diff options
author | runge <runge@karlrunge.com> | 2010-04-09 20:09:15 -0400 |
---|---|---|
committer | runge <runge@karlrunge.com> | 2010-04-09 20:09:15 -0400 |
commit | 2a8ba97ec5b0f7fbfcfc8adab6732a95e95c7204 (patch) | |
tree | 7da693c36f06f4e16e8bc2b030c54b67f01d8671 | |
parent | 5c53ccbbe99dbf098dbb396a65b487f08315d825 (diff) | |
download | libtdevnc-2a8ba97ec5b0f7fbfcfc8adab6732a95e95c7204.tar.gz libtdevnc-2a8ba97ec5b0f7fbfcfc8adab6732a95e95c7204.zip |
x11vnc: exit(1) for -connect_or_exit failure, quiet query mode for grab_state, pointer_pos, etc. ipv6 support. STUNNEL_LISTEN for particular interface. -input_eagerly in addition to -allinput. quiet Xinerama message.
-rw-r--r-- | x11vnc/ChangeLog | 8 | ||||
-rw-r--r-- | x11vnc/README | 6007 | ||||
-rw-r--r-- | x11vnc/connections.c | 239 | ||||
-rw-r--r-- | x11vnc/connections.h | 1 | ||||
-rw-r--r-- | x11vnc/enc.h | 2 | ||||
-rw-r--r-- | x11vnc/help.c | 178 | ||||
-rw-r--r-- | x11vnc/inet.c | 327 | ||||
-rw-r--r-- | x11vnc/inet.h | 7 | ||||
-rw-r--r-- | x11vnc/options.c | 12 | ||||
-rw-r--r-- | x11vnc/options.h | 8 | ||||
-rw-r--r-- | x11vnc/remote.c | 306 | ||||
-rw-r--r-- | x11vnc/screen.c | 54 | ||||
-rw-r--r-- | x11vnc/sslcmds.c | 29 | ||||
-rw-r--r-- | x11vnc/sslhelper.c | 261 | ||||
-rw-r--r-- | x11vnc/sslhelper.h | 12 | ||||
-rw-r--r-- | x11vnc/ssltools.h | 26 | ||||
-rwxr-xr-x | x11vnc/tkx11vnc | 5 | ||||
-rw-r--r-- | x11vnc/tkx11vnc.h | 5 | ||||
-rw-r--r-- | x11vnc/user.c | 15 | ||||
-rw-r--r-- | x11vnc/util.c | 8 | ||||
-rw-r--r-- | x11vnc/x11vnc.1 | 194 | ||||
-rw-r--r-- | x11vnc/x11vnc.c | 79 | ||||
-rw-r--r-- | x11vnc/x11vnc.h | 8 | ||||
-rw-r--r-- | x11vnc/x11vnc_defs.c | 2 | ||||
-rw-r--r-- | x11vnc/xevents.c | 4 | ||||
-rw-r--r-- | x11vnc/xinerama.c | 8 |
26 files changed, 3909 insertions, 3896 deletions
diff --git a/x11vnc/ChangeLog b/x11vnc/ChangeLog index 0117e45..ddfe0f0 100644 --- a/x11vnc/ChangeLog +++ b/x11vnc/ChangeLog @@ -1,3 +1,11 @@ +2010-04-09 Karl Runge <runge@karlrunge.com> + * classes/ssl: debugging and workarounds for java viewer + * x11vnc/misc: sync ssvnc, improve util scripts. + * x11vnc: exit(1) for -connect_or_exit failure, quiet query + mode for grab_state, etc. ipv6 support. STUNNEL_LISTEN for + particular interface. -input_eagerly in addition to -allinput. + quiet Xinerama message. + 2010-03-20 Karl Runge <runge@karlrunge.com> * classes/ssl: Many improvements to Java SSL applet, onetimekey serverCert param, debugging printout, user dialogs, catch diff --git a/x11vnc/README b/x11vnc/README index a291367..faec507 100644 --- a/x11vnc/README +++ b/x11vnc/README @@ -2,7 +2,7 @@ Copyright (C) 2002-2010 Karl J. Runge <runge@karlrunge.com> All rights reserved. -x11vnc README file Date: Sat Mar 20 23:15:32 EDT 2010 +x11vnc README file Date: Thu Apr 8 23:54:19 EDT 2010 The following information is taken from these URLs: @@ -20,30 +20,29 @@ http://www.karlrunge.com/x11vnc/index.html: _________________________________________________________________ x11vnc: a VNC server for real X displays - (to [1]FAQ) (to [2]Downloads) (to [3]Building) (to -[4]Beta Test) (to [5]Donations) [6][PayPal] + (to FAQ) (to Downloads) (to Building) (to Beta Test) + (to Donations) [PayPal] x11vnc allows one to view remotely and interact with real X displays (i.e. a display corresponding to a physical monitor, keyboard, and mouse) with any VNC viewer. In this way it plays the role for Unix/X11 that WinVNC plays for Windows. - It has built-in [7]SSL/TLS encryption and 2048 bit RSA authentication, - including VeNCrypt support; UNIX [8]account and password login - support; server-side [9]scaling; [10]single port HTTPS/HTTP+VNC; - [11]Zeroconf service advertising; and TightVNC and UltraVNC - [12]file-transfer. It has also been extended to work with non-X - devices: natively on [13]Mac OS X Aqua/Quartz, [14]webcams and TV - tuner capture devices, and [15]embedded Linux systems such as Qtopia - Core. More features are described [16]here. - - It also provides an encrypted [17]Terminal Services mode ([18]-create, - [19]-svc, or [20]-xdmsvc options) based on Unix usernames and Unix - passwords where the user does not need to memorize his VNC - display/port number. Normally a virtual X session (Xvfb) is created - for each user, but it also works with X sessions on physical hardware. - See the [21]tsvnc terminal services mode of the SSVNC viewer for one - way to take advantage of this mode. + It has built-in SSL/TLS encryption and 2048 bit RSA authentication, + including VeNCrypt support; UNIX account and password login support; + server-side scaling; single port HTTPS/HTTP+VNC; Zeroconf service + advertising; and TightVNC and UltraVNC file-transfer. It has also been + extended to work with non-X devices: natively on Mac OS X Aqua/Quartz, + webcams and TV tuner capture devices, and embedded Linux systems such + as Qtopia Core. More features are described here. + + It also provides an encrypted Terminal Services mode (-create, -svc, + or -xdmsvc options) based on Unix usernames and Unix passwords where + the user does not need to memorize his VNC display/port number. + Normally a virtual X session (Xvfb) is created for each user, but it + also works with X sessions on physical hardware. See the tsvnc + terminal services mode of the SSVNC viewer for one way to take + advantage of this mode. I wrote x11vnc back in 2002 because x0rfbserver was basically impossible to build on Solaris and had poor performance. The primary @@ -53,22 +52,22 @@ x11vnc: a VNC server for real X displays enhancements to improve the interactive response, added many features, and etc. - This page including the [22]FAQ contains much information [23][*]; - solutions to many problems; and interesting applications, but - nevertheless please feel free to [24]contact me if you have problems - or questions (and if I save you time or expense by giving you some of - my time, please consider a [25]PayPal Donation.) + This page including the FAQ contains much information [*]; solutions + to many problems; and interesting applications, but nevertheless + please feel free to contact me if you have problems or questions (and + if I save you time or expense by giving you some of my time, please + consider a PayPal Donation.) - Do check the [26]FAQ and this page first; I realize the pages are - massive, but you can often use your browser's find-in-page search - action using a keyword to find the answer to your problem or question. + Do check the FAQ and this page first; I realize the pages are massive, + but you can often use your browser's find-in-page search action using + a keyword to find the answer to your problem or question. - Please help [27]test the performance speedup feature using - [28]viewer-side pixel caching "ncache". + Please help test the performance speedup feature using viewer-side + pixel caching "ncache". - SSVNC: An x11vnc side-project provides an [29]Enhanced TightVNC - Viewer package (SSVNC) for Unix, Windows, and Mac OS X with automatic - SSL and/or SSH tunnelling support, SSL Certificate creation, Saved + SSVNC: An x11vnc side-project provides an Enhanced TightVNC Viewer + package (SSVNC) for Unix, Windows, and Mac OS X with automatic SSL + and/or SSH tunnelling support, SSL Certificate creation, Saved connection profiles, Zeroconf, VeNCrypt, and built-in Proxy support. Added features for the TightVNC Unix viewer: NewFBSize, ZRLE encoding, Viewer-side Scaling, cursor alphablending, low color modes, and @@ -83,17 +82,17 @@ x11vnc: a VNC server for real X displays Announcements: Important: If you created any permanent SSL certificates (e.g. via - "[30]x11vnc -ssl SAVE ...") on a Debian or Ubuntu system from Sept. - 2006 through May 2008, then those keys are likely extremely weak and - can be easily cracked. The certificate files should be deleted and - recreated on a non-Debian system or an updated one. See - [31]http://www.debian.org/security/2008/dsa-1571 for details. The same + "x11vnc -ssl SAVE ...") on a Debian or Ubuntu system from Sept. 2006 + through May 2008, then those keys are likely extremely weak and can be + easily cracked. The certificate files should be deleted and recreated + on a non-Debian system or an updated one. See + http://www.debian.org/security/2008/dsa-1571 for details. The same applies to SSH keys (not used by x11vnc directly, but many people use - [32]SSH tunnels for VNC access.) + SSH tunnels for VNC access.) - FAQ moved: The huge [33]FAQ has finally been moved to its own page. If - you are trying to follow someone's link to an FAQ once on this page it - is now a broken link. Try inserting the string "faq.html", e.g.: + FAQ moved: The huge FAQ has finally been moved to its own page. If you + are trying to follow someone's link to an FAQ once on this page it is + now a broken link. Try inserting the string "faq.html", e.g.: from: http://www.karlrunge.com/x11vnc/#faq-singleclick to: http://www.karlrunge.com/x11vnc/faq.html#faq-singleclick @@ -112,10 +111,10 @@ to: http://www.karlrunge.com/x11vnc/faq.html#faq-singleclick framebuffer (RFB) protocol. Some VNC links: - * [34]http://www.realvnc.com - * [35]http://www.tightvnc.com - * [36]http://www.ultravnc.com/ - * [37]http://www.testplant.com/products/vine_server/OS_X + * http://www.realvnc.com + * http://www.tightvnc.com + * http://www.ultravnc.com/ + * http://www.testplant.com/products/vine_server/OS_X For Unix, the traditional VNC implementation includes a "virtual" X11 server Xvnc (usually launched via the vncserver command) that is not @@ -126,10 +125,10 @@ to: http://www.karlrunge.com/x11vnc/faq.html#faq-singleclick The VNC protocol is in most cases better suited for remote connections with low bandwidth and high latency than is the X11 protocol because - it involves far fewer "roundtrips" (an exception is the [38]cached - pixmap data on the viewing-end provided by X.) Also, with no state - maintained the viewing-end can crash, be rebooted, or relocated and - the applications and desktop continue running. Not so with X11. + it involves far fewer "roundtrips" (an exception is the cached pixmap + data on the viewing-end provided by X.) Also, with no state maintained + the viewing-end can crash, be rebooted, or relocated and the + applications and desktop continue running. Not so with X11. So the standard Xvnc/vncserver program is very useful, I use it for things like: @@ -154,11 +153,11 @@ to: http://www.karlrunge.com/x11vnc/faq.html#faq-singleclick display you wish to view is "far-away.east:0" and the workstation you are presently working at is "sitting-here.west". - Step 0. Download x11vnc ([39]see below) and have it available to run - on far-away.east (on some linux distros it is as easy as "apt-get - install x11vnc", "emerge x11vnc", etc.) Similarly, have a VNC viewer - (e.g. vncviewer) ready to run on sitting-here.west. We recommend - [40]TightVNC Viewers (see also [41]our SSVNC viewer.) + Step 0. Download x11vnc (see below) and have it available to run on + far-away.east (on some linux distros it is as easy as "apt-get install + x11vnc", "emerge x11vnc", etc.) Similarly, have a VNC viewer (e.g. + vncviewer) ready to run on sitting-here.west. We recommend TightVNC + Viewers (see also our SSVNC viewer.) Step 1. By some means log in to far-away.east and get a command shell running there. You can use ssh, or even rlogin, telnet, or any other @@ -177,11 +176,10 @@ to: http://www.karlrunge.com/x11vnc/faq.html#faq-singleclick X display (i.e. no viewer clients yet.) Common Gotcha: To get X11 permissions right, you may also need to set - the XAUTHORITY environment variable (or use the [42]-auth option) to - point to the correct MIT-MAGIC-COOKIE file (e.g. - /home/joe/.Xauthority.) If x11vnc does not have the authority to - connect to the display it exits immediately. More on how to fix this - [43]below. + the XAUTHORITY environment variable (or use the -auth option) to point + to the correct MIT-MAGIC-COOKIE file (e.g. /home/joe/.Xauthority.) If + x11vnc does not have the authority to connect to the display it exits + immediately. More on how to fix this below. If you suspect an X11 permissions problem do this simple test: while sitting at the physical X display open a terminal window @@ -189,12 +187,12 @@ to: http://www.karlrunge.com/x11vnc/faq.html#faq-singleclick successfully in that terminal without any need for command line options. If that works OK then you know X11 permissions are the only thing preventing it from working when you try to start x11vnc via a - remote shell. Then fix this with the tips [44]below. + remote shell. Then fix this with the tips below. - Note as of Feb/2007 you can also try the [45]-find option instead of + Note as of Feb/2007 you can also try the -find option instead of "-display ..." and see if that finds your display and Xauthority. Note - as of Dec/2009 the [46]-findauth and "[47]-auth guess" options may be - helpful as well. + as of Dec/2009 the -findauth and "-auth guess" options may be helpful + as well. (End of Common Gotcha) When x11vnc starts up there will then be much chatter printed out (use @@ -214,9 +212,8 @@ to: http://www.karlrunge.com/x11vnc/faq.html#faq-singleclick viewers for Unix, Windows, MacOS, Java-enabled web browsers, and even for PDA's like the Palm Pilot and Cell Phones! You can use any of them to connect to x11vnc (see the above VNC links under "Background:" on - how to obtain a viewer for your platform or see [48]this FAQ. For - Solaris, vncviewer is available in the [49]Companion CD package - SFWvnc.) + how to obtain a viewer for your platform or see this FAQ. For Solaris, + vncviewer is available in the Companion CD package SFWvnc.) In this example we'll use the Unix vncviewer program on sitting-here by typing the following command in a second terminal window: @@ -226,36 +223,35 @@ to: http://www.karlrunge.com/x11vnc/faq.html#faq-singleclick That should pop up a viewer window on sitting-here.west showing and allowing interaction with the far-away.east:0 X11 desktop. Pretty nifty! When finished, exit the viewer: the remote x11vnc process will - shutdown automatically (or you can use the [50]-forever option to have - it wait for additional viewer connections.) + shutdown automatically (or you can use the -forever option to have it + wait for additional viewer connections.) - Common Gotcha: Nowadays there will likely be a host-level [51]firewall - on the x11vnc side that is blocking remote access to the VNC port - (e.g. 5900.) You will either have to open up that port (or a range of - ports) in your firewall administration tool, or try the [52]SSH - tunnelling method below (even still the firewall must allow in the SSH - port, 22.) + Common Gotcha: Nowadays there will likely be a host-level firewall on + the x11vnc side that is blocking remote access to the VNC port (e.g. + 5900.) You will either have to open up that port (or a range of ports) + in your firewall administration tool, or try the SSH tunnelling method + below (even still the firewall must allow in the SSH port, 22.) Shortcut: Of course if you left x11vnc running on far-away.east:0 in a - terminal window with the [53]-forever option or as a [54]service, - you'd only have to do Step 3 as you moved around. Be sure to use a VNC - [55]Password or [56]other measures if you do that. + terminal window with the -forever option or as a service, you'd only + have to do Step 3 as you moved around. Be sure to use a VNC Password + or other measures if you do that. Super Shortcut: Here is a potentially very easy way to get all of it working. * Have x11vnc (0.9.3 or later) available to run on the remote host (i.e. in $PATH.) - * Download and unpack a [57]SSVNC bundle (1.0.19 or later, e.g. - [58]ssvnc_no_windows-1.0.23.tar.gz) on the Viewer-side machine. + * Download and unpack a SSVNC bundle (1.0.19 or later, e.g. + ssvnc_no_windows-1.0.23.tar.gz) on the Viewer-side machine. * Start the SSVNC Terminal Services mode GUI: ./ssvnc/bin/tsvnc * Enter your remote username@hostname (e.g. fred@far-away.east) in the "VNC Terminal Server" entry. * Click "Connect". That will do an SSH to username@hostname and start up x11vnc and then - connect a VNC Viewer through the SSH [59]encrypted tunnel. + connect a VNC Viewer through the SSH encrypted tunnel. There are a number of things assumed here, first that you are able to SSH into the remote host; i.e. that you have a Unix account there and @@ -264,7 +260,7 @@ to: http://www.karlrunge.com/x11vnc/faq.html#faq-singleclick plink binary is included in the SSVNC bundle.) Finally, it is assumed that you are already logged into an X session on the remote machine, e.g. your workstation (otherwise, a virtual X server, e.g. Xvfb, will - be [60]started for you.) + be started for you.) In some cases the remote SSH server will not run commands with the same $PATH that you normally have in your shell there. In this case @@ -286,7 +282,7 @@ to: http://www.karlrunge.com/x11vnc/faq.html#faq-singleclick For these cases it should be obvious how it is done. The above steps will work, but more easily the user sitting at far-away.east:0 simply starts up x11vnc from a terminal window, after which the guests would - start their VNC viewers. For this usage mode the "[61]-connect + start their VNC viewers. For this usage mode the "-connect