Reverse connections in TightVNC

Traditionally TightVNC behaves much like in the classic client-server model: the client, meaning the computer controlling a remote desktop, is also a client in terms of networking (it initiates the connection), while the server, meaning the computer whose desktop is controlled, is also a server in terms of networking (it waits for a client to initiate the connection). In case of LAN connections this hardly ever causes any problems. But what if we want to connect to a host somewhere on the Internet, which – even worse – is behind a NAT?

Reverse connections in TightVNC (other VNC software also has similar features, but I will describe the example using TightVNC) come to the rescue. Using a reverse connection, the client (the controlling computer) becomes the server in terms of networking (it waits for an “invitation” to control a remote system), while the server (the computer being controlled) becomes the client (it “invites” the other party to control it). Here are the steps to establish a reverse connection in TightVNC.


At the controlling host:

    • Option A. Launch TightVNC Viewer and click the Listening mode button.
    • Option B. Run the following command at the command line:
      vncviewer -listen
      

At the controlled host:

  1. Launch TightVNC Server.
    • Option A. Right-click the VNC tray icon and pick Add New Client…. Then in the Initiate Outgoing Connection (Add New Client) window enter the IP address of the host which is supposed to have control over this machine.
    • Option B. Run the following command at the command line:
      WinVNC.exe -connect controlling_machine_address::5500
      

What is all this for? Let’s assume we have a public IP address, but we want to help (connect with VNC) a user behind a NAT. For a connection to be established the classic way, port forwarding is necessary. However, if the user we want to connect to has no control over the firewall at his side (e.g. because he uses a company network), but the connections initiated from his network are allowed, configuring port forwarding becomes redundant.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s