Reverse VNC over Stunnel

[izy]

I am using the following:

UVNC v1.0.0 RC18
Stunnel 4.08
OpenSSH 0.9.7e

For the record, I have followed the directions at this link:

http://www.securityfocus.com/infocus/1677

And, I have been able to test a succesful forward connection from client to server. Everything working great!

Now, I have made additions to my stunnel.conf for the reverse UVNC connection from my server back to my "listening" UVNC viewer.

I am able to establish the connection through stunnel all the way to my viewer, but I get the following error popup from the UVNC viewer listening on port 5500 on my client:

Connection failed - invalid protocol !

Possible causes:

- You've forgotten to select a DSMPluggin and the Server uses a DSMPluggin
- Viewer and Server are not compatible (they use different RFB protocols)

I recal seeing this error (or something very similar) previously when attempting the original forward connection and I was able to get past it, but I seem to be stumped here...

Any help would be greatly appreciated.

Thanks,

izy[/b]

[redge]

too complicate ; (for end user like me) for secure ultravnc authentication + data transmission
try RC20 + msrc4plugin , very easy and secure !
http://www.uvnc.com/RC20
+
last fix (look the date)
[http://www.uvnc.com/RC202/

how to configure crypto plugin
http://home.comcast.net/~msrc4plugin/docindex.html

[ipsec]

dumb questions -
Key file is set correctly, if you specified a "Custom Key" just make sure those sets are right.
RC is the same on both viewer and server .. right?
And lastly you are using the same DSM.. I think you said you connected forward, just not backwards through the repeater..??

[Guest]

The RC is the same on both client and server. I tried the latest RC 20 today with the same results. The key file was created as per the link in my original message and it works fine with a forward connection.

Also, it is significant that the reverse connection works through Stunnel and an encrypted tunnel is created (according to the Stunnel log), but when client side Stunnel attempts to hand the connection off to the listening UVNC viewer, I get the error noted in the original message.

I am not using any DSM plugins (to my knowledge).

I did try the msrc4 plugin for reference. The forward connection works there as well, but not the reverse connection.

I like the idea of using OpenSSL and Stunnel, but the main goal is to get an encrypted session that is "server" initiated (reverse connection).

I have tried to turn on the viewer log option (debug), but the log that I captured did not seem to add any insight. How many debug levels are available?

Any thoughts? Anything that I am overlooking? I am new to OpenSSL and Stunnel, but the forward connection worked with very little tweaking. I feel that I am overlooking something simple...

[izy]

The RC is the same on both client and server. I tried the latest RC 20 today with the same results. The key file was created as per the link in my original message and it works fine with a forward connection.

Also, it is significant that the reverse connection works through Stunnel and an encrypted tunnel is created (according to the Stunnel log), but when client side Stunnel attempts to hand the connection off to the listening UVNC viewer, I get the error noted in the original message.

I am not using any DSM plugins (to my knowledge).

I did try the msrc4 plugin for reference. The forward connection works there as well, but not the reverse connection.

I like the idea of using OpenSSL and Stunnel, but the main goal is to get an encrypted session that is "server" initiated (reverse connection).

I have tried to turn on the viewer log option (debug), but the log that I captured did not seem to add any insight. How many debug levels are available?

Any thoughts? Anything that I am overlooking? I am new to OpenSSL and Stunnel, but the forward connection worked with very little tweaking. I feel that I am overlooking something simple...

This was my reply (I was not logged in )

[izy]

Just tried another reverse connection attempt with RC20 and the msrc4 pluggin. I found the commandline refference for the viewer and added the -dsmpluggin option. Following is the resulting log output that I received:

Started and Winsock (v 2) initialised
In listening mode - staring daemons
Adding tray icon
Checking tray icon
Checking tray icon
Checking tray icon
bufsize expanded to 4352
Registered connection with app
RFB server supports protocol version 3.4
Connected to RFB server, using protocol version 3.4
Unknown authentication scheme from RFB server: 448277620
Checking tray icon
Checking tray icon
Checking tray icon
Deregistered connection from app
Checking tray icon

My reverse connection is still failing.

Interestingly, the forward connection that I established was used to initiate the reverse connection. As soon as I issued the winvnc -connect command my forward connection window was closed. With RC 18 (and without using any encryption) I was able to initiate a reverse connection from my forward connection vnc session and I ended up with two windows open (just a point of curiosity, not a concern)...

[izy]

I have tried one more attempt with the OpenSSL / Stunnel reverse connection from server back to client. My listening client viewer is in debug mode with loglevel at 9. Here is the resulting log:

Started and Winsock (v 2) initialised
In listening mode - staring daemons
Adding tray icon
bufsize expanded to 4352
Registered connection with app
Deregistered connection from app
Checking tray icon

Not very much information in this log... Is there a more detailed loglevel than 9?

[redge]

izy

if you communication is:
PC1 -- firewall -- WAN <--> WAN --firewall --- PC2
your client have a firewall (software or hardware) with opened port 5900 TCP ?
because for receive call there need opening 5900 TCP
do receive reverse connection !

[izy]

I have tried the basic reverse connection (without encryption) and it works great. So, my firewall (only one in the mix at present) is allowing both forward and reverse ports (5900 and 5500 respectively) to get through.

I did not try the encrypted test until I had a basic setup working (only add one level of complexity at a time ). And, the forward encrypted connection works, only the reverse is having trouble.

Has anyone actually tried (with success ) a reverse (server initiated conection to a listening viewer) through either Stunnel (something similar) or using the DSM plugin msrc4?

[redge]

izy

tested over LAN <--> LAN
server add new client: service RC20.1 (11.03.2005) + plugin_noreg116 xp sp2 us
viewer listen: RC20 (10.03.2005) + dsmplugin_noreg116

reverse connection with dsmplugin_noreg116 sucessfully
Start... Run
"C:\Program Files\UltraVNC\vncviewer.exe" -listen -dsmplugin msrc4plugin_noreg.dsm

remark
no dmsplugin GUI option for viewer in listen mode!
reverse connection is not usable with friendly GUI!
all options must be selected with command line.


for staff ultraVNC:
for better user friendly of winvnc for reverse connection
Maybe later after 1.0 or a fix needed ?
please replace text "add new client" with "server connect to viewer"

[izy]

redge,

I have RC20.1 (6/3/2006). My date looks to be a few days earlier that yours. I am having difficulty getting things stable...

I have completly uninstalled on both servers and am trying to re-install for testing again.

Thanks,

izy

[izy]

I still am not able to get the reverse connection working with the msrc4 plugin.

However, I did get my reverse connection through Stunnel to work... It was a matter of changing the settings for which system was acting as the server and which was acting as the client (Stunnel config issue). Depending on how I set up the config, one direction will work and the other will not.

I guess I will move my question to the Stunnel forum as it appears to be a Stunnel issue...

At least it is working for reverse connections, which was the goal.

Thanks for the suggestions.

izy

[redge]

if you want, try new update from dev UltraVNC

[topic=2248][/topic]