Vnc 2.0

From Proxmox VE
Jump to: navigation, search
Yellowpin.svg Note: Article about Proxmox VE 2.0

Contents

VNC for Proxmox 2.0

This page is a quick writeup on how to use VNC in 2.0

AFAIK, Proxmox 2.0 seems to be a lot more secure in its use of VNC, and requires clients to use TLS .

Secure connections are a very good thing , trying to disable them so non secure clients work is not smart. However there are not many tls enabled clients. My guess is that there will be . I suggest helping out by filing bug reports for non TLS clients you use, and help the developer by testing their changes.

PLEASE NOTE:
Enabling connection using non-tls clients can be done using the method listed below
however you cannot use this method and the encryption method listed together, You have to use one or the other!

With changes in Java due to security fixes, web based VNC access is hit or miss.

VNC client access to a KVM used by multiple people can help keep the Proxmox host more secure as fewer people will have access to Proxmox-VE .

Note to Ubuntu users

I came to this page since web console wasn't working for me under ubuntu 11.10 and firefox. Problem was OpenJDK. I've installed Sun's JRE and sun-java6-plugin (as appointed by tom in the Proxmox VE 2.0 Forums) and now everything is working fine WITHOUT the setup described on this page. You can find several procedures to achieve this on Google or any other search engine.

shell script to update-sun-jre

  • Check http://www.duinsoft.nl/packages.php?t=en , there is a shell script and a repository which make the installation of the Oracle (Sun) Java Runtime Environment very easy. I used it on Ubuntu, but it look like it'll work on any Debian based system.

On that link there is information about the java changes that occurred in August 2011.

Enabling Vnc 2.0 for use with old VNC clients (Including iOS and Android)

It currently is possible to enable the VNC 2.0 for use with old VNC clients however it is not recommended, and just in this guide as a reference

1. create your KVM machine, once created get the KVM ID (e.g: 100, 120)

2. SSH into your proxmox host

3. nano /etc/pve/local/qemu-server/(THE ID).conf - (nano /etc/pve/local/qemu-server/100.conf)

4a. If you want VNC without password encryption put this in at the end of the config:
args: -vnc 0.0.0.0:100

4b. if you want VNC with password encryption put this in instead:
args: -vnc 0.0.0.0:100,password
NOTE: the 100 is basically telling the KVM to run a vnc from the IP 0.0.0.0 (all) on port 6000 (5900 + what port you set)

5. run your container

6. If you have enabled the VNC password encryption you need to do the step a listed just below as well:

a. go into the console within the web panel and run set_password vnc YOURPASSWORD

b. on PVE 3.X use the monitor (WebGUI or qm monitor command) and exec: 'change vnc password YOURPASSWORD'

NOTE: the console command has to be run every time you start up the VM because it doesnt remember the password for some reason?

7. connect via the ip address and port, away you go!

Configure Proxmox host for TLS connections

  • This configures the host to accept VNC connections.
aptitude install openbsd-inetd

run this to get your KVM id's :

qm list
root@homenet-home10 /etc # qm list
      VMID NAME                 STATUS     MEM(MB)    BOOTDISK(GB) PID       
       101 freenas              stopped    1024              32.00 0         
       102 debpbx               running    512                0.00 573304    
       105 winxp                stopped    512               15.01 0         
      7012 ltsp-ldap-openfire-KVM running    512                9.00 495870    
      7016 fbc16-kvm            running    512                8.00 462697    
      7159 win7                 stopped    2048               0.00 0         
     27014 ltsp-term-KVM        stopped    512                0.00 0      

edit /etc/inetd.conf , put a port for each kvm you want to access using kvm

#port                                                 kvm
59055 stream tcp nowait root /usr/sbin/qm qm vncproxy 105
59058 stream tcp nowait root /usr/sbin/qm qm vncproxy 7159

restart openbsd-inetd

/etc/init.d/openbsd-inetd restart

test/debug host set up

this shows a working set up:

telnet home10 59058   # home10 is the hostname of my prox 2.0 test server.
Trying 192.168.1.10...
Connected to home10.fantinibakery.com.
Escape character is '^]'.
RFB 003.008

to exit press these 2 keys: control and ]

then type exit to quit that.

If using tigervnc with TLS Encryption log with root@pam -rootpassword ( I have tried other user login, only root)

firewall portforward

To access KVM's off site, you'll need to forward the ports in your router/firewall for off site access.

Here is an example using pfsense: Prox2-nat.png

and dd-wrt: DD-WRT (build 15778) - Port Range Forwarding 2011-12-29 21-59-48.png

connect to a kvm using tigervnc from cli

  • install
cd /
tar xf <downloaded file>
  • installed folder should be
/opt/TigerVNC
  • open a terminal from linux gui.
  • username will be
 root@pam

password = root password for prox2.0 host

/opt/TigerVNC/bin/vncviewer home10:59058

issues

  • tigervnc: control keys do not work. try nano , ctl + x .
so do not enter ping w/o a -c
ping google.com   # bad
ping -c 5 google.com

other vnc clients to check

Winswitch looks promising . see http://winswitch.org/about/ . The version I used on 11/2011 did not have TLS support, but there have been a few updates since then.

TLS VNC clients for

Debian Squeeze

  • none that I know of work using apt to install. Hopefully there will be some in backports.
  • remmina does not work.

Ubuntu LTS

  • none 2011-12
  • remmina does not work in Ubuntu 12.04 LTS (Precise Pangolin) as of 2012-02-06.

Windows

Worked
TigerVNC (Including bundled)
RealVNC, TightVNC (using the old VNC method listed above)
Not worked

Mac

Worked
TigerVNC (including bundled
RealVNC, TightVNC (using the old VNC method listed above)
Not worked
JollysFastVNC, Screens

iOS

Worked

      RealVNC (using the old VNC method listed above) Not worked

     All using the TLS Encryption

Personal tools
Namespaces

Variants
Actions
Navigation
Virtual Appliances
Sites
Tools