How to run vnc viewer in proxy network

[tuskisan]

Hello, I am facing issue  , I need to access google cloud hosted compute machine running centos 7  on my windows 8 laptop 

I am successful at making ssh connection 

However, vnc connection doesn't work with my university network but runs fine on my cellular data or other external networks

I tried changing the port number of vnc server from 5900 to 35548 but that doesn't work

I even tried the ssh tunneling via putty as shown in a video on youtube but again it seems to have used the same port number as 5900 

I suspect that this university network 5900 ,also earlier when I hosted windows 2012 server its rdp didnot work on the university network

Also ,tried teamviewer but teamviewer doesnot work on server 

Going to univ network center is my last option .Please help

[+BudMan MVC]

What exactly are you trying to do??

 

Your trying to access google compute machine??

 

Sounds like your trying to circumvent your univ filtering of outbound connections??  If you can make a ssh connection to this compute vm, then you could tunnel through that connection and do whatever you wanted, vnc, etc. Yeah if your server is 5900 that would be the port you would use, just through the tunnel.

 

Not sure what your question is about 2k12 and rdp?  Without details of network impossible to say what you were doing wrong.  As to TV running on server versions of windows - yeah it does!

[tuskisan]

Ok, sorry for all this messed up things, I am completely new to linux and networking when it comes to practical.

I will go again on my problem , I have a google compute instance (server) running on google datacenters. I have installed centos 7 on my remote server. I can access the centos 7 remotely via ssh connection in Putty . My laptop has normal windows os i.e. windows 8.

In order to take graphical access I need vnc access . Thus , I installed tiger vnc server on my remote server. Then tried to take access by the vnc viewer , vnc viewer fails on my university network  . But is fine on any external net such as cellular data or dongle. Now this is surely some port blocking or firewall , mostly port 5900 I  guess  . Going to university network center is an option but its the last one. I saw that through ssh tunnel we can tunnel our vnc connection .So I watched few videos on that but it doesn't seem to help (maybe I am doing something wrong)  ,Here are few things that I tried and failed

1) Changed the vncserver port from 5900 to some random port value  3400 etc (taken into account the consequences such as adding new port to firewall,etc)

    It changed , but it gave me strange results , like when vncserver was actually running it wasn't listening on that particular port

   The proof is that when I netcat i.e.when I type in my centos 7 terminal  nc 189.134. 5901 I get a reply as RFB 03.something (which means my vnc is working fine on ip:5901)

  When port number was changed I typed same command with different port number say nc 189.134.wahtever 35549 , I got reply as connection timed out or refused.

 I tried all types of things, accessed log files of vncserver find out what port its running on, even examined the process and tcp connections using netstat ,everything was normal only it wasn't  listening on that port.(nc command never returned me RFB as a response)

    Here's how I changed it http://itstudent.org/blog/?p=631

    But it failed too.

 

2) I tried tunneling as per shown in videos 

     opened putty -> loaded normal ssh configuration file ->, then in tunnels option entered source port as 5901 and destination as localhost:5901 or even tried this  "server external ip address:5901"

    and  -> then opened the vnc viewer entered, localhost:5901 or server ip address:5901 and then tried to connect but failed again. 

 

If this doesn't form a correct picture do let me know , I am noob in this so I don't know how to do this stuff exactly. Sorry again for any inconvenience. And yes I am not trying to circumvent my univ network. Its just I am avoiding to go there. As a last option I would go. Thank you for your help and feedback . You were the quickest. 

 

[PsYcHoKiLLa]

Umm why would you try to VNC onto "localhost" on any port? localhost is your own computer, the same one you are running vnc on, are you trying to use port translation?...also are you sure you have configured the port on your client and on the server too cos it sounds like the server isn't expecting you to use any port other than 5901.

 

Can't you reconfigure the port on the server and just use the same port on both ends?

 

5901 is a common vnc port and on a uni network it was bound to be disabled as they probably use it themselves.

