OK. The registry setting AllowLoopback does not work when connecting WinVNC to a VNCviewer.
Thanks. Darn! I might still have to have a custom compile. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Scott C. Best Sent: Thursday, January 17, 2002 4:26 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: Providing (Windows) VNC support to clients that have strict... Chuck: Heya. You've probably already discovered this, but there's a registry setting you need to make to your VNC server machine to allow loopback: http://www.uk.research.att.com/vnc/winvnc.html Down at the bottom, AllowLoopback. Or, even more aggressive, try LoopbackOnly (which appears to be specific to working well with SSH tunneling). Hope one of them is what you're looking for! -Scott > Ok. I have tested this scenario. The tunneling works fine, but the total > picture does not. > > When you make the connection from WinVNC to VNCviewer using the tunnel > through SSH, the VNCviewer on the other end thinks it is an "internal > loopback connection", and disconnects you. This happens regardless of which > IP address you use on the WinVNC machine. > > Since VNCviewer states, "Internal loopback connections are not allowed", the > implication is that there is a setting that WILL allow them, either in the > source, or in the GUI settings. Is this the case? > > So the solution just got more complicated. > > To avoid the VNCviewer thinking the connection is a loopback, you have to > run the SSH client on a completely separate machine on the same LAN, and > have to allow it to receive connections on its local port from other hosts, > like so: > > WinVNC on ClientWS1 ---> SSH on ClientWS2 port 5500 --> Internet --> sshd on > MYFirewall port 443 --> VNCviewer on MyWS1 port 5500 > > This I have tested, and it works, but presents the following major two > problems: > > 1. This is too complicated for the client. > 2. Opening the SSH connection from the client to the SSHD your Linux > firewall is effectively like creating a VPN connection from the client to > your network. This opens a huge security hole in your network, and gives > someone on the client's network the ability to snoop around your network > when the connection is made. > > I am concerned about tunneling VNC through SSH, because it gives the client > the ability to create more tunnels. Is it really wise to secure the client > VNC connection, at the cost of exposing your own network to the client? > > Feedback is greatly appreciated. --------------------------------------------------------------------- To unsubscribe, mail [EMAIL PROTECTED] with the line: 'unsubscribe vnc-list' in the message BODY See also: http://www.uk.research.att.com/vnc/intouch.html --------------------------------------------------------------------- --------------------------------------------------------------------- To unsubscribe, mail [EMAIL PROTECTED] with the line: 'unsubscribe vnc-list' in the message BODY See also: http://www.uk.research.att.com/vnc/intouch.html ---------------------------------------------------------------------
