Vnc 2.0

From Proxmox VE
Jump to: navigation, search
Yellowpin.svg Note: Article about Proxmox VE 2.0; outdated and replaced by VNC Client Access

VNC for Proxmox 2.0

This page is a quick writeup on how to use VNC in 2.0

AFAIK, Proxmox 2.0 seems to be a lot more secure in its use of VNC, and requires clients to use TLS .

Secure connections are a very good thing , trying to disable them so non secure clients work is not smart. However there are not many tls enabled clients. My guess is that there will be . I suggest helping out by filing bug reports for non TLS clients you use, and help the developer by testing their changes.

Enabling connection using non-tls clients can be done using the method listed below
however you cannot use this method and the encryption method listed together, You have to use one or the other!

With changes in Java due to security fixes, web based VNC access is hit or miss.

VNC client access to a KVM used by multiple people can help keep the Proxmox host more secure as fewer people will have access to Proxmox-VE .

Note to Ubuntu users

I came to this page since web console wasn't working for me under ubuntu 11.10 and firefox. Problem was OpenJDK. I've installed Sun's JRE and sun-java6-plugin (as appointed by tom in the Proxmox VE 2.0 Forums) and now everything is working fine WITHOUT the setup described on this page. You can find several procedures to achieve this on Google or any other search engine.

shell script to update-sun-jre

  • Check , there is a shell script and a repository which make the installation of the Oracle (Sun) Java Runtime Environment very easy. I used it on Ubuntu, but it look like it'll work on any Debian based system.

On that link there is information about the java changes that occurred in August 2011.

Enabling Vnc 2.0 for use with old VNC clients (Including iOS and Android)

It currently is possible to enable the VNC 2.0 for use with old VNC clients however it is not recommended, and just in this guide as a reference

  1. create your VM and go to its 'Monitor' panel in the web interface.
  2. You can setup a plain VNC or also a password secured one:
    • for the plain one type the following into the monitor:
    change vnc
    100 denotes the port, this will get added to the VNC base port of 5900, so in this case the VNC server listens on all addresses on port 6000.
    • for the password secured one type the following into the monitor:
    change vnc,password
    set_password vnc foobar1
    note: the first "password" parameter after the IP address mustn't be replaced by a password, this is just a boolean parameter telling QEMU that the server needs a password.
  3. now you may connect via the ip address and port

NOTE: the console command has to be run every time you start up the VM because it doesn't remember the password, this is a security measure. You may script the command sequences to circumvent this.

Configure Proxmox host for TLS connections

  • This configures the host to accept VNC connections.
aptitude install openbsd-inetd

run this to get your KVM id's :

qm list
root@homenet-home10 /etc # qm list
      VMID NAME                 STATUS     MEM(MB)    BOOTDISK(GB) PID       
       101 freenas              stopped    1024              32.00 0         
       102 debpbx               running    512                0.00 573304    
       105 winxp                stopped    512               15.01 0         
      7012 ltsp-ldap-openfire-KVM running    512                9.00 495870    
      7016 fbc16-kvm            running    512                8.00 462697    
      7159 win7                 stopped    2048               0.00 0         
     27014 ltsp-term-KVM        stopped    512                0.00 0      

edit /etc/inetd.conf , put a port for each kvm you want to access using kvm

#port                                                 kvm
59055 stream tcp nowait root /usr/sbin/qm qm vncproxy 105
59058 stream tcp nowait root /usr/sbin/qm qm vncproxy 7159

restart openbsd-inetd

/etc/init.d/openbsd-inetd restart

test/debug host set up

this shows a working set up:

telnet home10 59058   # home10 is the hostname of my prox 2.0 test server.
Connected to
Escape character is '^]'.
RFB 003.008

to exit press these 2 keys: control and ]

then type exit to quit that.

If using tigervnc with TLS Encryption log with root@pam -rootpassword ( I have tried other user login, only root)

firewall portforward

To access KVM's off site, you'll need to forward the ports in your router/firewall for off site access.

Here is an example using pfsense: Prox2-nat.png

and dd-wrt: DD-WRT (build 15778) - Port Range Forwarding 2011-12-29 21-59-48.png

connect to a kvm using tigervnc from cli

  • install
cd /
tar xf <downloaded file>
  • installed folder should be
  • open a terminal from linux gui.
  • username will be

password = root password for prox2.0 host

/opt/TigerVNC/bin/vncviewer home10:59058


  • tigervnc: control keys do not work. try nano , ctl + x .
so do not enter ping w/o a -c
ping   # bad
ping -c 5

other vnc clients to check

Winswitch looks promising . see . The version I used on 11/2011 did not have TLS support, but there have been a few updates since then.

TLS VNC clients for

Debian Squeeze

  • none that I know of work using apt to install. Hopefully there will be some in backports.
  • remmina does not work.

Ubuntu LTS

  • none 2011-12
  • remmina does not work in Ubuntu 12.04 LTS (Precise Pangolin) as of 2012-02-06.


TigerVNC (Including bundled)
RealVNC, TightVNC (using the old VNC method listed above)
Not worked


TigerVNC (including bundled
RealVNC, TightVNC (using the old VNC method listed above)
Not worked
JollysFastVNC, Screens



      RealVNC (using the old VNC method listed above) Not worked

     All using the TLS Encryption