[PsYcHoKiLLa]

Check these out:

 

http://www.uaf.edu/arsc/knowledge-base/vnc-and-ssh-port-fowardin/index.xml

 

https://intranet.cs.hku.hk/csintranet/contents/technical/howto/putty-portforward.jsp

 

http://cects.com/ssh-local-and-remote-port-forwarding-with-vnc/

 

This may also be your problem, your vnc session may have been blocked by the server:

 

http://stackoverflow.com/questions/26813070/google-compute-engine-getting-blocked-after-accessing-ssh-a-few-times

 

Apparently you might need to whitelist your university IP on the server to stop it blocking you, if that's what is happening.

[+BudMan MVC]

"And yes I am not trying to circumvent my univ network. Its just I am avoiding to go there"

 

Huh???  In one sentence you say you can not get to your google compute machine from your univ, then you say your trying to avoid going there - go where?  Google compute?

 

Lets go over some basics.. Does not matter where you currently at!!

 

Can you ssh to your google compute machine?  If so vnc is listening on what port? 5901?  On what IP?  Its public IP, its loopback, all of them?  from your ssh connection to your google compute box do a netstat or sockstat for your listening ports.  What does it show listening on 5901??

 

Does not matter firewall at your location, or firewall at other location if you can ssh then you can tunnel through this ssh tunnel and hit the remote machine vnc..

 

Yes in a ssh tunnel, the port you listen on locally can be anything, you connect to this local listening on port with your vnc client after you have created the ssh connect with the tunnel.  Your ssh client than ses oh traffic to my local port X, send it down the tunnel to IPX:portY..

 

There are a bajillion guides on the net on how to vnc through a ssh tunnel..

[tuskisan]

Thank you all ,For your response 

The thing is I am avoiding to go to network center at my university because they are very slow people and will take lot of explanations to explain them , Basically they are not so cooperative , thats why I am avoiding them( network people at my univ ) ,If it is the case that google compute machine has blocked my ip then ,I will need to contact them . Which I will do if all fails. My tunneling is flop because I dont know much of it ,It was very first time , Thank you PsychoKilla for the links ,I will surely try those. As +budman has suggested I will try netstating or sockstating the server and examine the case more deeply. 

And Psychokilla - I tried to reconfigure the vnc server base port which is 5900 to some random say 3400 but it fails .

I dont think it is needed to reconfigure the port on vnc viewer(correct me if I am wrong)  as we specify the the port for connection say server ip addeess :5901  like that . So just the new port right ? like server ip address:3401 . 

Also I dont think I need to install ssh daemon on server as it is installed by default and I can connect to it using my putty . So the server side ssh server is taken care of. 

I will try all the solutions listed by you both and will let you know the results asap . Thank you again . 

[DaveLegg Developer]

For some VNC viewer clients, including the one you're using, to specify a different port, you do so after a double colon, rather than a single colon, e.g 127.0.0.1::5901 (see the text underneath the "Remote Host" textbox)

 

This is because linux systems can run multiple 'displays' which can be connected to via VNC, and they use the single colon notation for the display number, to connect on a different port, you need to use two colons.

 

Note, you only enter the port like this in your VNC client, not in Putty when you're configuring the tunnelling, use the single colon notation there.

[tuskisan]

Hey, Guys thank you for your solutions it was great to get feedback from you. I am happy to announce that my problem has been finally solved. What I did is listed below

 1) Instead on vnc used xrdp which is RDP server for linux server os. 

Why? because I couldn't properly get vnc running on the server. It was working fine then I don't know exactly I installed something did many tuts on that and it started malfunctioning i.e. I was not able to start that typical vncserver.service.1 so I reset my google instance, installed vnc again and was again stuck with vncserver.service .1 ( the name is not perfect but somewhat like that) not being able to start. But service.2 something was able to start which runs on display 2 and when you take access (through the external net) it used to give me an error message on my remote desktop as something went wrong log out and all. I think it was due to my main display wasn't shift to display 2. I also realized that I didn't add ports 5900 into the firewall.Google Cloud has another networking section in its console browser window and if we don't add firewall rules there we can't realize them in our VM even if we add them on the VM's os like using some command to add them to firewall in a Linux terminal. Also, tried that random port experiment again and was succeeded in running vnc server on port 17333 but got blocked in a proxy net of university when trying to view through vnc viewer. So basically vnc started giving many problems.

