Update: UltraVNC 1.4.3.6 and UltraVNC SC 1.4.3.6: https://forum.uvnc.com/viewtopic.php?t=37885
Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864

Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc

possible to make SC follow me when Im at different location?

Single Click discussions / bugs
Post Reply
LuckMan212
8
8
Posts: 8
Joined: 2004-07-16 14:53

possible to make SC follow me when Im at different location?

Post by LuckMan212 »

I have this scenario:

I have used SC (ver I) for some time to give support to friends, family, sometimes customer etc. It has worked well but recently I take a full time job so often I am not at home but instead I am at work or maybe even somewhere else (job site, etc).

I am trying to figure out a way to give people support via SC where I may sometimes be at different physical locations. Like for example, my brother is at home on his DSL connection behind Linksys Router (no port forwarding) and I am at work behind corporate firewall on T1 connection.
I would like to have my brother run "SC-like" utility and it connects to special daemon that I have running at home, and then he calls me and says he's ready (maybe he has a green light or something on his screen to indicate that hes connected) and then I run my program (viewer) and connect to that same daemon. Now we are both connected and I can see brother's screen.

So Is it possible (using some 3rd party tool maybe?) to this kind of scenario?? Its Sort of like NAT2NAT but without any special complex configuration at the client side.

this seems it would be a common request If it has been asked before, I apologize-- I did some searching and did not find my answer. thanks :wink:
another_fool
Posts: 5
Joined: 2006-07-18 23:29

Re: possible to make SC follow me when Im at different locat

Post by another_fool »

Run an ssh server on your home box ( http://sshwindows.sourceforge.net/ ), when they need support they contact you first, you then ssh into your home box, using SSH tunneling you connect to a normal VNC server on your machine. You can then run a listening VNC viewer and use VNC SC as normal. OpenSSH is really simple to setup, when you have done it once you would be able to set it up in about 5mins (if that). Do some reading on SSH first. OpenSSH is free.
LuckMan212
8
8
Posts: 8
Joined: 2004-07-16 14:53

Re: possible to make SC follow me when Im at different locat

Post by LuckMan212 »

thanks for the info I will certainly try that. Is there any additional info or guides on how to set it up for idiots like me? :|
another_fool
Posts: 5
Joined: 2006-07-18 23:29

Re: possible to make SC follow me when Im at different locat

Post by another_fool »

The actual install is easy, but if you are not familiar with TCP/IP and networking in general you may find the concepts confusing at first. I recommend reading about SSH and getting a grasp of the principles. Once you get it, I promise you that you will wonder how you ever thought it was difficult! :wink:

The Theory

First off SSH was actually designed for an encrypted 'shell' (SSH = Secure SHell), it is a Unix technology. In Windows terms think of it as a command prompt on a remote machine, but encrypted to prevent snooping. Although that is the original purpose, all you are actually interested in is an additional feature called 'tunneling' or 'port forwarding'. This where you setup a 'tunnel' for a specific TCP/IP port that goes through the encrypted SSH session and so in turn becomes encrypted. For example, you could have a web server on your SSH server, and tunnel the http connection through the SSH session thus encrypting it (though SSL would normally be used to encrypt http).

Here are links to a couple of articles explaining SSH tunneling, with diagrams. It can get confusing as you can tunnel to or from the server, and the service you want to tunnel could be on either end of the SSH tunnel - don't get too hung up on the details at this point, just read it through to get the idea:

http://www.ssh.com/support/documentatio ... ained.html (note links at bottom of page)

http://www.bitvise.com/port-forwarding.html

The Practice

Install OpenSSH from http://sshwindows.sourceforge.net/ - as it is actually a Linux program you need to install the Linux environment 'cygwin'. Fortunately you don't need to understand the first thing about it as the nice people that made the installer deal with all of that for you. Run the installer, it's pretty obvious, then there are just a couple of things you have to do.

