vnc not reachable

Issues related to configuring your network
Post Reply
mahmood
Posts: 122
Joined: 2017/06/04 12:21:09

vnc not reachable

Post by mahmood » 2018/09/13 09:01:47

I have installed tigervnc server on centos 7 and I also have added a desktop number and a service in the firewalld. However, the desktop is not reached.

yum

Code: Select all

Installed Packages
gtk-vnc2.x86_64                               0.7.0-3.el7                                  @anaconda
gvnc.x86_64                                   0.7.0-3.el7                                  @anaconda
tigervnc-license.noarch                       1.8.0-5.el7                                  @anaconda
tigervnc-server.x86_64                        1.8.0-5.el7                                  @base
tigervnc-server-minimal.x86_64                1.8.0-5.el7                                  @anaconda
vncserver

Code: Select all

# cat /etc/systemd/system/vncserver@:1.service
[Unit]
Description=Remote desktop service (VNC)
After=syslog.target network.target
[Service]
Type=forking
ExecStartPre=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'
ExecStart=/usr/sbin/runuser -l snadmin -c "/usr/bin/vncserver %i"
PIDFile=/home/snadmin/.vnc/%H%i.pid
ExecStop=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'
[Install]
WantedBy=multi-user.target
firewall configuration

Code: Select all

# firewall-cmd --permanent --zone=public --add-service vnc-server
success
# firewall-cmd --reload
success
# firewall-cmd --get-services
RH-Satellite-6 amanda-client amanda-k5-client bacula bacula-client bitcoin bitcoin-rpc bitcoin-testnet bitcoin-testnet-rpc ceph ceph-mon cfengine condor-collector ctdb dhcp dhcpv6 dhcpv6-client dns docker-registry dropbox-lansync elasticsearch freeipa-ldap freeipa-ldaps freeipa-replication freeipa-trust ftp ganglia-client ganglia-master high-availability http https imap imaps ipp ipp-client ipsec iscsi-target kadmin kerberos kibana klogin kpasswd kshell ldap ldaps libvirt libvirt-tls managesieve mdns mosh mountd ms-wbt mssql mysql nfs nfs3 nrpe ntp openvpn ovirt-imageio ovirt-storageconsole ovirt-vmconsole pmcd pmproxy pmwebapi pmwebapis pop3 pop3s postgresql privoxy proxy-dhcp ptp pulseaudio puppetmaster quassel radius rpc-bind rsh rsyncd samba samba-client sane sip sips smtp smtp-submission smtps snmp snmptrap spideroak-lansync squid ssh synergy syslog syslog-tls telnet tftp tftp-client tinc tor-socks transmission-client vdsm vnc-server wbem-https xmpp-bosh xmpp-client xmpp-local xmpp-server

Start the server by the user

Code: Select all

[snadmin@localhost ~]$ vncserver

New 'localhost.localdomain:1 (snadmin)' desktop is localhost.localdomain:1

Starting applications specified in /home/snadmin/.vnc/xstartup
Log file is /home/snadmin/.vnc/localhost.localdomain:1.log

With the tightvnc program on windows, when I enter IP:5901 I get timeout error.
Any idea?


P.S: I think the firewall services I saw some days ago was few. Now I see many services! Is that normal?

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: vnc not reachable

Post by TrevorH » 2018/09/13 11:06:45

Your systemd unit file looks very odd - where did you get that from? Mine was copied from the example one provided by the package and looks like

