[Linux] VNC+ intranet penetration enables remote desktop access to Ubuntu from the public network

Article directory

    • Preface
    • 1. Install VNC on ubuntu
    • 2. Set vnc to start at boot
    • 3. Windows installation VNC viewer connection tool
    • 4. Intranet penetration
      • 4.1 Install cpolar [supports installation using one-click script command]
      • 4.2 Create tunnel mapping
      • 4.3 Test public network remote access
    • 5. Configure a fixed TCP address
      • 5.1 Reserve a fixed public network TCP port address
      • 5.2 Configure a fixed public network TCP port address
      • 5.3 Test remote use of fixed public network address
    • Summarize

Foreword

To achieve remote connection at the desktop level of the ubuntu system, you need to install vnc in the ubuntu system. Since it is a desktop, the premise is that ubuntu needs to have a graphical interface. If not, you can execute the following command to install the graphical interface:

sudo apt install ubuntu-desktop

sudo apt-get install gnome-panel gnome-settings-daemon metacity nautilus gnome-terminal

sudo reboot #Restart to see the graphical interface

1. Install VNC on ubuntu

Install vnc in ubuntu

sudo apt-get install x11vnc

Image

Install LightDM [LightDM is designed to support local graphical interfaces for the best compatibility]

sudo apt-get install lightdm

The following options will appear during the installation process. Select lightdm and press Enter.

Set the password. After setting the password, you will be asked whether you need to save the password in:/home/root1/.vnc/passwd. Enter y to confirm.

x11vnc -storepasswd

2. Set vnc to start at boot

Create a x11vnc.service file

sudo vim /lib/systemd/system/x11vnc.service

Press the i key to enter the edit mode, add the following information, !! Note: Replace with your ubuntu username, and press Esc key to exit editing, then enter colon:wq to save

[Unit]
Description=Start x11vnc at startup.
After=multi-user.target
 
[Service]
Type=simple
ExecStart=/usr/bin/x11vnc -auth guess -forever -loop -noxdamage -repeat -rfbauth /home/<USERNAME>/.vnc/passwd -rfbport 5900 -shared
 
[Install]
WantedBy=multi-user.target

Set up startup

sudo systemctl enable x11vnc.service

Start service

sudo systemctl start x11vnc.service

3. Windows installation VNC viewer connection tool

Enter the vnc official website and download the windows version of the vnc connection tool

Viewer

After downloading, open it and use the LAN IP to connect. The port is 5900.

The password interface appears, enter the password set above.

The ubuntu desktop appears indicating success.

4. Intranet penetration

After testing the remote connection locally and there is no problem, next we implement the remote desktop in the public network environment. Here we can use the cpolar intranet penetration tool to achieve programmatic access. Supports http/https/tcp protocols, does not limit traffic, does not require a public IP address, and does not need to set up a router.

cpolar official website: https://www.cpolar.com/

4.1 Install cpolar [Supports installation using one-click script command]

  • cpolar installation (for domestic use)
curl -L https://www.cpolar.com/static/downloads/install-release-cpolar.sh | sudo bash

Or cpolar short link installation method: (for foreign use)

curl -sL https://git.io/cpolar | sudo bash
  • Check the version number. If the version number is displayed normally, the installation is successful.
cpolar version
  • token authentication

Log in to the cpolar official website backend, click Verify on the left, check your authentication token, and then paste the token in the command line

cpolar authtoken xxxxxxx

20230227141344

  • Simple penetration test, if the corresponding public network address is generated normally, the penetration is successful.
cpolar http 8080

Press ctrl + c to exit

  • Add services to the system
sudo systemctl enable cpolar
  • Start cpolar service
sudo systemctl start cpolar
  • Check service status
sudo systemctl status cpolar

4.2 Create tunnel mapping

After cpolar is successfully installed, access the local port 9200 on the browser, [127.0.0.1:9200], and use the cpolar email account to log in to the web UI management interface.

After successfully logging in, click Tunnel Management – Create Tunnel on the left dashboard to create a TCP protocol tunnel pointing to the local port 5900:

  • Tunnel name: It can be customized. Be careful not to duplicate the existing tunnel name.
  • Protocol: tcp
  • Local address: 5900
  • Domain name type: Choose a random domain name for free
  • Region: Default is China top

Click Create

After the tunnel is successfully created, click the status on the left – Online Tunnel List. You can see that the tunnel just created has generated the corresponding public network address + public network port number. Copy it down.

4.3 Test public network remote access

Open windows vnc viewer and use the public network address + public network port number you just obtained to connect. This example is 2.tcp.vip.cpolar.cn:13001

enter password

Public network remote connection successful

5. Configure fixed TCP address

Since the tunnel created above is a random address tunnel, the address will change within 24 hours. In order to make the connection more stable, we need to configure a fixed TCP address for it.

It should be noted that configuring a fixed TCP port address requires upgrading cpolar to the Professional Edition package or above.

5.1 Reserve a fixed public network TCP port address

Log in to the cpolar official website backend, click Reserve on the left, and select the reserved TCP address.

  • Region: Select China VIP
  • Description: Notes, which can be customized

Click to keep

After the address is successfully reserved, the system will generate the corresponding fixed public address and copy it.

5.2 Configure a fixed public network TCP port address

Log in to the cpolar web UI management interface on the browser, http://127.0.0.1:9200/, click Tunnel Management – Tunnel List on the left dashboard, find the vnc remote tunnel we created earlier, and click Edit on the right

Modify the tunnel information and configure the successfully reserved fixed tcp address into the tunnel.

  • Port type: modified to fixed tcp port
  • Reserved tcp address: fill in the successfully reserved address

Click to update

After the tunnel is successfully updated, click on the status of the left dashboard – online tunnel list, find the vnc remote desktop tunnel, and you can see that the public network address has been updated to a fixed tcp address.

5.3 Test remote use of fixed public network address

Next, we test the remote Ubuntu desktop using a fixed TCP port address. We open the VNC viewer on Windows again and connect using the fixed TCP address. The password interface appears. Enter the password as well.

Remote connection successful

Summary

So far, we have successfully implemented the use of VNC remote desktop Ubuntu: through cpolar to penetrate the vnc service port 5900, and use the generated public network address to remotely control Ubuntu on the intranet anytime and anywhere without the need for a public network IP or Configure the router. Moreover, this public network address is still fixed and will not change randomly, making the connection stable.

In addition to penetrating vnc, cpolar can also be used in many other scenarios, such as public network ssh remote, remote Synology NAS, Minecraft online, WeChat public account Alipay debugging, and exposing a local web… [PS: cpolar is currently available Support 21-day money back guarantee]

Reprinted from cpolar pole cloud article: Using VNC remote desktop Ubuntu [Intranet penetration to achieve public network remoteness]