1. Setup the user accounts. You create a link between OpenSSH and your Windows user accounts, the quickstart.txt that you will find in the 'docs' sub folder of the OpenSSH install folder explains it very well. It's just a couple of commands on the command line. Don't forget to remove the unneeded accounts from the OpenSSH system (as explained in the quickstart). Personally I would recommend setting up a special account just for SSH and giving it a very long and random password.

If you get stuck here post again.

2. Open up the port to allow access from the Internet. Unless you changed it the SSH server will run on port 22, so you need to port forward (firewall port forward, not SSH port forward :wink: ) that in your firewall configuration. As you already had VNC SC connecting to your home machine I assume you know how to do this.

That's pretty much it! (told you it was easy ;) ). You are now ready to connect up.

Using the system

I would recommend using PuTTY ( http://www.chiark.greenend.org.uk/~sgtatham/putty/ ), it's a free Windows GUI SSH client. All you need to do is put in the public IP of your home machine (and the port if you changed it from 22), then click on the 'Tunnels' section on the left.

On the tunnels page, at the bottom, enter (for example) 5901 in the source port, then in the destination box put the >local< IP of your home machine and the port VNC is running on, for example 192.168.1.15:5900, make sure the 'local' radio button is selected (the default) and click 'add'.

You can then click open and voila, you will be prompted for the username and then password you setup on your home machine. Once it has connected, just minimise it. When you try to connect (in this example) to port 5901 on your >local< machine (i.e. your office PC, the one you are running PuTTY on) you will be connected to (in this example) port 5900 on your home machine (192.168.1.15). In other words for the above example, VNC to 'localhost:01' (remember it adds 5900 to the port already, so localhost:01 will connect to port 5901 on your local machine).

Boggle! :o Seriously once you've done it once....

This gives you secure remote access to your home machine, you can then do what you were doing before to get the SC session going. Good luck and have fun!
Last edited by another_fool on 2006-07-19 17:26, edited 2 times in total.
SuperTurtle
20
20
Posts: 48
Joined: 2006-02-27 11:31

Re: possible to make SC follow me when Im at different locat

Post by SuperTurtle »

Hum, would not using the repeater be much more easy here?

If you want to make SC follow you, use the Repeater…it was/is designed EXACTLY for your problem.

I run the Repeater on a crappy box at home (behind my linksys router). I simply forwarded the two ports I used. (you have to use two ports for the repeater...I use prot 80 for victem (SC guy), and port 443 for vncviewer) -- the repeater will tie these two ports together).

At this point, now, I can run/launch the vncviewer on any computer virtually ANY where on the net. And, the “victim” just has to launch the SC client (with a click…and NO ip address needs to be typed in). Further, this setup works behind corporate firewalls, and BOTH of us can be behind a fire wall!

Further, the beauty of this setup is that you don’t have to re-configure EITHER system you are on. So, this approach totally ELIMINATES having to setup a SSH tunnel, or even configure EITHER system in anyway. If you have a permanent setup, then a SSH system might work. However, you say that you might be at work, at home, at a friends, and still want to be able to support these people.

Check out the notes on the repeater…it can be found here:

http://sc.uvnc.com/index.php?section=27

(you will be using mode II of the repeater)

Using the SSH tunnel would make sense if you did not have the repeater. Further, there is a considerable amount of setup and configuring for the SSH tunnel. With the repeater, there is ZERO configuring of the target computer, and also that of the support computer you connect from. (you just need vncviewer installed…). And, if you don’t have it…it is quick easy download/install.

The repeater is IDEAL for your situation. I used to use a paid service (much like gotomyPC). Once I found out about the repeater…I can now support my clients anywhere…anytime…..even when I am on the road in a hotel, I can simply launch the vncviewer…and the presto…the user simply launches SC….and it works….

The other important issue here is that when I travel with my notebook (to do support), my ip address is going to change all the time. And, the end users (SC guy) will also be different (this is expected).

