer run as an administrator. Therefore, launch the console as an administrator, go to the driver installation folder and run install.bat from there.

I was doing test build on XP with administrator rights, so I didn’t need it.

Let's launch VNC settings server – uvnc_settings.exe.

Go to the tab Security.

In chapter Authentication set two passwords. Passwords must be the same and consist of numbers both big and small Latin letters, no more than 8 characters long.
In chapter Encryption put a tick Use, select our plugin from the drop-down list and click on the button Configuration.

The checkboxes should be as shown in the screenshot. If everything is correct, close the window by pressing the button Close.

Go to the tab Connection.

In chapter Multiple connections choose Keep existing connections.
In chapter Disconnect choose Do Nothing.

Go to the tab Screen Capture.

In chapter Advanced choose Use system hookdll, Use mirror driver, Remove Aero while connected And Remove wallpaper while connected.

Go to the tab Misc/logging.

In field Service command line drive in the most main line. This line contains the ID and address and details of the repeater to connect. It looks like this:

-autoreconnect ID:XXXXXXXX -connect :
The ID is obtained using a script using the method given below.

After all the steps done, click OK to save settings. Then run the settings again and go to the tab Service. On it, by pressing the appropriate buttons, you first stop, then start the service.

Generating a unique ID

Script for obtaining an 8-digit ID number. Written in php because it was easiest. The comments here were used as a source of inspiration. I don’t think there’s any need to explain how it works. Why exactly the generation script and why specifically by MAC? Because the repeater will not allow two servers with the same ID to connect, and it was extremely lazy to keep logs with lists of IDs. And since MAC addresses are already unique, we are almost guaranteed to get a unique number with a fairly low probability of collision.

It is important to remember that a collision can only be detected using the corresponding repeater logs. The service will start as if nothing had happened. Therefore, when adding a number, it is better to look at the logs.

Installing and configuring UltraVNC Viewer

Download the necessary components from the links. The components must have an architecture (x86 and x64) that matches the architecture of the computer on which the Viewer is installed.

Finish.
We set all the settings in the same way as on the screenshot. The server ID for connection is entered in exactly this format, that is ID:XXXXXXXX. The IP and port of the repeater are entered as they were assigned when installing the repeater.
That's it, you can connect and enjoy life.
Notes on use
- Don't forget to install the security plugin when connecting. If it is not there, the connection will still occur, just without encryption. I have not yet been able to force UltraVNC Server to require encryption.
- Configure the service when installing UltraVNC server. During use, it was noted that the server service sometimes crashes. In order not to lose connection with the machine at the right time, it is recommended to set the service settings to automatically restart it in case of falls.