Our website is made possible by displaying online advertisements to our visitors.
Please consider supporting us by disabling your ad blocker.

VPN-less Remote Control via VNC

Article Index

By Bryan Keadle (This email address is being protected from spambots. You need JavaScript enabled to view it.)

Using the VNC Repeater:
The VNC Repeater enables you to open up a single port on your firewall to the VNC Repeater machine (kind of a "gateway" or "proxy"), and use the VNC Viewer to remote control any local machines running the WinVNC Server. To follow are the instructions for this setup.

Download UltraVNC: http://uvnc.com
This "distribution" of the Open Source VNC project includes additional features including other compression algorithms for speed and flexibility, file transfer, chat, and MS Logon authentication, to name a few.

Install the VNC Server on a machine to be remote controlled
(WinVNC Server machine):

Select the necessary properties of WinVNC repeater

Setup VNC Repeater machine:

Install UltraVNC on your VNC Repeater machine. In the properties of the server icon in the system tray, be sure to check on the Allow Loopback Connections option (see above graphic).

In the directory where you installed UltraVNC, you will find vnc_repeater.exe.

On your VNC Repeater machine, start the repeater program by running at a command
prompt: "(path)\vnc_repeater.exe" 5901

Configure public router:
On your router, forward port 5901 to your VNC Repeater machine




Now run VNCViewer.exe:

Enter the local IP address (or DNS name) of the machine you want to control

Check on the Proxy Repeater check box, and enter the public address assigned to your VNC
Repeater (or router from which you are forwarding port 5901)

Press the Options... button to specify your connection options. I've found the best remote control
settings to be checking on the Use 8-bit color and specify Hextile encoding method.

VNC through SSH

SSH Server
You will need to provide an SSH Server. This can be a Linux machine, or a Windows machine running OpenSSH (http://sshwindows.sourceforge.net/). Configure your router to forward port 22 (SSH) to your "SSH Server".

SSH Client
Copy (or otherwise provide) vncviewer.exe and an SSH client (Putty.exe - http://www.chiark.greenend.org.uk/%7Esgtatham/putty/ ) to the client to be used to
remote control your WinVNC Server machine.

Configure PuTTY:

Setup a session to forward port 5900 to the machine you want to remote control (using it's local address (or DNS name), in this case:
Your SSH Server machine will need to be able to resolve this address/name.

Enter the host name and port (22). You can pass the username by preceding the host name with Username@ as indicated in the above graphic.
Enter a name in the Saved Sessions edit box, then press the Save button.

Select the OPEN button to connect to your SSH Server. You will need to authenticate to the SSH server to establish the SSH tunnel.

With this SSH tunnel established, you will now use VNCViewer to connect to the machine you configured PuTTY for (
In the VNC Server: edit box, enter localhost (
You will want to select the Options button and select your Format and Encoding settings as described in the graphic.
When you press the Connect button, it will route 5900 local port through the SSH tunnel to the address (according to the PuTTY configuration).

Likewise you could configure Windows XP Remote Desktop (Terminal Services) through SSH in the same manner. To include Remote Desktop, add an SSH tunnel like this:

This configuration would give you both VNC and Remote Desktop (Terminal Services) access to through the SSH tunnel.
Note, the Source port is defined as
This is a bit "different". When you open MSTSC.EXE (the Terminal Services client), you would enter as the connection:
This will connect you to the Terminal Services server of the host machine through an SSH tunnel.

VNC Repeater and SSH Tunnel
Now, let's combine the VNC Repeater and the SSH Tunnel so that we are able to use the VNC Repeater through a secure SSH Tunnel.
Simply change / add the following
SSH tunnel parameters:

NOTE: the source port is 5900, and the destination port is 5901

In the VNC Viewer, connect using these settings:

NOTE: the Proxy/Repeater setting is localhost