However, my repeater is running on that home computer. This means that my notebook connects to the repeater…and so does the SC guy. The beauty here is that we have ONE IP address that does not change. (Actually, to be fair, my home computer is not on a paid fixed IP address. IF the home ip address does change, then I simply re-build, and re-upload a copy of the SC to my web site. (Hence, I don’t actually send my clients a copy of SC..but send them a LINK to download the SC on my web site). So, even if you don’t want to pay for a fixed IP address, then simply send clients a web link to the SC that you uploaded to your web site.))

Regardless, since both helper and victim are punching OUT of our firewalls, for the most part we don’t have a problem reaching out (it is the punching INTO a system that firewalls are aggressive on).

And, if you really are in a VERY restrictive environment, then the help/suggestions to use SSH is still very much a good idea/solution -- but, I would try/use the Repeter first....

Super Turtle
another_fool
Posts: 5
Joined: 2006-07-18 23:29

Re: possible to make SC follow me when Im at different locat

Post by another_fool »

SuperTurtle wrote:Hum, would not using the repeater be much more easy here?
Possibly, not >that< much easier, but a good solution. Doh I probably should have thought of that. I like SSH for some other reasons, it's extremely good security and you can use it to access >any< service on your machine (or any other machine on your LAN). It's the only service I would allow access to from the Internet (except I dont allow even that :D ).
SuperTurtle wrote:I can run/launch the vncviewer on any computer virtually ANY where on the net. And, the “victim” just has to launch the SC client (with a click…and NO ip address needs to be typed in). Further, this setup works behind corporate firewalls, and BOTH of us can be behind a fire wall!
This is true of the SSH solution, the 'victim' as you put it (lol) still uses SC (I wasn't suggesting they use SSH - although they could if you wanted to gain additional security at the cost of extra complication), at the office you connect with VNC, just with PuTTY first (really easy, doesn't require installing, just an exe). Both can be behind firewalls that don't block outgoing ports, as you said.
SuperTurtle wrote: Further, the beauty of this setup is that you don’t have to re-configure EITHER system you are on.
Again true of the SSH solution, its the box in the middle which needs configuring, and still does with the repeater - both solutions similar here.
SuperTurtle wrote: you say that you might be at work, at home, at a friends, and still want to be able to support these people.
Yup, this works with SSH, just download/have on floppy/USB-stick the tiny PuTTY.exe and install VNC - you install VNC viewer with either solution!

The SSH server configuration boils down to this: run installer (click next, next, next), run >two< command line commands, double check the text file it makes - done!
SuperTurtle wrote: there is a considerable amount of setup and configuring for the SSH tunnel. With the repeater, there is ZERO configuring of the target computer, and also that of the support computer you connect from. (you just need vncviewer installed…). And, if you don’t have it…it is quick easy download/install.
Getting nit picking (sorry), but to say zero configuration and then to say you need to install VNC, well PuTTY doesn't even need installing and the settings are like three boxes! I usually use it from the command line myself, when you are used to it you don't even think about it!

OK to put my suggestion another way, forget security for a moment, and forget SSH. Run a normal VNC server on your home desktop, forward from the firewall, then connect to your box from work - voila you are on your home box and can use it as normal for the SC connection. The SSH just adds security, plus you get a cool server if you want to access something else on your box. Granted this is much more useful with a Linux server as you can do almost anything from the command line, but still....

The main advantages of the repeater (IMO it's virtually the same amount of effort to setup) are:

1. That it seems to use SSL - more restrictive firewalls that block outgoing ports are more likely to allow SSL over port 443 than SSH over 22

2. You can use it for multiple sessions, i.e. multiple viewers connecting to multiple clients simultaneously. The method I suggested leaves you actually using your home desktop directly, so only one support agent at a time (you!).

