Remember the Users
RSS imageAbout About Me

The ongoing challenge of using free/libre software.

Port Forwarding VNC With SSH

After struggling with OpenVPN I decided to provide myself remote access to my home network using a different approach — using port forwarding inside SSH.

Another Plan B. I like having options.

A VPN converts a remote computer into a LAN workstation. Using port forwarding inside SSH does not. SSH creates a tunnel to a specific machine rather than a network.

I have configured SSH to provide me secure access to data files on my LAN server. With X Forwarding I run some GUI apps as well, such as a text editor. With SSH my remote laptop is not a member of the LAN as with a VPN. Running GUI apps through SSH and X Forwarding means there is some latency with heavy GUI apps, such as a web browser or word processor. A VPN is better in this respect because as a member of a LAN, all apps are run locally. Only the data files are fetched remotely. Still, for a text editor, using X Forwarding is adequate.

Running VNC (remote desktop) through SSH port forwarding comes close to a full GUI desktop experience. With VNC, running heavy GUI apps are performed at the destination desktop and not through the SSH tunnel. Configuring VNC for a medium resolution keeps latency issues to a minimum.

While I still intend to get OpenVPN working, using port forwarding in SSH provides me something close. With this option I can use VNC in a secure manner to work in the GUI of a LAN desktop.

I copied my LAN server entry in ~/.ssh/config to access my office desktop. I changed the router WAN side port. I used the same pass phrase SSH keys. The big difference is adding a LocalForward option. Through this option I configured port 3702 to forward to port 5900. Port 5900 is the standard port used for VNC.

    Host remote_office
      HostName xxxxxxxxxx
      Port 3499
      DynamicForward 4321
      User xxxxxxxxxx
      LocalForward 3702 127.0.0.1:5900
      IdentityFile ~/.ssh/remote_server

Inside the home I also use Remmina to connect to “remote” desktops. This is convenient for administration or for when I am really lazy, such as selecting a new music playlist on the living room media player without fetching the remote control and turning on the TV. Necessity is the mother of invention, but laziness is the mother of good software tools. Remmina does the job for me.

Once the SSH tunnel is established, I need only start Remmina. I configured Remmina with a separate option to connect to local port 5900. Unlike my other Remmina configurations, no hostname is needed. Just localhost:3702, which through the SSH tunnel is forwarded to the remote system’s VNC port 5900.

Another Plan B is complete.

Posted: December 24, 2016 Category: Tutorial, Usability Tagged: DD-WRT, General

Next: Secure Remote Access With DD-WRT

Previous: Configuring an OpenVPN Server in DD-WRT

No cookies, no JavaScript, no Flash, no ads, no tracking. Just a blog.

Remember the Users
RSS imageAbout About Me