Link to install xrdp-  http://www.itzgeek.com/how-tos/linux/centos-how-tos/install-xrdp-on-centos-7-rhel-7.html

2) Confirmed that it wasn't port issue 

In this what I did is made sure that it wasn't the fault of port 5900, I started a vncserver on windows(on my laptop) using TightVNC (It's free and easy to install)  and tried to take its access from my android device using Remote Ripple (TightVnc's android vnc viewer) and was succeeded as android and laptop were on the same network, repeated it by replacing android with the other PC on the network was again succeeded. So that made sure that it wasn't with the port number.

 

3) Then as  PsYcHoKiLLa suggested it may be that server was blocking my ip address  (this is because this univ has strange IP addresses may be due to they have the different net, even  Instagram doesn't let me like anyone's post as it says I have a different IP address, I used to thought it was proxy)

But I didn't know how to exactly stop that, as the link provided talks about ssh server blocking the ip address . I was unsure if the vnc does the same. So I was planning to investigate this matter in detail.

 

4) Successful Tunneling, After searching this link http://cects.com/ssh-local-and-remote-port-forwarding-with-vnc/ provided by  PsYcHoKiLLa I was pretty sure that I would be able to do this but again got stuck at running this command  ssh -R 6999:localhost:5901 user@192.168.1.3 (don't  worry I replaced username and IP address with the relevant one ). I was having problem with ssh keys which are established at the start of the session , basically, vm has to be transferred public or private key and whenever it needs to authorize it checks those keys.Now I was connecting through putty on windows, And putty doesn't send any keys to vm. Although google chrome's ssh extension was able to do it ,and through that I was able to run that port forward command too but It didn't help when I again tried to connect vnc or rdp by saying localhost:portnumber , All steps were like those mentioned in the link.But I guess that would have been beneficial if that would have happened through putty. 

Then I thought I would tunnel the rdp through ssh 

Link -http://klinkner.net/~srk/techTips/ssh-remote/

Followed this tutorial  very religiously and boom, I was able to rdp the server via ssh tunnel

I realized that when tunneling through Putty, Putty provides the easy GUI called tunnel option on the left panel to add port forwarding rules.(Although, in previous tuts, I followed the same step but was entering IP addresses and port numbers in a wrong way)

 

5) Future plan & Current Problem - Although, I am successful at making a tunnel through ssh for xrdp , The performance of xrdp was slow, I think it maybe due to the internet speed or maybe xrdp is simply not that good enough as vnc.

Plan - Now I got how this port forwarding thing works in Putty windows, Its just a matter of time that I will reformat the VM instance and tunnel the port 5900 through ssh. And have an uninterrupted vnc session.

 

6) Final Thoughts - I think the problem was server was rejecting my connection due to strange IP address , I guess. I am working in IITB currently so they must be having a different net. Still I am not sure as in this was only the problem.

 

7) Some useless Stuff that got tried - Tried changing proxy settings here, we have two lines in our office ,one is normal university line and other is startup line , But both uses same firewall .So switching was useless. 

 

Thank You once again, Guys.

I am pasting the link again as the final solution -  http://klinkner.net/~srk/techTips/ssh-remote/

 

 

 

 

[PsYcHoKiLLa]

If you are getting on the server, have you tried changing the vnc server port or is that not possible?

[tuskisan]

Yes tried that , It works , the vnc port number got successfully changed ,although I had to add that port number into firewall specified by google  cloud's networking section. (that networking section can be found on console.google.com and on left side menu you will see networking)

But even though I change it to random port number and the service successfully runs there ,still I wasn't able to view it in my vnc viewer by university internet. (while vnc viewer connected when using external net such as my cellular data ,3G I use on my phone).

All pointing to only one inference that port numbers weren't blocked here and it was my wrong assumptions at first hand that ports are blocked.

New update - I was able to do vnc connection via Putty ssh tunnel  while remaining on university net. Although ,its not opening in my desired dimension ,that something seems to be little problematic but trivial,I will take care of it later