Take your pick, they are both good solutions. :)
Last edited by another_fool on 2006-07-19 20:41, edited 1 time in total.
LuckMan212
8
8
Posts: 8
Joined: 2004-07-16 14:53

Re: possible to make SC follow me when Im at different locat

Post by LuckMan212 »

SuperTurtle wrote:Hum, would not using the repeater be much more easy here?......... I run the Repeater on a crappy box at home (behind my linksys router). I simply forwarded the two ports I used. (you have to use two ports for the repeater...I use prot 80 for victem (SC guy), and port 443 for vncviewer) -- the repeater will tie these two ports together).

At this point, now, I can run/launch the vncviewer on any computer virtually ANY where on the net. And, the “victim” just has to launch the SC client (with a click…and NO ip address needs to be typed in). Further, this setup works behind corporate firewalls, and BOTH of us can be behind a fire wall!
Super Turtle
hey Turtle, thanks for this info. I am intrigued by this but I tried to interpret the diagrams at the sc.uvnc site and to be honest I got a little lost. I guess I have to install repeater on the same box (behind NAT/firewall) as I am running my Uvnc Viewer (listen mode). Then forward 2 additional ports to this box for use by the repeater. Recompile my SC client to use this new port... yes? But when I leave my home and for example, want to support someone from my hotel room... I must run UVnc Viewer again in listen mode but how do I "attach" to my repeater at home?

More details of your setup, with specifics (please dont use "client" and "server" to refer to the machines, as they are ambiguous in this context--- call them "admin" and "customer" for simplicity if you can!!)

I really appreciate it!!! thanks :-]
SuperTurtle
20
20
Posts: 48
Joined: 2006-02-27 11:31

Re: possible to make SC follow me when Im at different locat

Post by SuperTurtle »

hey Turtle, thanks for this info. I am intrigued by this but I tried to interpret the diagrams at the sc.uvnc site and to be honest I got a little lost. I guess I have to install repeater on the same box (behind NAT/firewall) as I am running my Uvnc Viewer (listen mode).
Actually, a complete separate box to run the repeater on is the best choice. The repeater connects the two people together (admin+ customer). In practice, this means that the repeater is NOT running on the same computer being used for support by the admin. (if the ports are forwarded to the same box that can run the repeater, then you already opened up that box to the internet, and it thus having the admin run the repater + vncviwer on the same box makes no sense, nor is required). So, if the prots are open to that box for the admin, then why use the repeater in this case? You don’t want to, nor need to run the repeater on the same box that you are going to do “admin” support (no need, since the repeater box MUST have open ports to the internet -- you don't have that when sitting in the hotel room!!). That repeater box MUST HAVE open ports to the internet.
Then forward 2 additional ports to this box for use by the repeater. Recompile my SC client to use this new port... yes?
Yes, that makes sense, assuming we now realize that you have a fixed box somewhere that you don’t move that runs the repeater. The repeater is very tiny, and I actually run it on a old box at home. Since the two ports we use must be open, then we have to be able to configure this machine (you obviously can’t control that while you are sitting in a hotel, so the repeater must run on a fixed location/fixed box).

However, that fixed box can be one of your home computers. I have at least 5 computers on my home network. The computer that runs the repeater is actually one for guests and staff that runs my household. The fact that I forwarded from the router both port 80 (for the customer) and port 443 for the Admin DOES NOT effect that this repeater machine is used by people all day. Users and friends in my house can use that repater box and their internet browser/email, or whatever etc is NOT effected by the fact of the repeater running on this box. The forwarded ports from the router to this repeater box does NOT effect outgoing stuff (so, people can use the browser that happens to function on port 80, and this does not effect the repeater) So, a tiny 4k repeater program has to run on SOME macine somewhere. So, a work machine, your wifes machine, a server you have….(well, perhaps not a server..sicne if that server is running a web site..then you can’t use prot 80). The only requirment for that repater box is that you can open ports from the router to that repater box.
But when I leave my home and for example, want to support someone from my hotel room... I must run UVnc Viewer again in listen mode
No, you never use listen mode. You are doing a outgoing connection, and the ip address you use is the one of the box that is running the repeater (at home in our example). The beauty of this is that you as the Admin guy ALWAYS gets to type in the same IP address to connect to! So, that is how you attached to the repeater.

