VNC and HIP

Today I started to wonder could I get VNC protected with HIP. This idea was started from Mick Bauers column called Paranoid Penguin (LJ issue 173). He was discussing about Remote desktop connections and about vino-vinagre pair. Vino is the gnome VNC server and Vinagre is the client. Also in the article it was stated that the TLS implementation of Vino/Vinagre is mostly undocumented and so on the side of obscurity.

Well we have HIP and an implementation of it for Linux (HIPL). HIP offers outstanding mobility, NAT traversal and security features. Yes, TLS offers security but how about those other things in the list. Well at least for me this is enough to make a litle test. I also tried tightVNC linux port because I heard it has IPv6 support. More about that after the vino tests.

It seems to be enough to just open a control GUI for the vino-server from Ubuntus System menu and from there take preferences and Remote Desktop. This opens a small GUI that allows you to make basic configurations for the vino-server. Basically enabling the server and which port it listens. After that on other machine start vinagre using the following command.

vinagre <IPv4>[:<PORT>]

It looks like vinagre or vino does not support IPv6 properly so connecting to HITs is out of the question. Oh well, I have to try to make the connection with LSIs. First of all you have to run, in addition to hipd, the hipfirewall (hipfw) on both machines. Use options "ldA" for the firewall. For performance reasons you might want to lose the "d" option that prints out debug messages (sort of verbose for the firewall). For more information about configuring LSIs look infrahip manual section. If both machines run hipd, hipfw and vino is configured to allow connections then on the client side following command should be enough.

vinagre <LSI-of-Server>

Well I was not satisfied with this I wanted to connect by using HITs. Little help from google and I found out that tightVNCs linux port has IPv6 support. So the next thing was to install it.

Client side:
sudo aptitude install xtightvncviewer

Server side:
sudo aptitude install tightvncserver

For testing I was happy with the defaults, but if you want something fancy look for the man pages of tightvncserver and xtightvncviewer. For test purposes I started the server with the following command.

tightvncserver

It will ask a password for the access to the server and then it will print out the default options it is using. To connect to the server I used the following command.

xtightvncviewer <IP-of-server>:1

Pretty simple, IP is the one of the servers and the one in the end is the default display that the tightvnc uses. For experimentations sake I tried tightVNC with LSIs and without any supprise it was working. Just replace the IP with LSI on the client side and other needed stuff for LSI and HIP as explained above.

Everything was fine until I noticed that the version from Ubuntu repositories supports only IPv4. Quick grep in the sources for some known IPv6 structs told me enough. So you have to get another port for tightVNC from here. Then unpack, make and install.

For me this was not working. I used 64-bit machine in compilation and parts of the code worked and parts did not. I tried it on 32-bit machine but it resulted into compilation problems also. So I totally lost interest. This might work for someone but I did not have the time to solve this.

So as a conclusion there is not that many VNC applications/servers that support IPv6 out of the box and I did not have the time to go searching for them. Cladly the IPv4 VNC applications that I tested worked nicely with HIP.

All of these manuals/tutorials are provided as is. They worked for me and that is all the help I give with them, so if I forgot something or there is a typo you can inform me but do not expect me to solve your problems :) Oh and almost forgot, use them at your own risk.