TightVNC Remote Desktop Connections using openSUSE as Client or Server

Written by lars. Posted in Lost and found

openSUSE Versions: All 11.x

TightVNCis a free (Open Source) remote control software package derived from the popular VNC software. With TightVNC, you can see the desktop of a remote Linux or Windows machine and control it with your local mouse and keyboard. In this Tutorial I have a focus on the openSUSE side of things, which is straightforward but as usual, only if you know how.


Two technologies do much the same thing. VNC and RDP both serve remote Linux or Windows Desktops to Linux or Windows clients. Which should you use? I really don't know. Have a read of both Tutorials. Here's a link to the Tutorial onRemote Desktops by RDC.

Here are in-page links to the focus areas:

Ports, Firewalls & Routers

????Ports and Window Designations in TightVNC (:0, :1, :2 etc)

When you start TightVNC on a server, by default two different modes of virtual desktops are projected for viewing on remote clients. One mode can be accessed by running the applicationvncvieweron the client. The other mode can be accessed by addressing the server in a java-enabled web browser on the client. The IP address is the same for both modes but different ports are used to differentiate them.

TightVNC TCP/IP packets traversing a LAN require only that ports be opened in personal firewalls on the workstations. When traversing a WAN (e.g. the Internet), port forwarding from one subnet to the next through NAT routers is necessary. The XWindows system can open a series of desktops referred to sequentially in VNC parlance as :0, :1, :2 ....etc. These Window interfaces are associated one to one with sequentially numbered TCP ports 5800, 5801, 5802 ....etc and 5900, 5901, 5902 ....etc. The 5800 series is accessed with a web browser while the 5900 series is accessed in a desktop window usingvncviewer. The relationship is window :X associates with TCP ports 580X & 590X, or if you prefer a visual cue, here's a table:

XWindow number sequence served by TightVNC --> :0 ¦ :1 ¦ :2 ¦ :3 ¦ etc...
TCP port numbers for the app vncviewer --> 5900 ¦ 5901 ¦ 5902 ¦ 5903 ¦ etc...
TCP port numbers for java enabled browsers --> 5800 ¦ 5801 ¦ 5802 ¦ 5803 ¦ etc...

Microsoft Windows servers only enable the zero window :0 on TCP port 5800 for the web interface and 5900 for the desktop window interface. Linux servers can enable multiple XWindows. In Linux, TightVNC windows start from :1 (window :0 being unavailable). Most normal Linux users would only be concerned with :1 and ports 5801/5901.

OK, these are the default associations between desktops and ports. You can force different port associations by specifically associating them with a desktop when you start a TightVNC server. Checkman Xvncfor details.

????Opening Ports in Firewalls and Routers

OpenSUSE firewall: Two areas need attention here. First is the "Zone" into which you place your netwok interfaces. Then there are the ports that you need to open to allow packets between those interfaces and the outside world.

You must associate your network interface with the External Zone in SuSEfirewall2. Go to Yast --> Security and Users --> Firewall --> Interfaces. Your network card or cards will be listed in the right-hand panel. Make sure they're in theExternal Zone.

Next, still in Yast's Firewall module, go toAllowed Services. In the right-hand panel, set the Selected Zone to External Zone. Below that is a drop-down list titled Services to allow. Two in that list are relevant here; viz:VNCandVNC mini-HTTP server. Leave the service calledVNC Serveralone; it's not for TightVNC. For tightVNC, the service VNC will open ports 5900 to 5999 for the XWindow viewer and the serviceVNC mini-HTTP serverwill open ports 5800 to 5899 for the web browser viewer. Use one or the other (or both), depending on your mode of communication. You can manipulate the appropriate service/s into the lower panel with the Add buttion.

For earlier releases of Suse/openSUSE the firewalling might be different. For earlier releases opening ports will work fine if you use the Advanced button and add the ranges 5800:5899 5900:5999 (as a space-separated list) into the TCP slot.