The customer also attaches to that repeater also (and, uses the same IP address – but, with SC the customer never did type in the IP address as it is built into SC when you compiled it). So, the customer simply clicks on the SC program you provide. It is SC that actually doing a reverse connection (remember, SC is a cut down VNC server, and you useally connect to the vncserver, but with SC click you ALWAYS initiatives a connection out). As mentioned, when you use the repeater, the Admin and customer MUST use a different port since BOTH Admin + customer are connecting to that box running the repeater and can’t come in on the SAME port.

So, my help text for the SC looks like

[TITLE]
My Cool Remote Support System

[HOST]
Double Click on me to start Support
-ID 4567 -connect xxx.xxx.xxx.xxx::80 –noregistry

Note how the above chooses port 80. I choose port 80, as it has the BEST chance of being open for the customer.

On my machine, as the Admin, I simply launch vncviwer. The next most common open port is 443, so, I use that one.

Because you are using the repeater, then for the VNC viewer as the Admin guy, you
do NOT type in the IP address in the VNC server setting as you normally do, but actually type in a ID:XXXX number (the one you choose in the SC config file). In our example, we would type in

ID::4567

Note how above you don’t type in your IP address in to the Vnc Server setting

You actually type in the IP address + port number in the Proxy/Repeater box on the bottom of the VNC viewer settings (and, thus you have to check the check box called Proxy/Repeater)

xxx.xxx.xxx.xxx::443

There is step by step here:

http://doc.uvnc.com/addons/repeater.html

note that I don’t change the mode I/ mode II settings on the repeater, but you are actually using mode II. Further, the repeater settings thus are

Accept port 443
Listen Port 80

Super Turtle
drewgraham
8
8
Posts: 21
Joined: 2005-10-29 12:30
Contact:

Re: possible to make SC follow me when Im at different locat

Post by drewgraham »

I've not read everything above, but I get it to follow me using no-ip

Works a treat.
engcon
Posts: 2
Joined: 2006-02-04 03:32
Location: Centreville, VA

Re: possible to make SC follow me when Im at different locat

Post by engcon »

I am using Hamachi Beta Release to do exactly what you are describing. My laptop goes with me and when I connect to my Hamachi network clients can contect my HELP Desk no matter where I am as long as I am connected.
John D
BenCh
Posts: 7
Joined: 2008-06-03 17:07

Re: possible to make SC follow me when Im at different locat

Post by BenCh »

With No-Ip, you still have to setup forwarding in the router, don't you?
SuperTurtle
20
20
Posts: 48
Joined: 2006-02-27 11:31

Re: possible to make SC follow me when Im at different locat

Post by SuperTurtle »

BenCh wrote:With No-Ip, you still have to setup forwarding in the router, don't you?
Well, that assumes you are using a router, and the machine running the repeater is behind that router. If that machine running the repeater is not behind a router, then no problem.

Both the support guy, and the victim can both be behind firewalls/routers, and they never have to touch anything. (so, they both can be sitting at two different wifi hotspots, and zero config need be done). They are BOTH connecting to the repeater, and that IP address never changes, and therefore both of you don’t have to change, or configure anything at all, since both are going OUT to the internet to that IP address (where the repeater is).

Going OUT is usually allowed in 99% of cases…it is the coming in that is a problem. So, if ports, or a router is blocking the repeater, then yes, that router will need to be configured to let the two ports through. However, we taking about the router for the repeater running on a separate computer here.

We don’t have to worry about the router for the support person or the victim because they are going “out” to the internet.

The repeater is running on a seperate PC..and those ports must be open to allow incomming requests.

Super Turtle
Post Reply