host1,host2" option may be of use to automatically connect to the vncviewers in "-listen" mode on the list of hosts. _________________________________________________________________ @@ -322,7 +318,7 @@ to: http://www.karlrunge.com/x11vnc/faq.html#faq-singleclick Note that "x11vnc -localhost ..." limits incoming vncviewer connections to only those from the same machine. This is very natural for ssh tunnelling (the redirection appears to come from the same - machine.) Use of a [62]VNC password is also strongly recommended. + machine.) Use of a VNC password is also strongly recommended. Note also the -t we used above (force allocate pseudoterminal), it actually seems to improve interactive typing response via VNC! @@ -338,19 +334,19 @@ to: http://www.karlrunge.com/x11vnc/faq.html#faq-singleclick Some VNC viewers will do the ssh tunnelling for you automatically, the TightVNC Unix vncviewer does this when the "-via far-away.east" option is supplied to it (this requires x11vnc to be already running on - far-away.east or having it started by [63]inetd(8).) See the 3rd - script example [64]below for more info. + far-away.east or having it started by inetd(8).) See the 3rd script + example below for more info. - SSVNC: You may also want to look at the [65]Enhanced TightVNC Viewer + SSVNC: You may also want to look at the Enhanced TightVNC Viewer (ssvnc) bundles because they contain scripts and GUIs to automatically set up SSH tunnels (e.g. the GUI, "ssvnc", does it automatically and so does this command: "ssvnc_cmd -ssh user@far-away.east:0") and can even start up x11vnc as well. - The [66]Terminal Services mode of SSVNC is perhaps the easiest way to - use x11vnc. You just need to have x11vnc available in $PATH on the - remote side (and can SSH to the host), and then on the viewer-side you - type something like: + The Terminal Services mode of SSVNC is perhaps the easiest way to use + x11vnc. You just need to have x11vnc available in $PATH on the remote + side (and can SSH to the host), and then on the viewer-side you type + something like: tsvnc fred@far-away.east everything else is done automatically for you. Normally this will @@ -371,13 +367,13 @@ to: http://www.karlrunge.com/x11vnc/faq.html#faq-singleclick Once logged in, you'll need to do a second login (ssh, rsh, etc.) to the workstation machine 'OtherHost' and then start up x11vnc on it (if - it isn't already running.) (The "[67]-connect gateway:59xx" option may - be another alternative here with the viewer already in -listen mode.) - For an automatic way to use a gateway and have all the network traffic - encrypted (including inside the firewall) see [68]Chaining SSH's. + it isn't already running.) (The "-connect gateway:59xx" option may be + another alternative here with the viewer already in -listen mode.) For + an automatic way to use a gateway and have all the network traffic + encrypted (including inside the firewall) see Chaining SSH's. These gateway access modes also can be done automatically for you via - the "Proxy/Gateway" setting in [69]SSVNC (including the Chaining SSH's + the "Proxy/Gateway" setting in SSVNC (including the Chaining SSH's case, "Double Proxy".) Firewalls/Routers: @@ -393,9 +389,9 @@ to: http://www.karlrunge.com/x11vnc/faq.html#faq-singleclick One thing that can be done is to redirect a port on the Firewall/Router to, say, the SSH port (22) on an inside machine (how to do this depends on your particular Firewall/Router, often the - router config URL is http://192.168.100.1 See [70]www.portforward.com - for more info.) This way you reach these computers from anywhere on - the Internet and use x11vnc to view X sessions running on them. + router config URL is http://192.168.100.1 See www.portforward.com for + more info.) This way you reach these computers from anywhere on the + Internet and use x11vnc to view X sessions running on them. Suppose you configured the Firewall/Router to redirect these ports to two internal machines: @@ -411,8 +407,8 @@ nc -localhost -display :0' Where far-away.east means the hostname (or IP) that the Router/Firewall is using (for home setups this is usually the IP - gotten from your ISP via DHCP, the site [71]http://www.whatismyip.com/ - is a convenient way to determine what it is.) + gotten from your ISP via DHCP, the site http://www.whatismyip.com/ is + a convenient way to determine what it is.) It is a good idea to add some obscurity to accessing your system via SSH by using some high random port (e.g. 12300 in the above example.) @@ -422,7 +418,7 @@ nc -localhost -display :0' Port 22 -> 192.168.1.3, Port 22 (SSH) Again, this SSH gateway access can be done automatically for you via - the "Proxy/Gateway" setting in [72]SSVNC. And under the "Remote SSH + the "Proxy/Gateway" setting in SSVNC. And under the "Remote SSH Command" setting you can enter the x11vnc -localhost -display :0. Host-Level-Firewalls: even with the hardware Firewall/Router problem @@ -439,7 +435,7 @@ nc -localhost -display :0' Port 5901 -> 192.168.1.4, Port 5900 (VNC) (where 192.168.1.3 is "jills-pc" and 192.168.1.4 is "freds-pc".) This - could be used for normal, unencrypted connections and also for [73]SSL + could be used for normal, unencrypted connections and also for SSL encrypted ones. The the VNC displays to enter in the VNC viewer would be, say, @@ -453,7 +449,7 @@ nc -localhost -display :0' vncviewer 24.56.78.93:0 The IP address would need to be communicated to the person running the - VNC Viewer. The site [74]http://www.whatismyip.com/ can help here. + VNC Viewer. The site http://www.whatismyip.com/ can help here. _________________________________________________________________ @@ -462,7 +458,7 @@ nc -localhost -display :0' above port and display numbers may change a bit (e.g. -> 5901 and :1). However, if you "know" port 5900 will be free on the local and remote machines, you can easily automate the above two steps by using the - x11vnc option [75]-bg (forks into background after connection to the + x11vnc option -bg (forks into background after connection to the display is set up) or using the -f option of ssh. Some example scripts are shown below. Feel free to try the ssh -C to enable its compression and see if that speeds things up noticeably. @@ -495,7 +491,7 @@ done #2. Another method is to start the VNC viewer in listen mode "vncviewer -listen" and have x11vnc initiate a reverse connection - using the [76]-connect option: + using the -connect option: #!/bin/sh # usage: x11vnc_ssh <host>:<xdisplay> # e.g.: x11vnc_ssh snoopy.peanuts.com:0 @@ -538,76 +534,74 @@ export VNC_VIA_CMD vncviewer -via $host localhost:0 # must be TightVNC vncviewer. Of course if you already have the x11vnc running waiting for - connections (or have it started out of [77]inetd(8)), you can simply - use the TightVNC "vncviewer -via gateway host:port" in its default - mode to provide secure ssh tunnelling. + connections (or have it started out of inetd(8)), you can simply use + the TightVNC "vncviewer -via gateway host:port" in its default mode to + provide secure ssh tunnelling. _________________________________________________________________ - VNC password file: Also note in the #1. example script that the - [78]option "-rfbauth .vnc/passwd" provides additional protection by - requiring a VNC password for every VNC viewer that connects. The - vncpasswd or storepasswd programs, or the x11vnc [79]-storepasswd - option can be used to create the password file. x11vnc also has the - slightly less secure [80]-passwdfile and "-passwd XXXXX" [81]options - to specify passwords. + VNC password file: Also note in the #1. example script that the option + "-rfbauth .vnc/passwd" provides additional protection by requiring a + VNC password for every VNC viewer that connects. The vncpasswd or + storepasswd programs, or the x11vnc -storepasswd option can be used to + create the password file. x11vnc also has the slightly less secure + -passwdfile and "-passwd XXXXX" options to specify passwords. Very Important: It is up to YOU to tell x11vnc to use password protection (-rfbauth or -passwdfile), it will NOT do it for you - automatically or force you to (use [82]-usepw if you want to be forced + automatically or force you to (use -usepw if you want to be forced to.) The same goes for encrypting the channel between the viewer and - x11vnc: it is up to you to use ssh, stunnel, [83]-ssl mode, a VPN, - etc. (use the [84]Enhanced TightVNC Viewer (SSVNC) GUI if you want to - be forced to use SSL or SSH.) For additional safety, also look into - the -allow and -localhost [85]options and building x11vnc with - [86]tcp_wrappers support to limit host access. + x11vnc: it is up to you to use ssh, stunnel, -ssl mode, a VPN, etc. + (use the Enhanced TightVNC Viewer (SSVNC) GUI if you want to be forced + to use SSL or SSH.) For additional safety, also look into the -allow + and -localhost options and building x11vnc with tcp_wrappers support + to limit host access. _________________________________________________________________ Tunnelling x11vnc via SSL/TLS: One can also encrypt the VNC traffic using an SSL/TLS tunnel such as - [87]stunnel.mirt.net (also [88]stunnel.org) or using the built-in - (Mar/2006) [89]-ssl openssl mode. A SSL-enabled Java applet VNC Viewer - is also provided in the x11vnc package (and https can be used to - download it.) + stunnel.mirt.net (also stunnel.org) or using the built-in (Mar/2006) + -ssl openssl mode. A SSL-enabled Java applet VNC Viewer is also + provided in the x11vnc package (and https can be used to download it.) Although not as ubiquitous as ssh, SSL tunnelling still provides a - useful alternative. See [90]this FAQ on -ssl and -stunnel modes for + useful alternative. See this FAQ on -ssl and -stunnel modes for details and examples. - The [91]Enhanced TightVNC Viewer (SSVNC) bundles contain some - convenient utilities to automatically set up an SSL tunnel from the - viewer-side (i.e. to connect to "x11vnc -ssl ...".) And many other - enhancements too. + The Enhanced TightVNC Viewer (SSVNC) bundles contain some convenient + utilities to automatically set up an SSL tunnel from the viewer-side + (i.e. to connect to "x11vnc -ssl ...".) And many other enhancements + too. _________________________________________________________________ Downloading x11vnc: - x11vnc is a contributed program to the [92]LibVNCServer project at + x11vnc is a contributed program to the LibVNCServer project at SourceForge.net. I use libvncserver for all of the VNC aspects; I couldn't have done without it. The full source code may be found and downloaded (either file-release tarball or GIT tree) from the above - link. As of Dec 2009, the [93]x11vnc-0.9.9.tar.gz source package is - released (recommended download). The [94]x11vnc 0.9.9 release notes. + link. As of Dec 2009, the x11vnc-0.9.9.tar.gz source package is + released (recommended download). The x11vnc 0.9.9 release notes. The x11vnc package is the subset of the libvncserver package needed to build the x11vnc program. Also, you can get a copy of my latest, - bleeding edge [95]x11vnc-0.9.10-dev.tar.gz tarball to build the most - up to date one. + bleeding edge x11vnc-0.9.10-dev.tar.gz tarball to build the most up to + date one. - Precompiled Binaries/Packages: See the [96]FAQ below for information + Precompiled Binaries/Packages: See the FAQ below for information about where you might obtain a precompiled x11vnc binary from 3rd parties and some ones I create. VNC Viewers: To obtain VNC viewers for the viewing side (Windows, Mac OS, or Unix) try these links: - * [97]http://www.tightvnc.com/download.html - * [98]http://www.realvnc.com/download-free.html - * [99]http://sourceforge.net/projects/cotvnc/ - * [100]http://www.ultravnc.com/ - * [101]Our Enhanced TightVNC Viewer (SSVNC) + * http://www.tightvnc.com/download.html + * http://www.realvnc.com/download-free.html + * http://sourceforge.net/projects/cotvnc/ + * http://www.ultravnc.com/ + * Our Enhanced TightVNC Viewer (SSVNC) [ssvnc.gif] @@ -620,16 +614,16 @@ vncviewer -via $host localhost:0 # must be TightVNC vncviewer. rx11vnc.pl that attempts to tunnel the vnc traffic through an ssh port redirection (and does not assume port 5900 is free.) Have a look at them to see what they do and customize as needed: - * [102]rx11vnc wrapper script - * [103]rx11vnc.pl wrapper script to tunnel traffic thru ssh + * rx11vnc wrapper script + * rx11vnc.pl wrapper script to tunnel traffic thru ssh _________________________________________________________________ Building x11vnc: - Make sure you have all the needed [104]build/compile/development - packages installed (e.g. Linux distributions foolishly don't install - them by default.) See this [105]build FAQ for more details. + Make sure you have all the needed build/compile/development packages + installed (e.g. Linux distributions foolishly don't install them by + default.) See this build FAQ for more details. If your OS has libjpeg.so and libz.so in standard locations you can build as follows (example given for the 0.9.9 release of x11vnc: @@ -656,8 +650,8 @@ vncviewer -via $host localhost:0 # must be TightVNC vncviewer. Note: Currently gcc is recommended to build libvncserver. In some cases it will build with non-gcc compilers, but the resulting binary sometimes fails to run properly. For Solaris pre-built gcc binaries - are at [106]http://www.sunfreeware.com/. Some Solaris pre-built x11vnc - binaries are [107]here. + are at http://www.sunfreeware.com/. Some Solaris pre-built x11vnc + binaries are here. However, one user reports it does work fine when built with Sun Studio 10, so YMMV. In fact, here is a little build script to do this on @@ -677,12 +671,12 @@ export MAKE AM_CFLAGS $MAKE In general you can use the "make -e" trick if you don't like - libvncserver's choice of AM_CFLAGS. See the [108]build scripts below - for more ideas. Scripts similar to the above have been shown to work - with vendor C compilers on HP-UX (ccom: HP92453-01) and Tru64 (Compaq - C V6.5-011.) + libvncserver's choice of AM_CFLAGS. See the build scripts below for + more ideas. Scripts similar to the above have been shown to work with + vendor C compilers on HP-UX (ccom: HP92453-01) and Tru64 (Compaq C + V6.5-011.) - You can find information on [109]Misc. Build problems here. + You can find information on Misc. Build problems here. _________________________________________________________________ @@ -720,10 +714,9 @@ r/sfw; make' If your system does not have these libraries at all you can get the source for the libraries to build them: libjpeg is available at - [110]ftp://ftp.uu.net/graphics/jpeg/ and zlib at - [111]http://www.gzip.org/zlib/. See also - [112]http://www.sunfreeware.com/ for Solaris binary packages of these - libraries as well as for gcc. Normally they will install into + ftp://ftp.uu.net/graphics/jpeg/ and zlib at http://www.gzip.org/zlib/. + See also http://www.sunfreeware.com/ for Solaris binary packages of + these libraries as well as for gcc. Normally they will install into /usr/local but you can install them anywhere with the --prefix=/path/to/anywhere, etc. @@ -792,10 +785,10 @@ ls -l ./x11vnc/x11vnc --with-zlib=DIR" options are handy if you want to avoid making a script. - If you need to link OpenSSL libssl.a on Solaris see this [113]method. + If you need to link OpenSSL libssl.a on Solaris see this method. If you need to build on Solaris 2.5.1 or earlier or other older Unix - OS's, see [114]this workaround FAQ. + OS's, see this workaround FAQ. Building on FreeBSD, OpenBSD, ...: The jpeg libraries seem to be in @@ -855,7 +848,7 @@ make is something like "/usr/bin/X11/X -force -vfb -ac :1". - Building on Mac OS X: There is now [115]native Mac OS X support for + Building on Mac OS X: There is now native Mac OS X support for x11vnc by using the raw framebuffer feature. This mode does not use or need X11 at all. To build you may need to disable X11: ./configure --without-x ... @@ -869,11 +862,11 @@ make OpenSSL: Starting with version 0.8.3 x11vnc can now be built with - [116]SSL/TLS support. For this to be enabled the libssl.so library - needs to be available at build time. So you may need to have - additional CPPFLAGS and LDFLAGS items if your libssl.so is in a - non-standard place. As of x11vnc 0.9.4 there is also the - --with-ssl=DIR configure option. + SSL/TLS support. For this to be enabled the libssl.so library needs to + be available at build time. So you may need to have additional + CPPFLAGS and LDFLAGS items if your libssl.so is in a non-standard + place. As of x11vnc 0.9.4 there is also the --with-ssl=DIR configure + option. On Solaris using static archives libssl.a and libcrypto.a instead of .so shared libraries (e.g. from www.sunfreeware.com), we found we @@ -895,86 +888,89 @@ make Spring 2010. The version 0.9.10 beta tarball is kept here: - [117]x11vnc-0.9.10-dev.tar.gz + x11vnc-0.9.10-dev.tar.gz There are also some Linux, Solaris, Mac OS X, and other OS test - binaries [118]here. Please kick the tires and report bugs, performance - regressions, undesired behavior, etc. to [119]me. + binaries here. Please kick the tires and report bugs, performance + regressions, undesired behavior, etc. to me. - To aid testing of the [120]built-in SSL/TLS support for x11vnc, a - number of VNC Viewer packages for Unix, Mac OS X, and Windows have - been created that provide SSL Support for the TightVNC Viewer (this is - done by [121]wrapper scripts and a GUI that starts [122]STUNNEL.) It - should be pretty convenient for automatic SSL and SSH connections. It - is described in detail at and can be downloaded from the [123]Enhanced - TightVNC Viewer (SSVNC) page. The SSVNC Unix viewer also supports - x11vnc's symmetric key [124]encryption ciphers (see the 'UltraVNC DSM - Encryption Plugin' settings panel.) + To aid testing of the built-in SSL/TLS support for x11vnc, a number of + VNC Viewer packages for Unix, Mac OS X, and Windows have been created + that provide SSL Support for the TightVNC Viewer (this is done by + wrapper scripts and a GUI that starts STUNNEL.) It should be pretty + convenient for automatic SSL and SSH connections. It is described in + detail at and can be downloaded from the Enhanced TightVNC Viewer + (SSVNC) page. The SSVNC Unix viewer also supports x11vnc's symmetric + key encryption ciphers (see the 'UltraVNC DSM Encryption Plugin' + settings panel.) Here are some features that will appear in the 0.9.10 release: * The included SSL enabled Java applet viewer now supports Chained SSL Certificates. The debugCerts=yes applet parameter aids - troubleshooting certificate validation. The x11vnc [125]-ssl mode - has always supported [126]chained SSL certificates (simply put the + troubleshooting certificate validation. The x11vnc -ssl mode has + always supported chained SSL certificates (simply put the intermediate certificates, in order, after the server certificate in the pem file.) + * A demo CGI script desktop.cgi shows how to create a multi-user + x11vnc web login desktop service. The script requires x11vnc + version 0.9.10. The user logs into a secure web site and gets + his/her own virtual desktop (Xvfb.) x11vnc's SSL enabled Java + Viewer Applet is launched by the web browser for secure viewing + (and so no software needs to be installed on the viewer-side.) One + can use the desktop.cgi script for ideas to create their own + fancier or customized web login desktop service (e.g. + user-creation, PHP, SQL, specialized desktop application, etc.) + More info here. There is also an optional 'port redirection' mode + that allows redirection to other SSL enabled VNC servers running + inside the firewall. + * Built-in support for IPv6 (128 bit internet addresses) is now + provided. See the -6 and -connect options for details. + Additionally, in case there are still problems with built-in IPv6 + support, a transitional tool is provided in inet6to4 that allows + x11vnc (or any other IPv4 application) to receive connections over + IPv6. + * The Xdummy wrapper script for Xorg's dummy driver is updated and + no longer requires being run as root. New service options are + provided to select Xdummy over Xvfb as the virtual X server to be + created. + * The "%" unix password verification tricks for the -unixpw option + are now documented. They have also been extended to run a command + as the user if one sets the environment variable UNIXPW_CMD. The + desktop.cgi demo script takes advantage of this new feature. * A bug has been fixed that would prevent the Java applet viewer from being downloaded successfully in single-port HTTPS/VNC inetd mode. The env. var. X11VNC_HTTPS_DOWNLOAD_WAIT_TIME can be used to - adjust for how many seconds a [127]-inetd or [128]-https httpd - download is waited for (default 15 seconds.) - * The [129]-sslScripts option prints out the SSL certificate - management scripts. - * A demo CGI script [130]desktop.cgi shows how to create a - multi-user x11vnc web login desktop service. The user logs into a - secure web site and gets his/her own virtual desktop ([131]Xvfb.) - x11vnc's SSL enabled Java Viewer Applet is launched by the web - browser for secure viewing (and so no software needs to be - installed on the viewer-side.) One can use the desktop.cgi script - for ideas to create their own fancier or customized web login - desktop service (e.g. user-creation, PHP, SQL, specialized desktop - application, etc.) More info [132]here. There is also an optional - 'port redirection' mode that allows redirection to other SSL - enabled VNC servers running inside the firewall. - * The [133]Xdummy wrapper script for Xorg's dummy driver is updated - and no longer requires being run as root. New service options are - provided to select Xdummy over Xvfb as the virtual X server to be - created. - * The "%" unix password verification tricks for the [134]-unixpw - option are now documented. They have also been extended to run a - command as the user if one sets the environment variable - UNIXPW_CMD. The desktop.cgi demo script takes advantage of this - new feature. + adjust for how many seconds a -inetd or -https httpd download is + waited for (default 15 seconds.) * The TightVNC sercurity type (TightVNC features enabler) now works for RFB version 3.8. - * A transitional tool is provided in [135]inet6to4 to allow x11vnc - to receive connections over [136]IPv6. * The X property X11VNC_TRAP_XRANDR can be set on a desktop to force - x11vnc to use the [137]-xrandr screen size change trapping code. + x11vnc to use the -xrandr screen size change trapping code. * New remote control query options: pointer_x, pointer_y, pointer_same, and pointer_root. A demo script using them misc/panner.pl is provided. + * The -sslScripts option prints out the SSL certificate management + scripts. Here are some features that appeared in the 0.9.9 release (Dec/2009): - * The [138]-unixpw_system_greeter option, when used in combined - unixpw and XDMCP FINDCREATEDISPLAY mode (for example: - [139]-xdmsvc), enables the user to press Escape to jump directly - to the XDM/GDM/KDM login greeter screen. This way the user avoids - entering his unix password twice at X session creation time. Also, - the unixpw login panel now has a short help displayed if the user - presses 'F1'. + * The -unixpw_system_greeter option, when used in combined unixpw + and XDMCP FINDCREATEDISPLAY mode (for example: -xdmsvc), enables + the user to press Escape to jump directly to the XDM/GDM/KDM login + greeter screen. This way the user avoids entering his unix + password twice at X session creation time. Also, the unixpw login + panel now has a short help displayed if the user presses 'F1'. * x11vnc now tries to be a little bit more aggressive in keeping up with VNC client's framebuffer update requests. Some broken VNC clients like Eggplant and JollysFastVNC continuously spray these requests at VNC servers (regardless of whether they have received any updates or not.) Under some circumstances this could lead to - x11vnc falling behind. The [140]-extra_fbur option allows one to - fine tune the setting. Additionally, one may also dial down - delays: e.g. "[141]-defer 5" and "[142]-wait 5" (or to 1 or even - 0) or [143]-nonap or [144]-allinput to keep up with these VNC - clients at the expense of increased system load. + x11vnc falling behind. The -extra_fbur option allows one to fine + tune the setting. Additionally, one may also dial down delays: + e.g. "-defer 5" and "-wait 5" (or to 1 or even 0) or -nonap or + -allinput to keep up with these VNC clients at the expense of + increased system load. * Heuristics are applied to try to determine if the X display is currently in a Display Manager Greeter Login panel (e.g. GDM) If so, x11vnc's creation of any windows and use of XFIXES are @@ -985,38 +981,36 @@ make the use of the XFIXES cursor fetching functionality; this avoids an Xorg bug that causes Xorg to crash right after the user logs in. - * A new option [145]-findauth runs the FINDDISPLAY script that - applies heuristics that try to determine the XAUTHORITY file. The - use of '[146]-auth guess' will use the XAUTHORITY that -findauth - reveals. This can be handy in with the lastest GDM where the - ability to store cookies in ~/.Xauthority has been removed. If - x11vnc is running as root (e.g. inetd) and you add -env FD_XDM=1 - to the above -findauth or -auth guess command lines, it will find - the correct XAUTHORITY for the given display (this works for - XDM/GDM/KDM if the login greeter panel is up or if someone has - already logged into an X session.) - * The FINDDISPLAY and FINDCREATEDISPLAY modes (i.e. "[147]-display - WAIT:cmd=...", [148]-find, [149]-create) now work correctly for - the user-supplied login program scheme "[150]-unixpw_cmd ...", as - long as the login program supports running commands specified in - the environment variable "RFB_UNIXPW_CMD_RUN" as the logged-in - user. The mode "[151]-unixpw_nis ..." has also been made more - consistent. - * The [152]-stunnel option (like [153]-ssl but uses stunnel as an - external helper program) now works with the [154]-ssl "SAVE" and - "TMP" special certificate names. The [155]-sslverify and - [156]-sslCRL options now work correctly in [157]-stunnel mode. - Single port HTTPS connections are also supported for this mode. + * A new option -findauth runs the FINDDISPLAY script that applies + heuristics that try to determine the XAUTHORITY file. The use of + '-auth guess' will use the XAUTHORITY that -findauth reveals. This + can be handy in with the lastest GDM where the ability to store + cookies in ~/.Xauthority has been removed. If x11vnc is running as + root (e.g. inetd) and you add -env FD_XDM=1 to the above -findauth + or -auth guess command lines, it will find the correct XAUTHORITY + for the given display (this works for XDM/GDM/KDM if the login + greeter panel is up or if someone has already logged into an X + session.) + * The FINDDISPLAY and FINDCREATEDISPLAY modes (i.e. "-display + WAIT:cmd=...", -find, -create) now work correctly for the + user-supplied login program scheme "-unixpw_cmd ...", as long as + the login program supports running commands specified in the + environment variable "RFB_UNIXPW_CMD_RUN" as the logged-in user. + The mode "-unixpw_nis ..." has also been made more consistent. + * The -stunnel option (like -ssl but uses stunnel as an external + helper program) now works with the -ssl "SAVE" and "TMP" special + certificate names. The -sslverify and -sslCRL options now work + correctly in -stunnel mode. Single port HTTPS connections are also + supported for this mode. * There is an experimental Application Sharing mode that improves - upon the -id/-sid single window sharing: [158]-appshare (run - "x11vnc -appshare -help" for more info.) It is still very - primitive and approximate, but at least it displays multiple - top-level windows. - * The remote control command [159]-R can be used to instruct x11vnc - to resend its most recent copy of the Clipboard, Primary, or + upon the -id/-sid single window sharing: -appshare (run "x11vnc + -appshare -help" for more info.) It is still very primitive and + approximate, but at least it displays multiple top-level windows. + * The remote control command -R can be used to instruct x11vnc to + resend its most recent copy of the Clipboard, Primary, or Cutbuffer selections: "x11vnc -R resend_clipboard", "x11vnc -R resend_primary", and "x11vnc -R resend_cutbuffer". - * The fonts in the GUI ([160]-gui) can now by set via environment + * The fonts in the GUI (-gui) can now by set via environment variables, e.g. -env X11VNC_FONT_BOLD='Helvetica -16 bold' and -env X11VNC_FONT_FIXED='Courier -14'. * The XDAMAGE mechanism is now automatically disabled for a period @@ -1026,18 +1020,18 @@ make * There is an experimental workaround: "-env X11VNC_WATCH_DX_DY=1" that tries to avoid problems with poorly constructed menu themes that place the initial position of the mouse cursor inside a menu - item's active zone. More information [161]can be found here. + item's active zone. More information can be found here. Here are some features that appeared in the 0.9.8 release (Jul/2009): - * Stability improvements to [162]-threads mode. Running x11vnc this - way is more reliable now. Threaded operation sometimes gives - better interactive response and faster updates: try it out. The - threaded mode now supports multiple VNC viewers using the same VNC + * Stability improvements to -threads mode. Running x11vnc this way + is more reliable now. Threaded operation sometimes gives better + interactive response and faster updates: try it out. The threaded + mode now supports multiple VNC viewers using the same VNC encoding. The threaded mode can also yield a performance enhancement in the many client case (e.g. class-room broadcast.) We have tested with 30 to 50 simultaneous clients. See also - [163]-reflect. + -reflect. For simultaneous clients: the ZRLE encoding is thread safe on all platforms, and the Tight and Zlib encodings are currently only thread safe on Linux where thread local storage, __thread, is @@ -1046,12 +1040,12 @@ make connected client, all encodings are safe on all platforms. Note that some features (e.g. scroll detection and -ncache) may be disabled or run with reduced functionality in -threads mode. - * Automatically tries to work around an [164]Xorg server bug + * Automatically tries to work around an Xorg server and GNOME bug involving infinitely repeating keys when turning off key - repeating. Use [165]-repeat if the automatic workaround fails. + repeating. Use -repeat if the automatic workaround fails. * Improved reliability of the Single Port SSL VNC and HTTPS java viewer applet delivery mechanism. - * The [166]-clip mode works under [167]-rawfb. + * The -clip mode works under -rawfb. Here are some features that appeared in the 0.9.7 release (Mar/2009): @@ -1061,104 +1055,100 @@ make case the special file /dev/vcsa2 is used to retrieve vt2's current text. Text and colors are shown, but no graphics. * Support for less than 8 bits per pixel framebuffers (e.g. 4 or 1 - bpp) in the [168]-rawfb mode. + bpp) in the -rawfb mode. * The SSL enabled UltraVNC Java viewer applet now has a [Home] entry in the "drives" drop down menu. This menu can be configured with the ftpDropDown applet parameter. All of the applet parameters are documented in classes/ssl/README. - * Experimental support for [169]VirtualGL's [170]TurboVNC (an - enhanced TightVNC for fast LAN high framerate usage.) + * Experimental support for VirtualGL's TurboVNC (an enhanced + TightVNC for fast LAN high framerate usage.) * The CUPS Terminal Services helper mode has been improved. - * Improvements to the [171]-ncache_cr that allows smooth opaque - window motions using the 'copyrect' encoding when using - [172]-ncache mode. - * The [173]-rmflag option enables a way to indicate to other - processes x11vnc has exited. + * Improvements to the -ncache_cr that allows smooth opaque window + motions using the 'copyrect' encoding when using -ncache mode. + * The -rmflag option enables a way to indicate to other processes + x11vnc has exited. * Reverse connections using anonymous Diffie Hellman SSL encryption now work. Here are some features that appeared in the 0.9.6 release (Dec/2008): - * Support for [174]VeNCrypt SSL/TLS encrypted connections. It is - enabled by default in the [175]-ssl mode. VNC Viewers like - vinagre, gvncviewer/gtk-vnc, the vencrypt package, [176]SSVNC, and - others support this encryption mode. It can also be used with the - [177]-unixpw option to enable Unix username and password - authentication (VeNCrypt's "*Plain" modes.) A similar but older - VNC security type "ANONTLS" (used by vino) is supported as well. - See the [178]-vencrypt and [179]-anontls options for additional - control. The difference between x11vnc's normal -ssl mode and - VeNCrypt is that the former wraps the entire VNC connection in SSL - (like HTTPS does for HTTP, i.e. "vncs://") while VeNCrypt switches - on the SSL/TLS at a certain point during the VNC handshake. Use - [180]-sslonly to disable both VeNCrypt and ANONTLS (vino.) - * The "[181]-ssl ANON" option enables Anonymous Diffie-Hellman (ADH) - key exchange for x11vnc's normal SSL/TLS operation. Note that + * Support for VeNCrypt SSL/TLS encrypted connections. It is enabled + by default in the -ssl mode. VNC Viewers like vinagre, + gvncviewer/gtk-vnc, the vencrypt package, SSVNC, and others + support this encryption mode. It can also be used with the -unixpw + option to enable Unix username and password authentication + (VeNCrypt's "*Plain" modes.) A similar but older VNC security type + "ANONTLS" (used by vino) is supported as well. See the -vencrypt + and -anontls options for additional control. The difference + between x11vnc's normal -ssl mode and VeNCrypt is that the former + wraps the entire VNC connection in SSL (like HTTPS does for HTTP, + i.e. "vncs://") while VeNCrypt switches on the SSL/TLS at a + certain point during the VNC handshake. Use -sslonly to disable + both VeNCrypt and ANONTLS (vino.) + * The "-ssl ANON" option enables Anonymous Diffie-Hellman (ADH) key + exchange for x11vnc's normal SSL/TLS operation. Note that Anonymous Diffie-Hellman uses encryption for privacy, but provides no authentication and so is susceptible to Man-In-The-Middle attacks (and so we do not recommend it: we prefer you use "-ssl SAVE", etc. and have the VNC viewer verify the cert.) The ANONTLS mode (vino) only supports ADH. VeNCrypt mode supports both ADH and