Most of the connections behind firewalls have lots of trouble using any VNC flavour, including Ultravnc.
But all of them have normal access to Internet via http port 80 (normally via a proxy). To solve the problem in connecting to these machines a simple solution would be to have a Repeater on the Open Internet which can communicate to the machine behind firewalls via HTTP on port 80, as it was a web page.
This would be the communication flow:
PC1 (port80) --> (port 80) Repeater (port 80)
Repeater (port 80) --> PC2
PC2 (port80) --> (port 80) Repeater (port 80)
Repeater (port 80) --> PC1
Repeater is acting almost as a web server!
In order to accept connections would need ID/password pairs that match those stored in a repeater setting file.
Why is this not already implemented?
Yes, probably would be slower than other methods, but highly accessible and very easy to set up solving almost all firewall problems in one go.
Please think about it!
Update: UltraVNC 1.4.3.6 and UltraVNC SC 1.4.3.6: https://forum.uvnc.com/viewtopic.php?t=37885
Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864
Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864
Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
http 80 repeater
-
Rudi De Vos
- Admin & Developer
- Posts: 6863
- Joined: 2004-04-23 10:21
- Contact:
-
Guest
What explained above is also known as 'http tunnelling'.
It is exactly how zebedee works and can wrap around 'normal' http packets any sort of traffic (including ultravnc).
Making a repeater working on this principle would help all the people behind firewalls!
I probably don't get your comment on comment blocking.
To the firewall the traffic between PCi and the repeater will look exactly as normal http web browsing. Yes I agree that some might even restrict the IP or web sites to which you communicate, but most will only apply classic filters (i.e. block known 'entertainment sites'; not block random IPs, as might be my repeater on my home computer...).
It is exactly how zebedee works and can wrap around 'normal' http packets any sort of traffic (including ultravnc).
Making a repeater working on this principle would help all the people behind firewalls!
I probably don't get your comment on comment blocking.
To the firewall the traffic between PCi and the repeater will look exactly as normal http web browsing. Yes I agree that some might even restrict the IP or web sites to which you communicate, but most will only apply classic filters (i.e. block known 'entertainment sites'; not block random IPs, as might be my repeater on my home computer...).
-
Rudi De Vos
- Admin & Developer
- Posts: 6863
- Joined: 2004-04-23 10:21
- Contact:
Pure http tunneling is to slow...
All data need to be wrapped between GET and PUT and uuencoded/decoded.
This is OK, for some telnet like application but to slow for vnc.
Have you tried zebedee as pure http wrapper.....
Because data is not encrypted, it can be read by most firewall/proxy's.
This is called "content filtering"
Like in our company, they filter on rfb and block the connection.
Even encrypting the data before sending, block...filter can not read data or
possible the PUT data get to high..
The approached we used in SCIII is SSL+proxy , https connection.
A lot faster, standard encryption and proxy's can not read the content.
This works better and faster...and data is encrypted.
The repeater for SCIII act as https webserver on port 443.
All data need to be wrapped between GET and PUT and uuencoded/decoded.
This is OK, for some telnet like application but to slow for vnc.
Have you tried zebedee as pure http wrapper.....
Because data is not encrypted, it can be read by most firewall/proxy's.
This is called "content filtering"
Like in our company, they filter on rfb and block the connection.
Even encrypting the data before sending, block...filter can not read data or
possible the PUT data get to high..
The approached we used in SCIII is SSL+proxy , https connection.
A lot faster, standard encryption and proxy's can not read the content.
This works better and faster...and data is encrypted.
The repeater for SCIII act as https webserver on port 443.
-
Guest
Ok, Content filtering could be heavy. But in normal circumstanaces (>90% of offices) filtering is very little if any (and based on a blacklist of sites rather than on packet sniffing).
In some companies packet sniffing is even prohibited for privacy reasons, so they can only block on the firewall side particular URL domains.
In terms of speed of http tunnelling: I disagree with you.
I use uvnc wrapped around zebedee (and also encrypted) every day between different countries and find it excellent (very close to real-time; sometimes I forget I am working on remote
). This is the best way I found to pass trough the firewall.
Certainly I cannot follow remote videos, but for normal operation is perfect.
The SCIII approach seems also good. Only worry I have is that if you put the requirement for SSL, not many will be able to do the proxy helper (what is now at uvnc.com) part via their home PCs. So, either they will have to pay for a SSL line or they will have to pay for an external proxy.
Neither is very good, given the spirit of Uvnc.
probably having an 'option' to go SSL for those who have it or can afford it is good. But my view is that it should work via normal http servers as well.
BTW: I could not get SCIII to work yet. Reported it in its section.
In some companies packet sniffing is even prohibited for privacy reasons, so they can only block on the firewall side particular URL domains.
In terms of speed of http tunnelling: I disagree with you.
I use uvnc wrapped around zebedee (and also encrypted) every day between different countries and find it excellent (very close to real-time; sometimes I forget I am working on remote
). This is the best way I found to pass trough the firewall. Certainly I cannot follow remote videos, but for normal operation is perfect.
The SCIII approach seems also good. Only worry I have is that if you put the requirement for SSL, not many will be able to do the proxy helper (what is now at uvnc.com) part via their home PCs. So, either they will have to pay for a SSL line or they will have to pay for an external proxy.
Neither is very good, given the spirit of Uvnc.
probably having an 'option' to go SSL for those who have it or can afford it is good. But my view is that it should work via normal http servers as well.
BTW: I could not get SCIII to work yet. Reported it in its section.
-
Rudi De Vos
- Admin & Developer
- Posts: 6863
- Joined: 2004-04-23 10:21
- Contact:
-
Guest
Yes, I meant SSL (not ADSL).
I thought you need a SSL certificate (sorry i called it line earlier) to use SSL transmissions, and I thought that to have it you need to pay something like 150 euros/year. Am I wrong?
This is an additional cost which is not present if "normal" non-encrypted line is used (at least as back-up for those no having the SSL certificate)
I thought you need a SSL certificate (sorry i called it line earlier) to use SSL transmissions, and I thought that to have it you need to pay something like 150 euros/year. Am I wrong?
This is an additional cost which is not present if "normal" non-encrypted line is used (at least as back-up for those no having the SSL certificate)
-
Rudi De Vos
- Admin & Developer
- Posts: 6863
- Joined: 2004-04-23 10:21
- Contact:
-
californiajeff
- 40
- Posts: 101
- Joined: 2004-12-22 23:19
- Location: Las Vegas, NV
- Contact:
Have you though about using a solution such as UltraVNC SC to do that or is that just not practical?
Last edited by californiajeff on 2005-07-12 19:19, edited 2 times in total.