Windows firewall: Sometimes you will be asked when installing TightVNC as a service, whether you want the server to be permmitted by the firewall. Answer yes. Otherwise open ports as shown next or if you have additional misgivings open ports anyway. Windows only has the window :0 and so you mostly need be concerned only with the default port/s 5800/5900. However you may associate a different port of your choice with windows :0. To open a port go to Control Panel --> Windows Firewall --> Advanced --> Highlight the network interface and click Settings --> Add:

  • In Description put TightVNC.
  • In IP address enter the IP address of the workstation that you are using.
  • In External port enter the port number (e.g. 5900).
  • In Internal port enter the port number (e.g. 5900).
  • Make sure the radio button is activated for TCP, not for UDP.
  • Repeat the process for each other port you need, e.g. 5800.

ZoneAlarm: Look under Firewall --> Main --> Advanced and allow "Traffic over 1394".

Port Forwarding: Routers connect connect networks with different IP subnets. You should enableport forwardingin your router's configuration. Port forwarding allows passing external connections to computers in the internal network. Almost all routers support this type of redirection.

For example, to access a TightVNC server running on default ports, a router can be configured such hat TCP connections to port 5901 would be passed to the same ports of a particular machine with a specified private IP address (typically 192.168.x.x).

Here is an example of configuring port forwarding, assuming that TightVNC Server is running on the default ports 5800 and 5900, on a machine with IP

Application ¦ Start port ¦ End port ¦ Protocol ¦ IP Address ¦ Enable
VNC_by_viewer ¦ 5900 ¦ 5900 ¦ TCP ¦ ¦ yes
VNC_by_browser ¦ 5800 ¦ 5800 ¦ TCP ¦ ¦ yes

More examples can be found onwww.portforward.com.

TightVNC in openSUSE

????Installation & Configuration

Software: The RPMs are in the standard install media. GoTo Yast --> Software --> Software Management and search on vnc. Install the RPMstightvncandxorg-x11-Xvnc. Those RPMs will install both the viewer functionality and the server functionality. Use the Packman repository for the tightvnc RPM in openSUSE 11.1 and the standard repository (oss or vendor) for the tightvnc RPM in 11.2 and 11.3

For an openSUSE client where you wish to view the server by web browser, install also the java RPMsjava-x_y_z-openjdkandjava-x_y_z-openjdk-plugin(you can use either the sun or the openjdk RPMs).

Initialise Passwords: The first thing to do after installing the RPMs is initialise the vncserver process. Run the commandvncserverfor the first time. It will lead you through the setting of passwords, one to accept clients in an interactive mode and one for a view-only mode. Run the command in your normal user's console window and follow the instructions in the prompts.

Select the Desktop Manager: The default Desktop Manager that would be served to remote clients isTWM (Tab Window manager). The defaults are coded into the startup scriptxstartuplocated at /home/your_username/.vnc/xstartup. the default contents are as follows:

xrdb $HOME/.Xresources
xsetroot -solid grey
xterm -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &
twm &

Most people want to change that to KDE4 or Gnome. To do that you edit the file called xstartupin your home directory and make the contents as follows:

  • For KDE4
  • #!/bin/sh
  • For KDE3.x as in openSUSE 10.x and 11.0, 11.1
  • #!/bin/sh
    /usr/bin/kde &
  • For Gnome
  • #!/bin/sh
    /usr/bin/gnome &

Note: the file xstartup is an executable script file. Make sure it remains executable. If it is not, then make it so with this console command:chmod +a /path_to/xstartup, or use your file manager GUI --> Properties --> executable.

????Starting TightVNC Server (Manually)

Users who are logged on can start a server with a simple console command.

  • Starting the server in Suse versions 10.x:vncserver
  • Starting the server in Suse versions 11.x:dbus-launch vncserver

The vncserver command will start the next unused desktop in the sequence :1, :2, :3 ...etc. You can attach many options to the command line when starting the server. There are options specific to TightVNC on theTightVNC man pageand you can also attach the options listed in theXvnc man page.

I sometimes use one or more of three useful options when initiating a server:

  • thegeometryoption allows me to prescribe the screen so it will fit comfortably into viewers on client machines, e.g.-geometry 1024x768or smaller.
  • The default window is :1 and this implies TCP ports 5801 and 5901. If you want to use a different port/window combination, use the:xoption, where x is the display number. For example this command will start a server on window :6 with port associations 5806 & 5906:vncserver :6
  • The colour depth option is useful for low bandwith connections and for speeding up communications. You invoke the option like this:-depth 8(use 8, 16 or 32). However at this point I should mention that options for speeding communications are best invoked from the client (see below).