regular X509 SSL certificates modes. For these ADH is enabled by - default. See [182]-vencrypt and [183]-anontls for how to disable - ADH. + default. See -vencrypt and -anontls for how to disable ADH. * For x11vnc's SSL/TLS modes, one can now specify a Certificate - Revocation List (CRL) with the [184]-sslCRL option. This will only - be useful for wide deployments: say a company-wide x11vnc SSL - access deployment using a central Certificate Authority (CA) via - [185]-sslGenCA and [186]-sslGenCert. This way if a user has his - laptop lost or stolen, you only have to revoke his key instead of - creating a new Certificate Authority and redeploying new keys to - all users. - * The default SSL/TLS mode, "[187]-ssl" (no pem file parameter - supplied), is now the same as "-ssl SAVE" and will save the - generated self-signed cert in "~/.vnc/certs/server.pem". - Previously "-ssl" would create a temporary self-signed cert that - was discarded when x11vnc exited. The reason for the change is to - at least give the chance for the VNC Viewer side (e.g. SSVNC) to - remember the cert to authenticate subsequent connections to the - same x11vnc server. Use "-ssl TMP" to regain the previous - behavior. Use "-ssl SAVE_NOPROMPT" to avoid being prompted about - using passphrase when the certificate is created. - * The option [188]-http_oneport enables single-port HTTP connections - via the Java VNC Viewer. So, for example, the web browser URL + Revocation List (CRL) with the -sslCRL option. This will only be + useful for wide deployments: say a company-wide x11vnc SSL access + deployment using a central Certificate Authority (CA) via + -sslGenCA and -sslGenCert. This way if a user has his laptop lost + or stolen, you only have to revoke his key instead of creating a + new Certificate Authority and redeploying new keys to all users. + * The default SSL/TLS mode, "-ssl" (no pem file parameter supplied), + is now the same as "-ssl SAVE" and will save the generated + self-signed cert in "~/.vnc/certs/server.pem". Previously "-ssl" + would create a temporary self-signed cert that was discarded when + x11vnc exited. The reason for the change is to at least give the + chance for the VNC Viewer side (e.g. SSVNC) to remember the cert + to authenticate subsequent connections to the same x11vnc server. + Use "-ssl TMP" to regain the previous behavior. Use "-ssl + SAVE_NOPROMPT" to avoid being prompted about using passphrase when + the certificate is created. + * The option -http_oneport enables single-port HTTP connections via + the Java VNC Viewer. So, for example, the web browser URL "http://myhost.org:5900" works the same as "http://myhost.org:5800", but with the convenience of only involving one port instead of two. This works for both unencrypted - connections and for SSH tunnels (see [189]-httpsredir if the - tunnel port differs.) Note that HTTPS single-port operation in - [190]-ssl SSL encrypted mode has been available since x11vnc - version 0.8.3. - * For the [191]-avahi/[192]-zeroconf Service Advertizing mode, if - x11vnc was not compiled with the avahi-client library, then an - external helper program, either avahi-publish(1) (on Unix) or - dns-sd(1) (on Mac OS X), is used instead. - * The "[193]-rfbport PROMPT" option will prompt the user via the GUI - to select the VNC port (e.g. 5901) to listen on, and a few other + connections and for SSH tunnels (see -httpsredir if the tunnel + port differs.) Note that HTTPS single-port operation in -ssl SSL + encrypted mode has been available since x11vnc version 0.8.3. + * For the -avahi/-zeroconf Service Advertizing mode, if x11vnc was + not compiled with the avahi-client library, then an external + helper program, either avahi-publish(1) (on Unix) or dns-sd(1) (on + Mac OS X), is used instead. + * The "-rfbport PROMPT" option will prompt the user via the GUI to + select the VNC port (e.g. 5901) to listen on, and a few other basic settings. This enables a handy GUI mode for naive users: x11vnc -gui tray=setpass -rfbport PROMPT -logfile $HOME/.x11vnc.log.%VNCDISP LAY - suitable for putting in a launcher or menu, e.g. - [194]x11vnc.desktop. The [195]-logfile expansion is new too. In - the GUI, the tray=setpass Properties panel has been improved. - * The [196]-solid solid background color option now works for the - Mac OS X console. - * The [197]-reopen option instructs x11vnc to try to reopen the X - display if it is prematurely closed by, say, the display manager - (e.g. [198]GDM.) + suitable for putting in a launcher or menu, e.g. x11vnc.desktop. + The -logfile expansion is new too. In the GUI, the tray=setpass + Properties panel has been improved. + * The -solid solid background color option now works for the Mac OS + X console. + * The -reopen option instructs x11vnc to try to reopen the X display + if it is prematurely closed by, say, the display manager (e.g. + GDM.) Here are some features that appeared in the 0.9.5 release (Oct/2008): - * Symmetric key [199]encryption ciphers. ARC4, AES-128, AES-256, + * Symmetric key encryption ciphers. ARC4, AES-128, AES-256, blowfish, and 3des are supported. Salt and initialization vector seeding is provided. These compliment the more widely used SSL and - SSH encryption access methods. [200]SSVNC also supports these + SSH encryption access methods. SSVNC also supports these encryption modes. - * Scaling differently along the X- and Y-directions. E.g. - "[201]-scale 1280x1024" or "-scale 0.8x0.75" Also, - "[202]-geometry WxH" is an alias for "-scale WxH" + * Scaling differently along the X- and Y-directions. E.g. "-scale + 1280x1024" or "-scale 0.8x0.75" Also, "-geometry WxH" is an + alias for "-scale WxH" * By having SSVNC version 1.0.21 or later available in your $PATH, - the [203]-chatwindow option allows a UltraVNC Text Chat window to + the -chatwindow option allows a UltraVNC Text Chat window to appear on the local X11 console/display (this way the remote viewer can chat with the person at the physical display; e.g. helpdesk mode.) This also works on the Mac OS X console if the @@ -1170,47 +1160,43 @@ LAY Here are some features that appeared in the 0.9.4 release (Sep/2008): - * Improvements to the [204]-find and [205]-create X session finding - or creating modes: new desktop types and service redirection - options. Personal cupsd daemon and SSH port redirection helper for - use with [206]SSVNC's Terminal Services feature. - * Reverse VNC connections via [207]-connect work in the [208]-find, - [209]-create and related [210]-display WAIT:... modes. + * Improvements to the -find and -create X session finding or + creating modes: new desktop types and service redirection options. + Personal cupsd daemon and SSH port redirection helper for use with + SSVNC's Terminal Services feature. + * Reverse VNC connections via -connect work in the -find, -create + and related -display WAIT:... modes. * Reverse VNC connections (either normal or SSL) can use a Web Proxy or a SOCKS proxy, or a SSH connection, or even a CGI URL to make - the outgoing connection. See: [211]-proxy. Forward connections can - also use: [212]-ssh. - * Reverse VNC connections via the [213]UltraVNC repeater proxy - (either normal or SSL) are supported. Use either the - "[214]-connect repeater=ID:NNNN+host:port" or "[215]-connect - repeater://host:port+ID:NNNN" notation. The [216]SSVNC VNC viewer - also supports the UltraVNC repeater. Also, a perl repeater - implemention is here: [217]ultravnc_repeater.pl + the outgoing connection. See: -proxy. Forward connections can also + use: -ssh. + * Reverse VNC connections via the UltraVNC repeater proxy (either + normal or SSL) are supported. Use either the "-connect + repeater=ID:NNNN+host:port" or "-connect + repeater://host:port+ID:NNNN" notation. The SSVNC VNC viewer also + supports the UltraVNC repeater. Also, a perl repeater implemention + is here: ultravnc_repeater.pl * Support for indexed colormaps (PseudoColor) with depths other than 8 (from 1 to 16 now work) for non-standard hardware. Option - "[218]-advertise_truecolor" to handle some workaround in this - mode. + "-advertise_truecolor" to handle some workaround in this mode. * Support for the ZYWRLE encoding, this is the RealVNC ZRLE encoding extended to do motion video and photo regions more efficiently by way of a Wavelet based transformation. - * The [219]-finddpy and [220]-listdpy utilities help to debug and - configure the [221]-find, [222]-create, and [223]-display WAIT:... - modes. + * The -finddpy and -listdpy utilities help to debug and configure + the -find, -create, and -display WAIT:... modes. * Some automatic detection of screen resizes are handled even if the - [224]-xrandr option is not supplied. - * The [225]-autoport options gives more control over the VNC port - x11vnc chooses. - * The [226]-ping secs can be used to help keep idle connections - alive. + -xrandr option is not supplied. + * The -autoport options gives more control over the VNC port x11vnc + chooses. + * The -ping secs can be used to help keep idle connections alive. * Pasting of the selection/clipboard into remote applications (e.g. Java) has been improved. * Fixed a bug if a client disconnects during the 'speed-estimation' phase. * To unset Caps_Lock, Num_Lock and raise all keys in the X server - use [227]-clear_all. - * Usage with dvorak keyboards has been improved. See also: - [228]-xkb. - * The [229]Java Viewer applet source code is now included in the + use -clear_all. + * Usage with dvorak keyboards has been improved. See also: -xkb. + * The Java Viewer applet source code is now included in the x11vnc-0.9.*.tar.gz tarball. This means you can now build the Java viewer applet jar files from source. If you stopped shipping the Java viewer applet jar files due to lack of source code, you can @@ -1218,16 +1204,16 @@ LAY Here are some features that appeared in the 0.9.3 release (Oct/2007): - * [230]Viewer-side pixmap caching. A large area of pixels (at least - 2-3 times as big as the framebuffer itself; the bigger the - better... default is 10X) is placed below the framebuffer to act - as a buffer/cache area for pixel data. The VNC CopyRect encoding - is used to move it around, so any viewer can take advantage of it. + * Viewer-side pixmap caching. A large area of pixels (at least 2-3 + times as big as the framebuffer itself; the bigger the better... + default is 10X) is placed below the framebuffer to act as a + buffer/cache area for pixel data. The VNC CopyRect encoding is + used to move it around, so any viewer can take advantage of it. Until we start modifying viewers you will be able to see the cache area if you scroll down (this makes it easier to debug!) For testing the default is "-ncache 10". The unix Enhanced TightVNC - Viewer [231]ssvnc has a nice [232]-ycrop option to help hide the - pixel cache area from view. + Viewer ssvnc has a nice -ycrop option to help hide the pixel cache + area from view. Here are some features that appeared in the 0.9.2 release (Jun/2007): @@ -1239,17 +1225,17 @@ LAY * If UltraVNC file transfer or chat is detected, then VNC clients are "pinged" more often to prevent these side channels from becoming serviced too infrequently. - * In [233]-unixpw mode in the username and password dialog no text - will be echoed if the first character sent is "Escape". This - enables a convenience feature in SSVNC to send the username and - password automatically. + * In -unixpw mode in the username and password dialog no text will + be echoed if the first character sent is "Escape". This enables a + convenience feature in SSVNC to send the username and password + automatically. Here are some features that appeared in the 0.9.1 release (May/2007): - * The [234]UltraVNC Java viewer has been enhanced to support SSL (as - the TightVNC viewer had been previously.) The UltraVNC Java - supports ultravnc filetransfer, and so can be used as a VNC viewer - on Unix that supports ultravnc filetransfer. It is in the + * The UltraVNC Java viewer has been enhanced to support SSL (as the + TightVNC viewer had been previously.) The UltraVNC Java supports + ultravnc filetransfer, and so can be used as a VNC viewer on Unix + that supports ultravnc filetransfer. It is in the classes/ssl/UltraViewerSSL.jar file (that is pointed to by ultra.vnc.) The signed applet SignedUltraViewerSSL.jar version (pointed to by ultrasigned.vnc) will be needed to access the local @@ -1257,13 +1243,13 @@ LAY Some other bugs in the UltraVNC Java viewer were fixed and a few improvements to the UI made. * A new Unix username login mode for VNC Viewers authenticated via a - Client SSL Certificate: "[235]-users sslpeer=". The emailAddress + Client SSL Certificate: "-users sslpeer=". The emailAddress subject field is inspected for username@hostname and then acts as though "-users +username" has been supplied. This way the Unix username is identified by (i.e. simply extracted from) the Client - SSL Certificate. This could be useful with [236]-find, - [237]-create and [238]-svc modes if you are also have set up and - use VNC Client SSL Certificate authentication. + SSL Certificate. This could be useful with -find, -create and -svc + modes if you are also have set up and use VNC Client SSL + Certificate authentication. * For external display finding/creating programs (e.g. WAIT:cmd=...) if the VNC Viewer is authenticated via a Client SSL Certificate, then that Certificate is available in the environment variable @@ -1271,59 +1257,56 @@ LAY Here are some features that appeared in the 0.9 release (Apr/2007): - * [239]VNC Service advertising via mDNS / ZeroConf / BonJour with - the [240]Avahi client library. Enable via "[241]-avahi" or - "[242]-zeroconf". + * VNC Service advertising via mDNS / ZeroConf / BonJour with the + Avahi client library. Enable via "-avahi" or "-zeroconf". * Implementations of UltraVNC's TextChat, SingleWindow, and - ServerInput extensions (requires ultravnc viewer or [243]ssvnc - Unix viewer.) They toggle the selection of a single window - ([244]-id), and disable (friendly) user input and viewing (monitor - blank) at the VNC server. - * Short aliases "[245]-find", "[246]-create", "[247]-svc", and - "[248]-xdmsvc" for commonly used FINDCREATEDISPLAY usage modes. - * Reverse VNC connections (viewer listening) now work in SSL - ([249]-ssl) mode. + ServerInput extensions (requires ultravnc viewer or ssvnc Unix + viewer.) They toggle the selection of a single window (-id), and + disable (friendly) user input and viewing (monitor blank) at the + VNC server. + * Short aliases "-find", "-create", "-svc", and "-xdmsvc" for + commonly used FINDCREATEDISPLAY usage modes. + * Reverse VNC connections (viewer listening) now work in SSL (-ssl) + mode. * New options to control the Monitor power state and keyboard/mouse - grabbing: [250]-forcedpms, [251]-clientdpms, [252]-noserverdpms, - and [253]-grabalways. - * A simple way to emulate inetd(8) to some degree via the - "[254]-loopbg" option. - * Monitor the accuracy of XDAMAGE and apply "[255]-noxdamage" if it - is not working well. OpenGL applications like like [256]beryl and - MythTv have been shown to make XDAMAGE not work properly. + grabbing: -forcedpms, -clientdpms, -noserverdpms, and -grabalways. + * A simple way to emulate inetd(8) to some degree via the "-loopbg" + option. + * Monitor the accuracy of XDAMAGE and apply "-noxdamage" if it is + not working well. OpenGL applications like like beryl and MythTv + have been shown to make XDAMAGE not work properly. * For Java SSL connections involving a router/firewall port - redirection, an option [257]-httpsredir to spare the user from - needing to include &PORT=NNN in the browser URL. + redirection, an option -httpsredir to spare the user from needing + to include &PORT=NNN in the browser URL. Here are some features that appeared in the 0.8.4 release (Feb/2007): - * Native [258]Mac OS X Aqua/Quartz support. (i.e. OSXvnc - alternative; some activities are faster) - * A [259]new login mode: "-display WAIT:cmd=FINDCREATEDISPLAY - -unixpw ..." that will Create a new X session (either virtual or - real and with or without a display manager, e.g. kdm) for the user - if it cannot find the user's X session display via the FINDDISPLAY - method. See the [260]-svc and the [261]-xdmsvc aliases. - * x11vnc can act as a VNC [262]reflector/repeater using the - "[263]-reflect host:N" option. Instead of polling an X display, - the remote VNC Server host:N is connected to and re-exported via - VNC. This is intended for use in broadcasting a display to many - (e.g. > 16; classroom or large demo) VNC viewers where bandwidth - and other resources are conserved by spreading the load over a - number of repeaters. + * Native Mac OS X Aqua/Quartz support. (i.e. OSXvnc alternative; + some activities are faster) + * A new login mode: "-display WAIT:cmd=FINDCREATEDISPLAY -unixpw + ..." that will Create a new X session (either virtual or real and + with or without a display manager, e.g. kdm) for the user if it + cannot find the user's X session display via the FINDDISPLAY + method. See the -svc and the -xdmsvc aliases. + * x11vnc can act as a VNC reflector/repeater using the "-reflect + host:N" option. Instead of polling an X display, the remote VNC + Server host:N is connected to and re-exported