Code: Select all

# /etc/systemd/system/vncserver@:1.service
# The vncserver service unit file
#
# Quick HowTo:
# 1. Copy this file to /etc/systemd/system/vncserver@.service
# 2. Replace <USER> with the actual user name and edit vncserver
#    parameters appropriately
#   ("User=<USER>" and "/home/<USER>/.vnc/%H%i.pid")
# 3. Run `systemctl daemon-reload`
# 4. Run `systemctl enable vncserver@:<display>.service`
#
# DO NOT RUN THIS SERVICE if your local area network is
# untrusted!  For a secure way of using VNC, you should
# limit connections to the local host and then tunnel from
# the machine you want to view VNC on (host A) to the machine
# whose VNC output you want to view (host B)
#
# [user@hostA ~]$ ssh -v -C -L 590N:localhost:590M hostB
#
# this will open a connection on port 590N of your hostA to hostB's port 590M
# (in fact, it ssh-connects to hostB and then connects to localhost (on hostB).
# See the ssh man page for details on port forwarding)
#
# You can then point a VNC client on hostA at vncdisplay N of localhost and with
# the help of ssh, you end up seeing what hostB makes available on port 590M
#
# Use "-nolisten tcp" to prevent X connections to your VNC server via TCP.
#
# Use "-localhost" to prevent remote VNC clients connecting except when
# doing so through a secure tunnel.  See the "-via" option in the
# `man vncviewer' manual page.


[Unit]
Description=Remote desktop service (VNC)
After=syslog.target network.target

[Service]
Type=forking
User=trevor
PAMName=login

# Clean any existing files in /tmp/.X11-unix environment
ExecStartPre=-/usr/bin/vncserver -kill %i
ExecStart=/usr/bin/vncserver %i -geometry 1024x768
As you can also see from the comments included, it only listens on localhost by default and you need to change it if for some strange reason you want to use it directly externally rather than via an ssh tunnel (much more secure, use it if at all possible).
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

mahmood
Posts: 122
Joined: 2017/06/04 12:21:09

Re: vnc not reachable

Post by mahmood » 2018/09/13 12:32:38


mahmood
Posts: 122
Joined: 2017/06/04 12:21:09

Re: vnc not reachable

Post by mahmood » 2018/09/13 14:51:56

Trevore,
I used your script. However, I don't understand somethings. It seems that vnc usage has been changed.

I used to defined a desktop number like 1:mahmood in /etc/sysconfig/vncserver and then as a user, I used to run vncserver -geometry 1024x768 :1 to start and vncserver -kill :1 to stop the server.
Then I used to run a viewer like tiger vnc with IP:5901 to see the desktop.

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: vnc not reachable

Post by TrevorH » 2018/09/13 16:49:39

howtoforge is almost always a textbook example of hownottoforge.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

jjrowan
Posts: 132
Joined: 2005/09/10 13:07:15
Contact:

Re: vnc not reachable

Post by jjrowan » 2018/09/25 13:26:17

I had vncserver reachable at port 5901 until recently. Server rebooted due to power outage. Now vncserver will not load at port 5901, it's loading at 5906. There isn't a vncserver@:6.service anywhere on the server. How is it assigning port 5906 instead of 5901.

jjrowan
Posts: 132
Joined: 2005/09/10 13:07:15
Contact:

Re: vnc not reachable

Post by jjrowan » 2018/09/27 13:29:42

I found out why vnc wouldn't load at port 5901, there were lock files in /tmp. I removed them, rebooted the server and now it's working. I still don't know how / why VNC was loading at port 5906.

jscarville
Posts: 135
Joined: 2014/06/17 21:50:37

Re: vnc not reachable

Post by jscarville » 2018/10/15 21:03:00

jjrowan wrote:
2018/09/27 13:29:42
I found out why vnc wouldn't load at port 5901, there were lock files in /tmp. I removed them, rebooted the server and now it's working. I still don't know how / why VNC was loading at port 5906.
The version of vncserver with CentOS 7 will use the next higher number if the one requested is in use.

I now start vnc up thusly:

$ ssh <target> /usr/bin/vncserver :DISPLAY -name <target> -geometry XXxYY -nolisten tcp -localhost -autokill -SecurityTypes None

$ /usr/bin/vncviewer -via <target> localhost:DISPLAY

Where <target> is the machine you intend to connect to and $DISPLAY is the desired display number.

I use a little Perl program that starts vncserver on a remote server using my UID as DISPLAY then connects to that DISPLAY from my workstation. It only works for Linux-to-Linux.

Post Reply