Stitching this together gives an example I use on a server when I want to connect with my low bandwith, small screen laptop:

dbus-launch vncserver :6 -depth 8 -geometry 800x600

(Of course, you don't have to add any options if you simply want TightVNC's default settings.)

????TightVNC Server Running as a Service

If you want the TightVNC server to always activate when the computer boots, then create a shell script, e.g.vncservice.sh, that you can execute when your system boots into runlevel 5.

rm /tmp/.X11-unix/X*
dbus-launch vncserver

Use this version (with dbus-launch) for KDE4 and Gnome in openSUSE 11.x.

rm /tmp/.X11-unix/X*

Use this version (without dbus-launch) for openSUSE 10.x (and maybe Gnome in 11.1, I can't quite remember the transition from 10.3 to 11.1; if one version fails you, try the other).

You can add options to the line containing the commandvncserver. Make sure the file is executable (usechmod a+x vncservice.sh). If you run the script by hand it will generate an error message about a file called X0. That's OK: the script is not meant to be run by hand, only by a cron job at boot time.

In KDE, do not place the script in KDE's startup directory. In Gnome, do not link the script in with the Autostart function in Control Center. These will start an endless succession of desktops and lock your system. Instead, place the script in the directorybinin your home directory. You add a cron job to your personal crontab (not root's crontab). The line for the cron job is as follows:

@reboot /home/your_name/bin/vncservice.sh

Be sure to change "your_name" to the correct username. Also, use the full path, even though the file is in the "bin" directory. There's a crontab Tutorial on this site:Scheduling Events in openSUSE with Cron Jobs.

Here's a final tip: you can configure for an automatic logon in Yast --> Security and Users --> Advanced if you want to run a VNC server which reboots automatically after power failures; also set the bios to power the machine back on when power restores.

????VNC Client 1: Viewing in an XWindow with the commandvncviewer

Open a console window and enter this command:

vncviewer ip.of.server:X

Where ip.of.server is the LAN or Internet IP address of the VNC server and :X is the window designation. An example might look typically like this:vncviewer You can use the port number (e.g. ::5901) instead of the window number (e.g. :0) like this if you prefer:vncviewer the :: before the port number.

There are some useful functions contained in an F8 facility. Hover your mouse over the window that shows the remote screen and press F8. The facilities in the drop-down list are self explanatory.

Tip: Do Not lightly use the "Full Screen" mode until you are sure what you are doing. Full Screen mode often confuses the software. I don't use Full Screen mode after some disastrous disconnections from remote servers. Try it and see if you like or dislike it.

Options: You can add options to the command line. I suggest you look atman vncviewerfrom your console or here on the TightVNC web site:man vncviewer(1). See what you think of them. I'm still grappling with them.

????VNC Client II: Viewing in a Java Enabled Web Browser

You can use http addressing in your web browser to connect to a client broadcasting on a VNC http server using the 580X series of ports:http://ip.of.server:580X, where X is the window number (0, 1, 2, 3....). If Name resolution is in place e.g. by internet DNS servers, you can use the domain name version e.g.http://www.swerdna.net.au:5809. You don't have to actively enable the http server on at the remote server; it's set to broadcast by default.

Enabling Javascript: remenber to pre-install the RPMs for java-x_y_z-openjdk and java-x_y_z-openjdk-plugin.

Options: The web interface has an Options button at the top of the viewing area. Do have a look at those and study them in terms of the description of the options for vncviewer on theTightVNC websiteor the man page on your system.

KDE4 Bug in openSUSE 11.0 and 11.1: The web interface will fail entirely unless you perform this workaround to connect: after you put the address of the server (http://ip.of.server:580X) in the browser, when the logon screen appears, before anything else, click theoptionsbutton at the top of the screen and select Options --> Cursor Shape Updates --> Disable --> Close. Then log in. This is not necessary in openSUSE 11.2.

????Install VNC in Windows

TightVNC works in Windows 2000, XP, Vista and Windows 7

TightVNC was recently rewritten so that the server function version works in all versions of Windows.The download page ison this link. Choose the "Self-installing package for Windows". That's all I need to say (except, don't forget the ports in proprietory software firewalls if you installed one).

That's all folks. Swerdna 18 Feb 09. Last updated 21 August 2010.

Add comment

Security code