VNC logo

Virtual Network Computing
from ORL

ORL

[Home]
[screenshots]
[free?]
[getting started]
[documentation]
FAQs
[download]
[keep in touch]
Others' ports and add-ons etc
Project ideas
VNC people
Search
[ORL]

VNC Extras, Add-ons and modifications


Firewalls

Karl Harkimian <hakimian@aha.com> sent in a patch to compile the Unix viewer so that it can reach external servers through a SOCKS firewall.  It's very simple, and the patch is here: socks-patch.txt. These patches apply to 3.3.1 but they are simple enough to apply by hand to later versions.

Obviously, you cannot access a server inside a firewall from outside without specially configuring the firewall; that's what firewalls are for! Christian A. Lademann cal@zls.de has used an elaborate scheme:

I have had a problem with connections from my workstation to a PC connected to a customers LAN, because my firewall as well as the customers firewall does IP-masquerading. This means that my workstation can only connect to the customers firewall and the customers PC can only connect to my
firewall. The reason for this is, of course, to hide the complete LAN behind the firewall(s).

Christian's solution involved a script listening on a single accessible well-known port behind the firewall, which could accept incoming connections and redirect them to the appropriate machine.  His full details are here: rvnc.txt


SSLeay encryption

Ray Jones rjones@pobox.com has built a version of VNC which uses SSLeay public key encryption for a more secure connection.

You can get it from http://web.mit.edu/thouis/vnc .


Restricting connections by IP address (TCP wrapper)

Wolfram Gloger <wmglo@dent.med.uni-muenchen.de> writes:

In the list archives I notice there was a discussion of implementing access control for Xvnc with the tcp wrapper library. I have now implemented this for 3.3.2r2. You will need to have tcpd.h and libwrap already installed.

Wolfram's full message is at http://www.orl.co.uk/vnc/archives/1998-09/0168.html .

Jared Smolens <jsmolens@andrew.cmu.edu> has done an equivalent for WinVNC. He writes:

... I wrote some code to read a list of IPs to allow and IPs to deny from a text file. The rules are identical (to the best of my knowledge) to /etc/hosts.allow and /etc/hosts.deny on my Linux box and the text file's syntax is close to that format. This is a feature which has been discussed at least once on the mailing list, so I thought that you might want to add it to the official code base. 

The x86 binaries and source code are available at: 

ftp://wik.res.cmu.edu/pub/vncip_bin.zip and ftp://wik.res.cmu.edu/pub/vncip_src.zip

I have two new files, ipauth.h and ipauth.cpp. I made some changes to vncclient.cpp (but not the header) to use the class and disconnect unauthorized clients. I also have a sample "iplist.txt" file which contains the allowed IPs. 

The format of the text file works like this:

<ALLOW|DENY> <Partial/full IP>
<DENY ALL>

An unlimited, unordered list of IPs (or partial IPs) may be entered into the file like this:

ALLOW 128.2.93.
ALLOW 128.2.87.80
DENY 128.220.
DENY ALL

In this case, the DENY 128.220. is redundant because of the DENY ALL, but you get the point. ALLOW ALL is the default, and if the user specifies that, it is ignored. Allows always take precidence over denies. This code is not case sensitive. 

I am fairly sure that I got rid of all of my memory leaks (I ran Purify on it, but I have done some slight modifications since then). I also use the fstream library. I don't know if you consider this to be too
much overhead. 

-- Jared Smolens


zlib compression

Dave DeBarr (debarr@mitre.org) has modified the X server and viewer to use zlib-based compression.  We plan to incorporate something similar in the standard release before long, but until then you can find his patches at:

http://www.orl.co.uk/vnc/archives/1998-08/0039.html

In addition, Dave has provided patches for the Windows viewer at:

http://www.orl.co.uk:80/vnc/archives/1998-08/0228.html

Luis B. Almeida has also created a version of the Windows software which you can get from ftp://146.193.2.131/pub/lba/vnc .


x2vnc

Here's a different twist to VNC. Fredrik Hubinette hubbe@hubbe.net has written a VNC-based variation on the popular x2x program.  If you run x2vnc on an X server, you can move off the side of the screen and the mouse movements will then be sent to a VNC server (eg. a PC sitting beside it) He writes:

x2vnc is basically a stripped down version of the vncviewer but with slightly different goals and a very different GUI.. :)

x2vnc emulates a 'dual head' setup by catching when the user tries to move the pointer past the edge of the screen. This allows me to control
both computers from one mouse/keyboard.

I have made x2vnc available for download from my web site:

http://www.hubbe.net/~hubbe/x2vnc.html


For comments, feedback, etc, please see the 'Keeping in touch' page.
Copyright 1998 - The Olivetti & Oracle Research Lab