VNC Extras, Add-ons and modifications

Firewalls

Obviously, you cannot access a server inside a firewall from outside without specially configuring the firewall; that's what firewalls are for! Christian A. Lademann cal@zls.de has used an elaborate scheme:

I have had a problem with connections from my workstation to a PC connected to a customers LAN, because my firewall as well as the customers firewall does IP-masquerading. This means that my workstation can only connect to the customers firewall and the customers PC can only connect to my
firewall. The reason for this is, of course, to hide the complete LAN behind the firewall(s).

Christian's solution involved a script listening on a single accessible well-known port behind the firewall, which could accept incoming connections and redirect them to the appropriate machine.  His full details are here: rvnc.txt

SSLeay encryption

You can get it from http://web.mit.edu/thouis/vnc .

Restricting connections by IP address (TCP wrapper)

In the list archives I notice there was a discussion of implementing access control for Xvnc with the tcp wrapper library. I have now implemented this for 3.3.2r2. You will need to have tcpd.h and libwrap already installed.

Wolfram's full message is at http://www.uk.research.att.com/vnc/archives/1998-09/0168.html .

Jared Smolens <jsmolens@andrew.cmu.edu> has done an equivalent for WinVNC. He writes:

... I wrote some code to read a list of IPs to allow and IPs to deny from a text file. The rules are identical (to the best of my knowledge) to /etc/hosts.allow and /etc/hosts.deny on my Linux box and the text file's syntax is close to that format. This is a feature which has been discussed at least once on the mailing list, so I thought that you might want to add it to the official code base. 

The x86 binaries and source code are available at: 

ftp://wik.res.cmu.edu/pub/vncip_bin.zip and ftp://wik.res.cmu.edu/pub/vncip_src.zip

I have two new files, ipauth.h and ipauth.cpp. I made some changes to vncclient.cpp (but not the header) to use the class and disconnect unauthorized clients. I also have a sample "iplist.txt" file which contains the allowed IPs. 

The format of the text file works like this:

<ALLOW|DENY> <Partial/full IP>
<DENY ALL>

An unlimited, unordered list of IPs (or partial IPs) may be entered into the file like this:

ALLOW 128.2.93.
ALLOW 128.2.87.80
DENY 128.220.
DENY ALL

In this case, the DENY 128.220. is redundant because of the DENY ALL, but you get the point. ALLOW ALL is the default, and if the user specifies that, it is ignored. Allows always take precidence over denies. This code is not case sensitive. 

I am fairly sure that I got rid of all of my memory leaks (I ran Purify on it, but I have done some slight modifications since then). I also use the fstream library. I don't know if you consider this to be too
much overhead. 

-- Jared Smolens

zlib compression

http://www.uk.research.att.com/vnc/archives/1998-08/0039.html

In addition, Dave has provided patches for the Windows viewer at:

http://www.uk.research.att.com:80/vnc/archives/1998-08/0228.html

Luis B. Almeida has also created a version of the Windows software which you can get from ftp://neural.inesc.pt/pub/lba/vnc .

Warren Toomey has done an alternative implementation of zlib compression, along with some other hacks, which you can get from:

http://minnie.cs.adfa.edu.au/VNC_bits/

x2vnc

x2vnc is basically a stripped down version of the vncviewer but with slightly different goals and a very different GUI.. :)

x2vnc emulates a 'dual head' setup by catching when the user tries to move the pointer past the edge of the screen. This allows me to control
both computers from one mouse/keyboard.

I have made x2vnc available for download from my web site:

http://www.hubbe.net/~hubbe/x2vnc.html
 

Enhanced Java viewer for JDK 1.1

When run as a standalone application, it adds scrollbars, and the ability to specify 'host:display' as with the other VNC viewers.

It uses the Java 1.1 event model, so is 'better' Java, but won't run on older JVMs & browsers.

You can get it from http://www.uk.research.att.com/vnc/contrib/mfviewer.tar.gz .

VncMonitor

VncMonitor is intended for those people who need to monitor several remote systems. A single window is used to present all the displays. The tab or backtab key allows the user to switch between systems. The return key causes the currently viewed system display to be transferred to its own window and the user can interact with the system using the mouse and keyboard. Closing
the new window returns the monitored system display back to the initial window.

The configuration of VncMonitor is controlled by a file which contains all the information about what systems are to be monitored.

A version can be downloaded from:

http://www.wilson.co.uk/Software/vnc/VncMonitor.htm

VNCProxy

John Wilson has also written VNCProxy, a Java proxy that can sit between a VNC viewer and server and can be configured to map various incoming requests to different VNC servers. You can find it at http://www.wilson.co.uk/Software/vnc/proxy/VncProxy.htm

VNCScan

Steve Bostedor has written a utility which will scan a network and list the machines running VNC servers. You can find it at http://tgcs.d-a-v-e.com/vncscan/vshome.htm. You'll need to email Steve for the password to unzip the file.

(You can also use port scanners such as nmap or Netcat to scan for the ports used by VNC. See the VNC FAQ for details of these ports.)

iXvnc

Andre Moreira <andre@dei.isep.ipp.pt> has written some patches for Xvnc to allow it to be run under the control of inetd and hence be started automatically as users connect. See http://www.dei.isep.ipp.pt/~andre/extern/ixvnc.htm for details.

Share a Single Window

Céline FAGES <celine.fages@silogic.fr> has written some modifications for WinVNC to allow it to share a single window.

See http://www.uk.research.att.com/vnc/contrib/one-window.txt for the modification details.

See Céline's original message in: http://www.uk.research.att.com/vnc/archives/2000-02/0658.html