via VNC. This is + intended for use in broadcasting a display to many (e.g. > 16; + classroom or large demo) VNC viewers where bandwidth and other + resources are conserved by spreading the load over a number of + repeaters. * Wireframe copyrect detection for local user activity (e.g. someone sitting at the physical display moving windows) Use - [264]-nowireframelocal to disable. - * The "[265]-N" option couples the VNC Display number to the X - Display number. E.g. if your X DISPLAY is :2 then the VNC display - will be :2 (i.e. using port 5902.) If that port is taken x11vnc - will exit. - * Option [266]-nodpms to avoid problems with programs like KDE's + -nowireframelocal to disable. + * The "-N" option couples the VNC Display number to the X Display + number. E.g. if your X DISPLAY is :2 then the VNC display will be + :2 (i.e. using port 5902.) If that port is taken x11vnc will exit. + * Option -nodpms to avoid problems with programs like KDE's kdesktop_lock that keep restarting the screen saver every few seconds. * To automatically fix the common mouse motion problem on XINERAMA - (multi-headed) displays, the [267]-xwarppointer option is enabled - by default when XINERAMA is active. + (multi-headed) displays, the -xwarppointer option is enabled by + default when XINERAMA is active. If you have a Mac please try out the native Mac OS X support, build with "./configure --without-x", or download a binary mentioned above, @@ -1332,62 +1315,59 @@ LAY Here are some features that appeared in the 0.8.3 release (Nov/2006): - * The [268]-ssl option provides SSL encryption and authentication - natively via the [269]www.openssl.org library. One can use from a + * The -ssl option provides SSL encryption and authentication + natively via the www.openssl.org library. One can use from a simple self-signed certificate server certificate up to full CA and client certificate authentication schemes. - * Similar to -ssl, the [270]-stunnel option starts up a SSL tunnel - server stunnel (that must be installed separately on the system: - [271]stunnel.mirt.net ) to allow only encrypted SSL connections - from the network. - * The [272]-sslverify option allows for authenticating VNC clients - via their certificates in either -ssl or -stunnel modes. + * Similar to -ssl, the -stunnel option starts up a SSL tunnel server + stunnel (that must be installed separately on the system: + stunnel.mirt.net ) to allow only encrypted SSL connections from + the network. + * The -sslverify option allows for authenticating VNC clients via + their certificates in either -ssl or -stunnel modes. * Certificate creation and management tools are provide in the - [273]-sslGenCert, [274]-sslGenCA, and [275]related options. + -sslGenCert, -sslGenCA, and related options. * An SSL enabled Java applet VNC Viewer applet is provided by x11vnc in classes/ssl/VncViewer.jar. In addition to normal HTTP, the applet may be loaded into the web browser via HTTPS (HTTP over SSL.) (one can use the VNC port, e.g. https://host:5900/, or also - the separate [276]-https port option.) A wrapper shell script - [277]ss_vncviewer is also provided that sets up a stunnel - client-side tunnel on Unix systems. See [278]Enhanced TightVNC - Viewer (SSVNC) for other SSL/SSH viewer possibilities. - * The [279]-unixpw option supports Unix username and password - authentication (a simpler variant is the [280]-unixpw_nis option - that works in environments where the encrypted passwords are - readable, e.g. NIS.) The [281]-ssl or [282]-localhost + - [283]-stunnel options are enforced in this mode to prevent - password sniffing. As a convenience, these requirements are lifted - if a SSH tunnel can be deduced (but -localhost still applies.) - * Coupling [284]-unixpw with "[285]-display WAIT:cmd=FINDDISPLAY" or - "-display WAIT:cmd=FINDCREATEDISPLAY" provides a way to allow a - user to login with their UNIX password and have their display - connected to [286]automatically. See the [287]-svc and the - [288]-xdmsvc aliases. - * Hooks are provided in the [289]-unixpw_cmd and "[290]-passwdfile + the separate -https port option.) A wrapper shell script + ss_vncviewer is also provided that sets up a stunnel client-side + tunnel on Unix systems. See Enhanced TightVNC Viewer (SSVNC) for + other SSL/SSH viewer possibilities. + * The -unixpw option supports Unix username and password + authentication (a simpler variant is the -unixpw_nis option that + works in environments where the encrypted passwords are readable, + e.g. NIS.) The -ssl or -localhost + -stunnel options are enforced + in this mode to prevent password sniffing. As a convenience, these + requirements are lifted if a SSH tunnel can be deduced (but + -localhost still applies.) + * Coupling -unixpw with "-display WAIT:cmd=FINDDISPLAY" or "-display + WAIT:cmd=FINDCREATEDISPLAY" provides a way to allow a user to + login with their UNIX password and have their display connected to + automatically. See the -svc and the -xdmsvc aliases. + * Hooks are provided in the -unixpw_cmd and "-passwdfile cmd:,custom:..." options to allow you to supply your own authentication and password lookup programs. * x11vnc can be configured and built to not depend on X11 libraries - "./configure --without-x" for [291]-rawfb only operation (e.g. - embedded linux console devices.) - * The [292]-rotate option enables you to rotate or reflect the - screen before exporting via VNC. This is intended for use on - handhelds and other devices where the rotation orientation is not - "natural". - * The "[293]-ultrafilexfer" alias is provided and improved UltraVNC + "./configure --without-x" for -rawfb only operation (e.g. embedded + linux console devices.) + * The -rotate option enables you to rotate or reflect the screen + before exporting via VNC. This is intended for use on handhelds + and other devices where the rotation orientation is not "natural". + * The "-ultrafilexfer" alias is provided and improved UltraVNC filetransfer rates have been achieved. - * Under the "[294]-connect_or_exit host" option x11vnc will exit + * Under the "-connect_or_exit host" option x11vnc will exit immediately unless the reverse connection to host succeeds. The "-rfbport 0" option disables TCP listening for connections (useful for this mode.) - * The "[295]-rawfb rand" and "-rawfb none" options are useful for - testing automation scripts, etc., without requiring a full - desktop. - * Reduced spewing of information at startup, use "[296]-verbose" - (also "-v") to turn it back on for debugging or if you are going - to send me a problem report. - - Here are some [297]Previous Release Notes + * The "-rawfb rand" and "-rawfb none" options are useful for testing + automation scripts, etc., without requiring a full desktop. + * Reduced spewing of information at startup, use "-verbose" (also + "-v") to turn it back on for debugging or if you are going to send + me a problem report. + + Here are some Previous Release Notes _________________________________________________________________ Some Notes: @@ -1414,15 +1394,15 @@ LAY protocol.) I suggest using xsetroot, dtstyle or similar utility to set a solid background while using x11vnc. You can turn the pretty background image back on when you are using the display directly. - Update: As of Feb/2005 x11vnc has the [298]-solid [color] option that - works on recent GNOME, KDE, and CDE and also on classic X (background - image is on the root window.) Update: As of Oct/2007 x11vnc has the - [299]-ncache option that does a reasonable job caching the background - (and other) pixmap data on the viewer side. + Update: As of Feb/2005 x11vnc has the -solid [color] option that works + on recent GNOME, KDE, and CDE and also on classic X (background image + is on the root window.) Update: As of Oct/2007 x11vnc has the -ncache + option that does a reasonable job caching the background (and other) + pixmap data on the viewer side. - I also find the [300]TightVNC encoding gives the best response for my - usage (Unix <-> Unix over cable modem.) One needs a tightvnc-aware - vncviewer to take advantage of this encoding. + I also find the TightVNC encoding gives the best response for my usage + (Unix <-> Unix over cable modem.) One needs a tightvnc-aware vncviewer + to take advantage of this encoding. TCP port issues: Notice the lines 18/07/2003 14:36:31 Autoprobing selected port 5900 @@ -1432,17 +1412,17 @@ LAY is X11's default listening port.) Had port 5900 been taken by some other application, x11vnc would have next tried 5901. That would mean the viewer command above should be changed to vncviewer - far-away.east:1. You can force the port with the "[301]-rfbport NNNN" + far-away.east:1. You can force the port with the "-rfbport NNNN" option where NNNN is the desired port number. If that port is already - taken, x11vnc will exit immediately. The "[302]-N" option will try to - match the VNC display number to the X display. (also see the "SunRay + taken, x11vnc will exit immediately. The "-N" option will try to match + the VNC display number to the X display. (also see the "SunRay Gotcha" note below) Options: x11vnc has (far too) many features that may be activated - via its [303]command line options. Useful options are, e.g., -scale to - do server-side scaling, and -rfbauth passwd-file to use VNC password + via its command line options. Useful options are, e.g., -scale to do + server-side scaling, and -rfbauth passwd-file to use VNC password protection (the vncpasswd or storepasswd programs, or the x11vnc - [304]-storepasswd option can be used to create the password file.) + -storepasswd option can be used to create the password file.) Algorithm: How does x11vnc do it? Rather brute-forcedly: it continuously polls the X11 framebuffer for changes using @@ -1470,18 +1450,17 @@ LAY first testing out the programs. You get an interesting recursive/feedback effect where vncviewer images keep popping up each one contained in the previous one and slightly shifted a bit by the - window manager decorations. There will be an [305]even more - interesting effect if -scale is used. Also, if the XKEYBOARD is - supported and the XBell "beeps" once, you get an infinite loop of - beeps going off. Although all of this is mildly exciting it is not - much use: you will normally run and display the viewer on a different - machine! + window manager decorations. There will be an even more interesting + effect if -scale is used. Also, if the XKEYBOARD is supported and the + XBell "beeps" once, you get an infinite loop of beeps going off. + Although all of this is mildly exciting it is not much use: you will + normally run and display the viewer on a different machine! _________________________________________________________________ Sun Ray Notes: - You can run x11vnc on your (connected or disconnected) [306]SunRay - session. Here are some [307]notes on SunRay usage with x11vnc. + You can run x11vnc on your (connected or disconnected) SunRay session. + Here are some notes on SunRay usage with x11vnc. _________________________________________________________________ @@ -1493,9 +1472,9 @@ LAY than you normally do to minimize the effects (e.g. do fullpage paging rather than line-by-line scrolling, and move windows in a single, quick motion.) Recent work has provided the - [308]-scrollcopyrect and [309]-wireframe speedups using the - CopyRect VNC encoding and other things, but they only speed up - some activities, not all. + -scrollcopyrect and -wireframe speedups using the CopyRect VNC + encoding and other things, but they only speed up some activities, + not all. * A rate limiting factor for x11vnc performance is that graphics hardware is optimized for writing, not reading (x11vnc reads the video framebuffer for the screen image data.) The difference can @@ -1552,365 +1531,45 @@ LAY but we mention it because it may be of use for special purpose applications. You may need to use the "-cc 4" option to force Xvfb to use a TrueColor visual instead of DirectColor. See also the - description of the [310]-create option that does all of this + description of the -create option that does all of this automatically for you (be sure to install the Xvfb package, e.g. apt-get install xvfb.) Also, a faster and more accurate way is to use the "dummy" Xorg/XFree86 device driver (or our Xdummy wrapper script.) See - [311]this FAQ for details. + this FAQ for details. * Somewhat surprisingly, the X11 mouse (cursor) shape is write-only and cannot be queried from the X server. So traditionally in x11vnc the cursor shape stays fixed at an arrow. (see the "-cursor - X" and "-cursor some" [312]options, however, for a partial hack - for the root window, etc.) However, on Solaris using the SUN_OVL - overlay extension, x11vnc can show the correct mouse cursor when - the [313]-overlay option is also supplied. A similar thing is done - on IRIX as well when -overlay is supplied. + X" and "-cursor some" options, however, for a partial hack for the + root window, etc.) However, on Solaris using the SUN_OVL overlay + extension, x11vnc can show the correct mouse cursor when the + -overlay option is also supplied. A similar thing is done on IRIX + as well when -overlay is supplied. More generally, as of Dec/2004 x11vnc supports the new XFIXES extension (in Xorg and Solaris 10) to query the X server for the exact cursor shape, this works pretty well except that cursors with transparency (alpha channel) need to approximated to solid RGB values (some cursors look worse than others.) * Audio from applications is of course not redirected (separate - redirectors do exist, e.g. esd, see [314]the FAQ on this below.) - The XBell() "beeps" will work if the X server supports the - XKEYBOARD extension. (Note that on Solaris XKEYBOARD is disabled - by default. Passing +kb to Xsun enables it.) - * The scroll detection algorithm for the [315]-scrollcopyrect option - can give choppy or bunched up transient output and occasionally + redirectors do exist, e.g. esd, see the FAQ on this below.) The + XBell() "beeps" will work if the X server supports the XKEYBOARD + extension. (Note that on Solaris XKEYBOARD is disabled by default. + Passing +kb to Xsun enables it.) + * The scroll detection algorithm for the -scrollcopyrect option can + give choppy or bunched up transient output and occasionally painting errors. * Using -threads can expose some bugs/crashes in libvncserver. - Please feel free to [316]contact me if you have any questions, - problems, or comments about x11vnc, etc. - Also, some people ask if they can make a donation, see [317]this link - for that. - -References - - 1. http://www.karlrunge.com/x11vnc/faq.html#faq - 2. http://www.karlrunge.com/x11vnc/index.html#downloading - 3. http://www.karlrunge.com/x11vnc/index.html#building - 4. http://www.karlrunge.com/x11vnc/index.html#beta-test - 5. http://www.karlrunge.com/x11vnc/faq.html#faq-thanks - 6. http://www.karlrunge.com/x11vnc/faq.html#faq-thanks - 7. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-int - 8. http://www.karlrunge.com/x11vnc/faq.html#faq-userlogin - 9. http://www.karlrunge.com/x11vnc/faq.html#faq-scaling - 10. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-viewers - 11. http://www.karlrunge.com/x11vnc/faq.html#faq-avahi - 12. http://www.karlrunge.com/x11vnc/faq.html#faq-filexfer - 13. http://www.karlrunge.com/x11vnc/faq.html#faq-macosx - 14. http://www.karlrunge.com/x11vnc/faq.html#faq-video - 15. http://www.karlrunge.com/x11vnc/faq.html#faq-qt-embedded - 16. http://www.karlrunge.com/x11vnc/index.html#beta-test - 17. http://www.karlrunge.com/x11vnc/faq.html#infaq_findcreatedisplay - 18. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create - 19. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-svc - 20. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xdmsvc - 21. http://www.karlrunge.com/x11vnc/ssvnc.html#tsvnc - 22. http://www.karlrunge.com/x11vnc/faq.html#faq - 23. http://www.karlrunge.com/x11vnc/disclaimer.html - 24. http://www.karlrunge.com/x11vnc/index.html#contact - 25. http://www.karlrunge.com/x11vnc/faq.html#faq-thanks - 26. http://www.karlrunge.com/x11vnc/faq.html#faq - 27. http://www.karlrunge.com/x11vnc/index.html#beta-test - 28. http://www.karlrunge.com/x11vnc/faq.html#faq-client-caching - 29. http://www.karlrunge.com/x11vnc/ssvnc.html - 30. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl - 31. http://www.debian.org/security/2008/dsa-1571 - 32. http://www.karlrunge.com/x11vnc/index.html#tunnelling - 33. http://www.karlrunge.com/x11vnc/faq.html#faq - 34. http://www.realvnc.com/ - 35. http://www.tightvnc.com/ - 36. http://www.ultravnc.com/ - 37. http://www.testplant.com/products/vine_server/OS_X - 38. http://www.karlrunge.com/x11vnc/faq.html#faq-client-caching - 39. http://www.karlrunge.com/x11vnc/index.html#downloading - 40. http://www.tightvnc.com/download.html - 41. http://www.karlrunge.com/x11vnc/ssvnc.html - 42. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-auth - 43. http://www.karlrunge.com/x11vnc/faq.html#faq-xperms - 44. http://www.karlrunge.com/x11vnc/faq.html#faq-xperms - 45. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find - 46. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-findauth - 47. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-auth - 48. http://www.karlrunge.com/x11vnc/faq.html#faq-viewer-download - 49. http://www.sun.com/software/solaris/freeware/ - 50. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-forever - 51. http://www.karlrunge.com/x11vnc/index.html#firewalls - 52. http://www.karlrunge.com/x11vnc/index.html#tunnelling - 53. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-forever - 54. http://www.karlrunge.com/x11vnc/faq.html#faq-service - 55. http://www.karlrunge.com/x11vnc/faq.html#faq-passwd - 56. http://www.karlrunge.com/x11vnc/index.html#vnc_password_file - 57. http://www.karlrunge.com/x11vnc/ssvnc.html#download - 58. http://downloads.sourceforge.net/ssvnc/ssvnc_no_windows-1.0.23.tar.gz?use_mirror - 59. http://www.karlrunge.com/x11vnc/index.html#tunnelling - 60. http://www.karlrunge.com/x11vnc/ssvnc.html#tsvnc - 61. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-connect - 62. http://www.karlrunge.com/x11vnc/index.html#vnc_password_file - 63. http://www.karlrunge.com/x11vnc/faq.html#faq-inetd - 64. http://www.karlrunge.com/x11vnc/index.html#tightvnc_via - 65. http://www.karlrunge.com/x11vnc/ssvnc.html - 66. http://www.karlrunge.com/x11vnc/ssvnc.html#tsvnc - 67. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-connect - 68. http://www.karlrunge.com/x11vnc/chainingssh.html - 69. http://www.karlrunge.com/x11vnc/ssvnc.html - 70. http://www.portforward.com/routers.htm - 71. http://www.whatismyip.com/ - 72. http://www.karlrunge.com/x11vnc/ssvnc.html - 73. http://www.karlrunge.com/x11vnc/index.html#ssl-tunnel - 74. http://www.whatismyip.com/ - 75. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-bg - 76. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-connect - 77. http://www.karlrunge.com/x11vnc/faq.html#faq-inetd - 78. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rfbauth - 79. http://www.karlrunge.com/x11vnc/faq.html#faq-passwd - 80. http://www.karlrunge.com/x11vnc/faq.html#faq-passwdfile - 81. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-passwdfile - 82. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-usepw - 83. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl - 84. http://www.karlrunge.com/x11vnc/ssvnc.html - 85. http://www.karlrunge.com/x11vnc/faq.html#faq-allow-opt - 86. http://www.karlrunge.com/x11vnc/faq.html#faq-tcp_wrappers - 87. http://stunnel.mirt.net/ - 88. http://www.stunnel.org/ - 89. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl - 90. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-int - 91. http://www.karlrunge.com/x11vnc/ssvnc.html - 92. http://sourceforge.net/projects/libvncserver/ - 93. http://sourceforge.net/projects/libvncserver/files/x11vnc/0.9.9/ - 94. http://sourceforge.net/projects/libvncserver/files/x11vnc/0.9.9/release-notes-0.9.9.txt/view - 95. http://x11vnc.sourceforge.net/dev/x11vnc-0.9.10-dev.tar.gz - 96. http://www.karlrunge.com/x11vnc/faq.html#faq-binaries - 97. http://www.tightvnc.com/download.html - 98. http://www.realvnc.com/products/free/4.1/download.html - 99. http://sourceforge.net/projects/cotvnc/ - 100. http://www.ultravnc.com/ - 101. http://www.karlrunge.com/x11vnc/ssvnc.html - 102. http://www.karlrunge.com/x11vnc/rx11vnc - 103. http://www.karlrunge.com/x11vnc/rx11vnc.pl - 104. http://www.karlrunge.com/x11vnc/faq.html#faq-build - 105. http://www.karlrunge.com/x11vnc/faq.html#faq-build - 106. http://www.sunfreeware.com/ - 107. http://www.karlrunge.com/x11vnc/bins - 108. http://www.karlrunge.com/x11vnc/index.html#solarisbuilding - 109. http://www.karlrunge.com/x11vnc/miscbuild.html - 110. ftp://ftp.uu.net/graphics/jpeg/ - 111. http://www.gzip.org/zlib/ - 112. http://www.sunfreeware.com/ - 113. http://www.karlrunge.com/x11vnc/index.html#build-openssl - 114. http://www.karlrunge.com/x11vnc/faq.html#faq-solaris251build - 115. http://www.karlrunge.com/x11vnc/faq.html#faq-macosx - 116. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-int - 117. http://x11vnc.sourceforge.net/dev/x11vnc-0.9.10-dev.tar.gz - 118. http://www.karlrunge.com/x11vnc/bins - 119. mailto:xvml@karlrunge.com - 120. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-int - 121. http://www.karlrunge.com/x11vnc/faq.html#infaq_ss_vncviewer - 122. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-ext - 123. http://www.karlrunge.com/x11vnc/ssvnc.html - 124. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-enc - 125. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl - 126. http://www.karlrunge.com/x11vnc/ssl.html#chained-certificates - 127. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-inetd - 128. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-https - 129. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslScripts - 130. http://www.karlrunge.com/x11vnc/desktop.cgi.pl - 131. http://www.karlrunge.com/x11vnc/faq.html#faq-xvfb - 132. http://www.karlrunge.com/x11vnc/faq.html#faq-web-login - 133. http://www.karlrunge.com/x11vnc/Xdummy - 134. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw - 135. http://www.karlrunge.com/x11vnc/inet6to4 - 136. http://www.karlrunge.com/x11vnc/faq.html#faq-ipv6 - 137. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xrandr - 138. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw_system_greeter - 139. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xdmsvc - 140. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-extra_fbur - 141. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-defer - 142. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wait - 143. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nonap - 144. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-allinput - 145. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-findauth - 146. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-auth - 147. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-display_WAIT - 148. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find - 149. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create - 150. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw_cmd - 151. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw_nis - 152. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-stunnel - 153. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl - 154. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl - 155. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslverify - 156. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslCRL - 157. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-stunnel - 158. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-appshare - 159. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remote - 160. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-gui - 161. http://ubuntuforums.org/showthread.php?t=1223490 - 162. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-threads - 163. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-reflect - 164. http://bugs.freedesktop.org/show_bug.cgi?id=21454 - 165. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-repeat - 166. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-clip - 167. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rawfb - 168. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rawfb - 169. http://www.virtualgl.org/ - 170. http://www.karlrunge.com/x11vnc/faq.html#faq-turbovnc - 171. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ncache_cr - 172. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ncache - 173. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rmflag - 174. http://sourceforge.net/projects/vencrypt/ - 175. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl - 176. http://www.karlrunge.com/x11vnc/ssvnc.html - 177. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw - 178. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-vencrypt - 179. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-anontls - 180. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslonly - 181. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl - 182. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-vencrypt - 183. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-anontls - 184. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslCRL - 185. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslGenCA - 186. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslGenCert - 187. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl - 188. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-http_oneport - 189. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-httpsredir - 190. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl - 191. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-avahi - 192. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-zeroconf - 193. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rfbport - 194. http://www.karlrunge.com/x11vnc/x11vnc.desktop - 195. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-o - 196. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-solid - 197. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-reopen - 198. http://www.karlrunge.com/x11vnc/faq.html#infaq_gdm - 199. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-enc - 200. http://www.karlrunge.com/x11vnc/ssvnc.html - 201. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scale - 202. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-geometry - 203. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-chatwindow - 204. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find - 205. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create - 206. http://www.karlrunge.com/x11vnc/ssvnc.html - 207. http://www.karlrunge.com/x11vnc/faq.html#faq-reverse-connect - 208. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find - 209. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create - 210. http://www.karlrunge.com/x11vnc/faq.html#infaq_findcreatedisplay - 211. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-proxy - 212. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssh - 213. http://www.uvnc.com/addons/repeater.html - 214. http://www.karlrunge.com/x11vnc/faq.html#faq-reverse-connect - 215. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-connect - 216. http://www.karlrunge.com/x11vnc/ssvnc.html - 217. http://www.karlrunge.com/x11vnc/ultravnc_repeater.pl - 218. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-advertise_truecolor - 219. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-finddpy - 220. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-listdpy - 221. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find - 222. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create - 223. http://www.karlrunge.com/x11vnc/faq.html#infaq_findcreatedisplay - 224. http://www.karlrunge.com/x11vnc/faq.html#faq-xrandr - 225. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-autoport - 226. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ping - 227. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-clear_all - 228. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xkb - 229. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-viewers - 230. http://www.karlrunge.com/x11vnc/faq.html#faq-client-caching - 231. http://www.karlrunge.com/x11vnc/ssvnc.html - 232. http://www.karlrunge.com/x11vnc/ssvnc.html#ycrop - 233. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw - 234. http://www.ultravnc.com/ - 235. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-users - 236. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create - 237. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create - 238. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create - 239. http://www.karlrunge.com/x11vnc/faq.html#faq-avahi - 240. http://www.avahi.org/ - 241. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-avahi - 242. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-zeroconf - 243. http://www.karlrunge.com/x11vnc/ssvnc.html - 244. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-id - 245. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find - 246. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create - 247. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-svc - 248. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xdmsvc - 249. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl - 250. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-forcedpms - 251. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-clientdpms - 252. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noserverdpms - 253. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-grabalways - 254. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-loop - 255. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noxdamage - 256. http://www.karlrunge.com/x11vnc/faq.html#faq-beryl - 257. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-httpsredir - 258. http://www.karlrunge.com/x11vnc/faq.html#faq-macosx - 259. http://www.karlrunge.com/x11vnc/faq.html#infaq_findcreatedisplay - 260. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-svc - 261. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xdmsvc - 262. http://www.karlrunge.com/x11vnc/faq.html#faq-reflect - 263. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-reflect - 264. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nowireframelocal - 265. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-N - 266. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nodpms - 267. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xwarppointer - 268. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl - 269. http://www.openssl.org/ - 270. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-stunnel - 271. http://stunnel.mirt.net/ - 272. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslverify - 273. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslGenCert - 274. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslGenCA - 275. http://www.karlrunge.com/x11vnc/ssl.html - 276. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-https - 277. http://www.karlrunge.com/x11vnc/faq.html#infaq_ss_vncviewer - 278. http://www.karlrunge.com/x11vnc/ssvnc.html - 279. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw - 280. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw_nis - 281. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl - 282. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-localhost - 283. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-stunnel - 284. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw - 285. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-display_WAIT - 286. http://www.karlrunge.com/x11vnc/faq.html#faq-userlogin - 287. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-svc - 288. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xdmsvc - 289. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw_cmd - 290. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-passwdfile - 291. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rawfb - 292. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rotate - 293. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ultrafilexfer - 294. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-connect_or_exit - 295. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rawfb - 296. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-v, - 297. http://www.karlrunge.com/x11vnc/prevrels.html - 298. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-solid - 299. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ncache - 300. http://www.tightvnc.com/ - 301. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rfbport - 302. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-N - 303. http://www.karlrunge.com/x11vnc/x11vnc_opts.html - 304. http://www.karlrunge.com/x11vnc/faq.html#faq-passwd - 305. http://www.karlrunge.com/x11vnc/recurse_x11vnc.jpg - 306. http://www.sun.com/sunray/index.html - 307. http://www.karlrunge.com/x11vnc/sunray.html - 308. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scrollcopyrect - 309. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wireframe - 310. http://www.karlrunge.com/x11vnc/faq.html#infaq_findcreatedisplay - 311. http://www.karlrunge.com/x11vnc/faq.html#faq-xvfb - 312. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-cursor - 313. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-overlay - 314. http://www.karlrunge.com/x11vnc/faq.html#faq-sound - 315. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scrollcopyrect - 316. mailto:xvml@karlrunge.com - 317. http://www.karlrunge.com/x11vnc/faq.html#faq-thanks + Please feel free to contact me if you have any questions, problems, or + comments about x11vnc, etc. + Also, some people ask if they can make a donation, see this link for + that. ======================================================================= http://www.karlrunge.com/x11vnc/faq.html: - [1]x11vnc Home [2]Donations + x11vnc Home Donations _________________________________________________________________ x11vnc FAQ: @@ -1918,472 +1577,467 @@ http://www.karlrunge.com/x11vnc/faq.html: [Building and Starting] - [3]Q-1: I can't get x11vnc to start up. It says "XOpenDisplay failed + Q-1: I can't get x11vnc to start up. It says "XOpenDisplay failed (null)" or "Xlib: connection to ":0.0" refused by server Xlib: No protocol specified" and then exits. What do I need to do? - [4]Q-2: I can't get x11vnc and/or libvncserver to compile. + Q-2: I can't get x11vnc and/or libvncserver to compile. - [5]Q-3: I just built x11vnc successfully, but when I use it my - keystrokes and mouse button clicks are ignored (I am able to move the - mouse though.) + Q-3: I just built x11vnc successfully, but when I use it my keystrokes + and mouse button clicks are ignored (I am able to move the mouse + though.) - [6]Q-4: Help, I need to run x11vnc on Solaris 2.5.1 (or other old + Q-4: Help, I need to run x11vnc on Solaris 2.5.1 (or other old Unix/Linux) and it doesn't compile! - [7]Q-5: Where can I get a precompiled x11vnc binary for my Operating + Q-5: Where can I get a precompiled x11vnc binary for my Operating System? - [8]Q-6: Where can I get a VNC Viewer binary (or source code) for the + Q-6: Where can I get a VNC Viewer binary (or source code) for the Operating System I will be viewing from? - [9]Q-7: How can I see all of x11vnc's command line options and + Q-7: How can I see all of x11vnc's command line options and documentation on how to use them? - [10]Q-8: I don't like typing arcane command line options every time I + Q-8: I don't like typing arcane command line options every time I start x11vnc. What can I do? Is there a config file? Or a GUI? - [11]Q-9: How can I get the GUI to run in the System Tray, or at least - be a smaller, simpler icon? + Q-9: How can I get the GUI to run in the System Tray, or at least be a + smaller, simpler icon? - [12]Q-10: How can I get x11vnc to listen on a different port besides - the default VNC port (5900)? + Q-10: How can I get x11vnc to listen on a different port besides the + default VNC port (5900)? - [13]Q-11: My Firewall/Router doesn't allow VNC Viewers to connect to + Q-11: My Firewall/Router doesn't allow VNC Viewers to connect to x11vnc. - [14]Q-12: Is it possible for a VNC Viewer and a VNC Server to connect - to each other even though both are behind Firewalls that block all + Q-12: Is it possible for a VNC Viewer and a VNC Server to connect to + each other even though both are behind Firewalls that block all incoming connections? - [15]Q-13: Can I make x11vnc more quiet and also go into the background + Q-13: Can I make x11vnc more quiet and also go into the background after starting up? - [16]Q-14: Sometimes when a VNC viewer dies abruptly, x11vnc also dies - with the error message like: "Broken pipe". I'm using the -forever - mode and I want x11vnc to keep running. + Q-14: Sometimes when a VNC viewer dies abruptly, x11vnc also dies with + the error message like: "Broken pipe". I'm using the -forever mode and + I want x11vnc to keep running. - [17]Q-15: The Windows TightVNC 1.3.9 Viewer cannot connect to x11vnc. + Q-15: The Windows TightVNC 1.3.9 Viewer cannot connect to x11vnc. - [18]Q-16: KDE's krdc VNC viewer cannot connect to x11vnc. + Q-16: KDE's krdc VNC viewer cannot connect to x11vnc. - [19]Q-17: When I start x11vnc on an Alpha Tru64 workstation the X - server crashes! + Q-17: When I start x11vnc on an Alpha Tru64 workstation the X server + crashes! - [20]Q-18: When running x11vnc on an IBM AIX workstation after a few + Q-18: When running x11vnc on an IBM AIX workstation after a few minutes the VNC connection freezes. - [21]Q-19: Are there any build-time customizations possible, e.g. - change defaults, create a smaller binary, etc? + Q-19: Are there any build-time customizations possible, e.g. change + defaults, create a smaller binary, etc? [Win2VNC Related] - [22]Q-20: I have two separate machine displays in front of me, one - Windows the other X11: can I use x11vnc in combination with Win2VNC in + Q-20: I have two separate machine displays in front of me, one Windows + the other X11: can I use x11vnc in combination with Win2VNC in dual-screen mode to pass the keystrokes and mouse motions to the X11 display? - [23]Q-21: I am running Win2VNC on my Windows machine and "x11vnc - -nofb" on Unix to pass keyboard and mouse to the Unix monitor. - Whenever I start Win2VNC it quickly disconnects and x11vnc says: + Q-21: I am running Win2VNC on my Windows machine and "x11vnc -nofb" on + Unix to pass keyboard and mouse to the Unix monitor. Whenever I start + Win2VNC it quickly disconnects and x11vnc says: rfbProcessClientNormalMessage: read: Connection reset by peer - [24]Q-22: Can I run "x11vnc -nofb" on a Mac OS X machine to redirect - mouse and keyboard input to it from Windows and X11 machines via - Win2VNC and x2vnc, respectively? + Q-22: Can I run "x11vnc -nofb" on a Mac OS X machine to redirect mouse + and keyboard input to it from Windows and X11 machines via Win2VNC and + x2vnc, respectively? [Color Issues] - [25]Q-23: The X display I run x11vnc on is only 8 bits per pixel (bpp) + Q-23: The X display I run x11vnc on is only 8 bits per pixel (bpp) PseudoColor (i.e. only 256 distinct colors.) The x11vnc colors may start out OK, but after a while they are incorrect in certain windows. - [26]Q-24: Color problems: Why are the colors for some windows - incorrect in x11vnc? BTW, my X display has nice overlay/multi-depth - visuals of different color depths: e.g. there are both depth 8 and 24 - visuals available at the same time. + Q-24: Color problems: Why are the colors for some windows incorrect in + x11vnc? BTW, my X display has nice overlay/multi-depth visuals of + different color depths: e.g. there are both depth 8 and 24 visuals + available at the same time. - [27]Q-25: I am on a high color system (depth >= 24) but I seem to have + Q-25: I am on a high color system (depth >= 24) but I seem to have colormap problems. They either flash or everything is very dark. - [28]Q-26: How do I figure out the window id to supply to the -id - windowid option? + Q-26: How do I figure out the window id to supply to the -id windowid + option? - [29]Q-27: Why don't menus or other transient windows come up when I am + Q-27: Why don't menus or other transient windows come up when I am using the -id windowid option to view a single application window? - [30]Q-28: My X display is depth 24 at 24bpp (instead of the normal - depth 24 at 32bpp.) I'm having lots of color and visual problems with - x11vnc and/or vncviewer. What's up? + Q-28: My X display is depth 24 at 24bpp (instead of the normal depth + 24 at 32bpp.) I'm having lots of color and visual problems with x11vnc + and/or vncviewer. What's up? [Xterminals] - [31]Q-29: Can I use x11vnc to view and interact with an Xterminal - (e.g. NCD) that is not running UNIX and so x11vnc cannot be run on it + Q-29: Can I use x11vnc to view and interact with an Xterminal (e.g. + NCD) that is not running UNIX and so x11vnc cannot be run on it directly? - [32]Q-30: How do I get my X permissions (MIT-MAGIC-COOKIE file) - correct for a Unix/Linux machine acting as an Xterminal? + Q-30: How do I get my X permissions (MIT-MAGIC-COOKIE file) correct + for a Unix/Linux machine acting as an Xterminal? [Sun Rays] - [33]Q-31: I'm having trouble using x11vnc with my Sun Ray session. + Q-31: I'm having trouble using x11vnc with my Sun Ray session. [Remote Control] - [34]Q-32: How do I stop x11vnc once it is running in the background? + Q-32: How do I stop x11vnc once it is running in the background? - [35]Q-33: Can I change settings in x11vnc without having to restart - it? Can I remote control it? + Q-33: Can I change settings in x11vnc without having to restart it? + Can I remote control it? [Security and Permissions] - [36]Q-34: How do I create a VNC password for use with x11vnc? + Q-34: How do I create a VNC password for use with x11vnc? - [37]Q-35: Can I make it so -storepasswd doesn't show my password on - the screen? + Q-35: Can I make it so -storepasswd doesn't show my password on the + screen? - [38]Q-36: Can I have two passwords for VNC viewers, one for full - access and the other for view-only access to the display? + Q-36: Can I have two passwords for VNC viewers, one for full access + and the other for view-only access to the display? - [39]Q-37: Can I have as many full-access and view-only passwords as I + Q-37: Can I have as many full-access and view-only passwords as I like? - [40]Q-38: Does x11vnc support Unix usernames and passwords? Can I - further limit the set of Unix usernames who can connect to the VNC - desktop? + Q-38: Does x11vnc support Unix usernames and passwords? Can I further + limit the set of Unix usernames who can connect to the VNC desktop? - [41]Q-39: Can I supply an external program to provide my own custom - login method (e.g. Dynamic/One-time passwords or non-Unix (LDAP) - usernames and passwords)? + Q-39: Can I supply an external program to provide my own custom login + method (e.g. Dynamic/One-time passwords or non-Unix (LDAP) usernames + and passwords)? - [42]Q-40: Why does x11vnc exit as soon as the VNC viewer disconnects? - And why doesn't it allow more than one VNC viewer to connect at the - same time? + Q-40: Why does x11vnc exit as soon as the VNC viewer disconnects? And + why doesn't it allow more than one VNC viewer to connect at the same + time? - [43]Q-41: Can I limit which machines incoming VNC clients can connect + Q-41: Can I limit which machines incoming VNC clients can connect from? - [44]Q-42: How do I build x11vnc/libvncserver with libwrap - (tcp_wrappers) support? + Q-42: How do I build x11vnc/libvncserver with libwrap (tcp_wrappers) + support? - [45]Q-43: Can I have x11vnc only listen on one network interface (e.g. + Q-43: Can I have x11vnc only listen on one network interface (e.g. internal LAN) rather than having it listen on all network interfaces and relying on -allow to filter unwanted connections out? - [46]Q-44: Now that -localhost implies listening only on the loopback + Q-44: Now that -localhost implies listening only on the loopback interface, how I can occasionally allow in a non-localhost via the -R allowonce remote control command? - [47]Q-45: Can I fine tune what types of user input are allowed? E.g. - have some users just be able to move the mouse, but not click or type + Q-45: Can I fine tune what types of user input are allowed? E.g. have + some users just be able to move the mouse, but not click or type anything? - [48]Q-46: Can I prompt the user at the local X display whether the + Q-46: Can I prompt the user at the local X display whether the incoming VNC client should be accepted or not? Can I decide to make some clients view-only? How about running an arbitrary program to make the decisions? - [49]Q-47: I start x11vnc as root because it is launched via inetd(8) - or a display manager like gdm(1). Can I have x11vnc later switch to a + Q-47: I start x11vnc as root because it is launched via inetd(8) or a + display manager like gdm(1). Can I have x11vnc later switch to a different user? - [50]Q-48: I use a screen-lock when I leave my workstation (e.g. + Q-48: I use a screen-lock when I leave my workstation (e.g. xscreensaver or xlock.) When I remotely access my workstation desktop via x11vnc I can unlock the desktop fine, but I am worried people will see my activities on the physical monitor. What can I do to prevent this, or at least make it more difficult? - [51]Q-49: Can I have x11vnc automatically lock the screen when I + Q-49: Can I have x11vnc automatically lock the screen when I disconnect the VNC viewer? [Encrypted Connections] - [52]Q-50: How can I tunnel my connection to x11vnc via an encrypted - SSH channel between two Unix machines? + Q-50: How can I tunnel my connection to x11vnc via an encrypted SSH + channel between two Unix machines? - [53]Q-51: How can I tunnel my connection to x11vnc via an encrypted - SSH channel from Windows using an SSH client like Putty? + Q-51: How can I tunnel my connection to x11vnc via an encrypted SSH + channel from Windows using an SSH client like Putty? - [54]Q-52: How can I tunnel my connection to x11vnc via an encrypted - SSL channel using an external tool like stunnel? + Q-52: How can I tunnel my connection to x11vnc via an encrypted SSL + channel using an external tool like stunnel? - [55]Q-53: Does x11vnc have built-in SSL tunneling? + Q-53: Does x11vnc have built-in SSL tunneling? - [56]Q-54: How do I use VNC Viewers with built-in SSL tunneling? + Q-54: How do I use VNC Viewers with built-in SSL tunneling? - [57]Q-55: How do I use the Java applet VNC Viewer with built-in SSL + Q-55: How do I use the Java applet VNC Viewer with built-in SSL tunneling when going through a Web Proxy? - [58]Q-56: Can Apache web server act as a gateway for users to connect - via SSL from the Internet with a Web browser to x11vnc running on - their workstations behind a firewall? + Q-56: Can Apache web server act as a gateway for users to connect via + SSL from the Internet with a Web browser to x11vnc running on their + workstations behind a firewall? - [59]Q-57: Can I create and use my own SSL Certificate Authority (CA) - with x11vnc? + Q-57: Can I create and use my own SSL Certificate Authority (CA) with + x11vnc? [Display Managers and Services] - [60]Q-58: How can I run x11vnc as a "service" that is always - available? + Q-58: How can I run x11vnc as a "service" that is always available? - [61]Q-59: How can I use x11vnc to connect to an X login screen like - xdm, GNOME gdm, KDE kdm, or CDE dtlogin? (i.e. nobody is logged into - an X session yet.) + Q-59: How can I use x11vnc to connect to an X login screen like xdm, + GNOME gdm, KDE kdm, or CDE dtlogin? (i.e. nobody is logged into an X + session yet.) - [62]Q-60: Can I run x11vnc out of inetd(8)? How about xinetd(8)? + Q-60: Can I run x11vnc out of inetd(8)? How about xinetd(8)? - [63]Q-61: Can I have x11vnc advertise its VNC service and port via - mDNS / Zeroconf (e.g. Avahi) so VNC viewers on the local network can - detect it automatically? + Q-61: Can I have x11vnc advertise its VNC service and port via mDNS / + Zeroconf (e.g. Avahi) so VNC viewers on the local network can detect + it automatically? - [64]Q-62: Can I have x11vnc allow a user to log in with her UNIX - username and password and then have it find her X session display on - that machine and then attach to it? How about starting an X session if - one cannot be found? + Q-62: Can I have x11vnc allow a user to log in with her UNIX username + and password and then have it find her X session display on that + machine and then attach to it? How about starting an X session if one + cannot be found? - [65]Q-63: Can I have x11vnc restart itself after it terminates? + Q-63: Can I have x11vnc restart itself after it terminates? - [66]Q-64: How do I make x11vnc work with the Java VNC viewer applet in - a web browser? + Q-64: How do I make x11vnc work with the Java VNC viewer applet in a + web browser? - [67]Q-65: Are reverse connections (i.e. the VNC server connecting to - the VNC viewer) using "vncviewer -listen" and vncconnect(1) supported? - - [68]Q-66: Can reverse connections be made to go through a Web or SOCKS + Q-65: Are reverse connections (i.e. the VNC server connecting to the + VNC viewer) using "vncviewer -listen" and vncconnect(1) supported? + + Q-66: Can reverse connections be made to go through a Web or SOCKS proxy or SSH? - [69]Q-67: Can x11vnc provide a multi-user desktop web login service as - an Apache CGI or PHP script? + Q-67: Can x11vnc provide a multi-user desktop web login service as an + Apache CGI or PHP script? - [70]Q-68: Can I use x11vnc as a replacement for Xvnc? (i.e. not for a - real display, but for a virtual one I keep around.) + Q-68: Can I use x11vnc as a replacement for Xvnc? (i.e. not for a real + display, but for a virtual one I keep around.) - [71]Q-69: How can I use x11vnc on "headless" machines? Why might I - want to? + Q-69: How can I use x11vnc on "headless" machines? Why might I want + to? [Resource Usage and Performance] - [72]Q-70: I have lots of memory, but why does x11vnc fail with - shmget: No space left on device or Minor opcode of failed - request: 1 (X_ShmAttach)? + Q-70: I have lots of memory, but why does x11vnc fail with shmget: + No space left on device or Minor opcode of failed request: 1 + (X_ShmAttach)? - [73]Q-71: How can I make x11vnc use less system resources? + Q-71: How can I make x11vnc use less system resources? - [74]Q-72: How can I make x11vnc use MORE system resources? + Q-72: How can I make x11vnc use MORE system resources? - [75]Q-73: I use x11vnc over a slow link with high latency (e.g. dialup + Q-73: I use x11vnc over a slow link with high latency (e.g. dialup modem or broadband), is there anything I can do to speed things up? - [76]Q-74: Does x11vnc support the X DAMAGE Xserver extension to find + Q-74: Does x11vnc support the X DAMAGE Xserver extension to find modified regions of the screen quickly and efficiently? - [77]Q-75: My OpenGL application shows no screen updates unless I - supply the -noxdamage option to x11vnc. + Q-75: My OpenGL application shows no screen updates unless I supply + the -noxdamage option to x11vnc. - [78]Q-76: When I drag windows around with the mouse or scroll up and - down things really bog down (unless I do the drag in a single, quick + Q-76: When I drag windows around with the mouse or scroll up and down + things really bog down (unless I do the drag in a single, quick motion.) Is there anything to do to improve things? - [79]Q-77: Why not do something like wireframe animations to avoid the + Q-77: Why not do something like wireframe animations to avoid the windows "lurching" when being moved or resized? - [80]Q-78: Can x11vnc try to apply heuristics to detect when a window - is scrolling its contents and use the CopyRect encoding for a speedup? - - [81]Q-79: Can x11vnc do client-side caching of pixel data? I.e. so - when that pixel data is needed again it does not have to be - retransmitted over the network. + Q-78: Can x11vnc try to apply heuristics to detect when a window is + scrolling its contents and use the CopyRect encoding for a speedup? - [82]Q-80: Does x11vnc support TurboVNC? + Q-79: Can x11vnc do client-side caching of pixel data? I.e. so when + that pixel data is needed again it does not have to be retransmitted + over the network. + + Q-80: Does x11vnc support TurboVNC? [Mouse Cursor Shapes] - [83]Q-81: Why isn't the mouse cursor shape (the little icon shape - where the mouse pointer is) correct as I move from window to window? + Q-81: Why isn't the mouse cursor shape (the little icon shape where + the mouse pointer is) correct as I move from window to window? - [84]Q-82: When using XFIXES cursorshape mode, some of the cursors look + Q-82: When using XFIXES cursorshape mode, some of the cursors look really bad with extra black borders around the cursor and other cruft. How can I improve their appearance? - [85]Q-83: In XFIXES mode, are there any hacks to handle cursor + Q-83: In XFIXES mode, are there any hacks to handle cursor transparency ("alpha channel") exactly? [Mouse Pointer] - [86]Q-84: Why does the mouse arrow just stay in one corner in my + Q-84: Why does the mouse arrow just stay in one corner in my vncviewer, whereas my cursor (that does move) is just a dot? - [87]Q-85: Can I take advantage of the TightVNC extension to the VNC + Q-85: Can I take advantage of the TightVNC extension to the VNC protocol where Cursor Positions Updates are sent back to all connected clients (i.e. passive viewers can see the mouse cursor being moved around by another viewer)? - [88]Q-86: Is it possible to swap the mouse buttons (e.g. left-handed + Q-86: Is it possible to swap the mouse buttons (e.g. left-handed operation), or arbitrarily remap them? How about mapping button clicks to keystrokes, e.g. to partially emulate Mouse wheel scrolling? [Keyboard Issues] - [89]Q-87: How can I get my AltGr and Shift modifiers to work between + Q-87: How can I get my AltGr and Shift modifiers to work between keyboards for different languages? - [90]Q-88: When I try to type a "<" (i.e. less than) instead I get ">" + Q-88: When I try to type a "<" (i.e. less than) instead I get ">" (i.e. greater than)! Strangely, typing ">" works OK!! - [91]Q-89: Extra Character Inserted, E.g.: When I try to type a "<" - (i.e. less than) instead I get "<," (i.e. an extra comma.) + Q-89: Extra Character Inserted, E.g.: When I try to type a "<" (i.e. + less than) instead I get "<," (i.e. an extra comma.) - [92]Q-90: I'm using an "international" keyboard (e.g. German "de", or + Q-90: I'm using an "international" keyboard (e.g. German "de", or Danish "dk") and the -modtweak mode works well if the VNC viewer is run on a Unix/Linux machine with a similar keyboard. But if I run the VNC viewer on Unix/Linux with a different keyboard (e.g. "us") or Windows with any keyboard, I can't type some keys like: "@", "$", "<", ">", etc. How can I fix this? - [93]Q-91: When typing I sometimes get double, triple, or more of my + Q-91: When typing I sometimes get double, triple, or more of my keystrokes repeated. I'm sure I only typed them once, what can I do? - [94]Q-92: The x11vnc -norepeat mode is in effect, but I still get - repeated keystrokes!! + Q-92: The x11vnc -norepeat mode is in effect, but I still get repeated + keystrokes!! - [95]Q-93: After using x11vnc for a while, I find that I cannot type - some (or any) characters or my mouse clicks and drags no longer have - any effect, or they lead to strange effects. What happened? + Q-93: After using x11vnc for a while, I find that I cannot type some + (or any) characters or my mouse clicks and drags no longer have any + effect, or they lead to strange effects. What happened? - [96]Q-94: The machine where I run x11vnc has an AltGr key, but the - local machine where I run the VNC viewer does not. Is there a way I - can map a local unused key to send an AltGr? How about a Compose key - as well? + Q-94: The machine where I run x11vnc has an AltGr key, but the local + machine where I run the VNC viewer does not. Is there a way I can map + a local unused key to send an AltGr? How about a Compose key as well? - [97]Q-95: I have a Sun machine I run x11vnc on. Its Sun keyboard has - just one Alt key labelled "Alt" and two Meta keys labelled with little + Q-95: I have a Sun machine I run x11vnc on. Its Sun keyboard has just + one Alt key labelled "Alt" and two Meta keys labelled with little diamonds. The machine where I run the VNC viewer only has Alt keys. How can I send a Meta keypress? (e.g. emacs needs this) - [98]Q-96: Running x11vnc on HP-UX I cannot type "#" I just get a "3" + Q-96: Running x11vnc on HP-UX I cannot type "#" I just get a "3" instead. - [99]Q-97: Can I map a keystroke to a mouse button click on the remote + Q-97: Can I map a keystroke to a mouse button click on the remote machine? - [100]Q-98: How can I get Caps_Lock to work between my VNC viewer and + Q-98: How can I get Caps_Lock to work between my VNC viewer and x11vnc? [Screen Related Issues and Features] - [101]Q-99: The remote display is larger (in number of pixels) than the + Q-99: The remote display is larger (in number of pixels) than the local display I am running the vncviewer on. I don't like the vncviewer scrollbars, what I can do? - [102]Q-100: Does x11vnc support server-side framebuffer scaling? (E.g. - to make the desktop smaller.) + Q-100: Does x11vnc support server-side framebuffer scaling? (E.g. to + make the desktop smaller.) - [103]Q-101: Does x11vnc work with Xinerama? (i.e. multiple monitors - joined together to form one big, single screen.) + Q-101: Does x11vnc work with Xinerama? (i.e. multiple monitors joined + together to form one big, single screen.) - [104]Q-102: Can I use x11vnc on a multi-headed display that is not - Xinerama (i.e. separate screens :0.0, :0.1, ... for each monitor)? + Q-102: Can I use x11vnc on a multi-headed display that is not Xinerama + (i.e. separate screens :0.0, :0.1, ... for each monitor)? - [105]Q-103: Can x11vnc show only a portion of the display? (E.g. for a + Q-103: Can x11vnc show only a portion of the display? (E.g. for a special purpose application or a very large screen.) - [106]Q-104: Does x11vnc support the XRANDR (X Resize, Rotate and + Q-104: Does x11vnc support the XRANDR (X Resize, Rotate and Reflection) extension? Whenever I rotate or resize the screen x11vnc just seems to crash. - [107]Q-105: Independent of any XRANDR, can I have x11vnc rotate and/or + Q-105: Independent of any XRANDR, can I have x11vnc rotate and/or reflect the screen that the VNC viewers see? (e.g. for a handheld whose screen is rotated 90 degrees.) - [108]Q-106: Why is the view in my VNC viewer completely black? Or why - is everything flashing around randomly? + Q-106: Why is the view in my VNC viewer completely black? Or why is + everything flashing around randomly? - [109]Q-107: I use Linux Virtual Terminals (VT's) to implement 'Fast - User Switching' between users' sessions (e.g. Betty is on Ctrl-Alt-F7, + Q-107: I use Linux Virtual Terminals (VT's) to implement 'Fast User + Switching' between users' sessions (e.g. Betty is on Ctrl-Alt-F7, Bobby is on Ctrl-Alt-F8, and Sid is on Ctrl-Alt-F1: they use those keystrokes to switch between their sessions.) How come the view in a VNC viewer connecting to x11vnc is either completely black or otherwise all messed up unless the X session x11vnc is attached to is in the active VT? - [110]Q-108: I am using x11vnc where my local machine has "popup/hidden + Q-108: I am using x11vnc where my local machine has "popup/hidden taskbars" and the remote display where x11vnc runs also has "popup/hidden taskbars" and they interfere and fight with each other. What can I do? - [111]Q-109: Help! x11vnc and my KDE screensaver keep switching each - other on and off every few seconds. + Q-109: Help! x11vnc and my KDE screensaver keep switching each other + on and off every few seconds. - [112]Q-110: I am running the beryl 3D window manager (or compiz, - MythTv, Google Earth, or some other OpenGL app) and I do not get - screen updates in x11vnc. + Q-110: I am running the beryl 3D window manager (or compiz, MythTv, + Google Earth, or some other OpenGL app) and I do not get screen + updates in x11vnc. - [113]Q-111: Can I use x11vnc to view my VMWare session remotely? + Q-111: Can I use x11vnc to view my VMWare session remotely? [Exporting non-X11 devices via VNC] - [114]Q-112: Can non-X devices (e.g. a raw framebuffer) be viewed (and - even controlled) via VNC with x11vnc? + Q-112: Can non-X devices (e.g. a raw framebuffer) be viewed (and even + controlled) via VNC with x11vnc? - [115]Q-113: Can I export the Linux Console (Virtual Terminals) via VNC + Q-113: Can I export the Linux Console (Virtual Terminals) via VNC using x11vnc? - [116]Q-114: Can I export via VNC a Webcam or TV tuner framebuffer - using x11vnc? + Q-114: Can I export via VNC a Webcam or TV tuner framebuffer using + x11vnc? - [117]Q-115: Can I connect via VNC to a Qt-embedded/Qtopia application + Q-115: Can I connect via VNC to a Qt-embedded/Qtopia application running on my handheld or PC using the Linux console framebuffer (i.e. not X11)? - [118]Q-116: Now that non-X11 devices can be exported via VNC using - x11vnc, can I build it with no dependencies on X11 header files and - libraries? - - [119]Q-117: Does x11vnc support Mac OS X Aqua/Quartz displays natively + Q-116: Now that non-X11 devices can be exported via VNC using x11vnc, + can I build it with no dependencies on X11 header files and libraries? + + Q-117: Does x11vnc support Mac OS X Aqua/Quartz displays natively (i.e. no X11 involved)? - [120]Q-118: Can x11vnc be used as a VNC reflector/repeater to improve + Q-118: Can x11vnc be used as a VNC reflector/repeater to improve performance for the case of a large number of simultaneous VNC viewers (e.g. classroom broadcasting or a large demo)? - [121]Q-119: Can x11vnc be used during a Linux, Solaris, etc. system + Q-119: Can x11vnc be used during a Linux, Solaris, etc. system Installation so the Installation can be done remotely? [Misc: Clipboard, File Transfer/Sharing, Printing, Sound, Beeps, Thanks, etc.] - [122]Q-120: Does the Clipboard/Selection get transferred between the + Q-120: Does the Clipboard/Selection get transferred between the vncviewer and the X display? - [123]Q-121: Can I use x11vnc to record a Shock Wave Flash (or other - format) video of my desktop, e.g. to record a tutorial or demo? + Q-121: Can I use x11vnc to record a Shock Wave Flash (or other format) + video of my desktop, e.g. to record a tutorial or demo? - [124]Q-122: Can I transfer files back and forth with x11vnc? + Q-122: Can I transfer files back and forth with x11vnc? - [125]Q-123: Which UltraVNC extensions are supported? + Q-123: Which UltraVNC extensions are supported? - [126]Q-124: Can x11vnc emulate UltraVNC's Single Click helpdesk mode - for Unix? I.e. something very simple for a naive user to initiate a + Q-124: Can x11vnc emulate UltraVNC's Single Click helpdesk mode for + Unix? I.e. something very simple for a naive user to initiate a reverse vnc connection from their Unix desktop to a helpdesk operator's VNC Viewer. - [127]Q-125: Can I (temporarily) mount my local (viewer-side) - Windows/Samba File share on the machine where x11vnc is running? + Q-125: Can I (temporarily) mount my local (viewer-side) Windows/Samba + File share on the machine where x11vnc is running? - [128]Q-126: Can I redirect CUPS print jobs from the remote desktop - where x11vnc is running to a printer on my local (viewer-side) - machine? + Q-126: Can I redirect CUPS print jobs from the remote desktop where + x11vnc is running to a printer on my local (viewer-side) machine? - [129]Q-127: How can I hear the sound (audio) from the remote - applications on the desktop I am viewing via x11vnc? + Q-127: How can I hear the sound (audio) from the remote applications + on the desktop I am viewing via x11vnc? - [130]Q-128: Why don't I hear the "Beeps" in my X session (e.g. when - typing tput bel in an xterm)? + Q-128: Why don't I hear the "Beeps" in my X session (e.g. when typing + tput bel in an xterm)? - [131]Q-129: Does x11vnc work with IPv6? + Q-129: Does x11vnc work with IPv6? - [132]Q-130: Thanks for your program or for your help! Can I make a + Q-130: Thanks for your program or for your help! Can I make a donation? _________________________________________________________________ @@ -2396,7 +2050,7 @@ http://www.karlrunge.com/x11vnc/faq.html: For the former error, you need to specify the X display to connect to (it also needs to be on the same machine the x11vnc process is to run - on.) Set your DISPLAY environment variable (or use the [133]-display + on.) Set your DISPLAY environment variable (or use the -display option) to specify it. Nearly always the correct value will be ":0" (in fact, x11vnc will now assume :0 if given no other information.) @@ -2413,9 +2067,9 @@ http://www.karlrunge.com/x11vnc/faq.html: working when you try to start x11vnc via, say, a remote shell. How to Solve: See the xauth(1), Xsecurity(7), and xhost(1) man pages - or [134]this Howto for much info on X11 permissions. For example, you - may need to set your XAUTHORITY environment variable (or use the - [135]-auth option) to point to the correct MIT-MAGIC-COOKIE file (e.g. + or this Howto for much info on X11 permissions. For example, you may + need to set your XAUTHORITY environment variable (or use the -auth + option) to point to the correct MIT-MAGIC-COOKIE file (e.g. /home/joe/.Xauthority or /var/gdm/:0.Xauth or /var/lib/kdm/A:0-crWk72K or /tmp/.gdmzndVlR, etc, etc.), or simply be sure you run x11vnc as the correct user (i.e. the user who is logged into the X session you @@ -2437,10 +2091,10 @@ http://www.karlrunge.com/x11vnc/faq.html: x11vnc -display :0 -auth /var/gdm/:0.Xauth (this is for the display manager gdm and requires root permission to - read the gdm cookie file, see [136]this faq for other display manager + read the gdm cookie file, see this faq for other display manager cookie file names.) - Note as of Feb/2007 you can also try the [137]-find option instead of + Note as of Feb/2007 you can also try the -find option instead of "-display ..." and see if that finds your display and Xauthority. Less safe, but to avoid figuring out where the correct XAUTHORITY file @@ -2449,7 +2103,7 @@ http://www.karlrunge.com/x11vnc/faq.html: (from the same machine.) The person could then type "xhost -localhost" after x11vnc has connected to go back to the default permissions. Also, for some situations the "-users lurk=" option may soon be of use - (please read the documentation on the [138]-users option.) + (please read the documentation on the -users option.) To test out your X11 permissions from a remote shell, set DISPLAY and possibly XAUTHORITY (see your shell's man page, bash(1), tcsh(1), on @@ -2468,7 +2122,7 @@ http://www.karlrunge.com/x11vnc/faq.html: properly.) Firewalls: Speaking of permissions, it should go without saying that - the host-level [139]firewall will need to be configured to allow + the host-level firewall will need to be configured to allow connections in on a port. E.g. 5900 (default VNC port) or 22 (default SSH port for tunnelling VNC.) Most systems these days have firewalls turned on by default, so you will actively have to do something to @@ -2561,7 +2215,7 @@ libssl.so libcrypto.so libcrypt.so the above list may be out of date. So only use the above lists as hints for the package names that are needed. - Have a look at [140]Misc. Build Problems for additional fixes. + Have a look at Misc. Build Problems for additional fixes. Note: there is growing trend in Linux and other distros to slice up core X11 software into more and smaller packages. So be prepared for @@ -2639,11 +2293,10 @@ h earlier and perhaps non-Solaris): First use the environment settings (CPPFLAGS, LDFLAGS, etc.) in the - above [141]Solaris build script to run the configure command. That - should succeed without failure. Then you have to hand edit the - autogenerated rfb/rfbconfig.h file in the source tree, and just before - the last #endif at the bottom of that file insert these workaround - lines: + above Solaris build script to run the configure command. That should + succeed without failure. Then you have to hand edit the autogenerated + rfb/rfbconfig.h file in the source tree, and just before the last + #endif at the bottom of that file insert these workaround lines: struct timeval _tmp_usleep_tv; #define usleep(x) \ _tmp_usleep_tv.tv_sec = (x) / 1000000; \ @@ -2665,7 +2318,7 @@ typedef unsigned int in_addr_t; on other older OS (Solaris, Linux, ...) releases. Here are some notes for similar steps that need to be done to build on - [142]SunOS 4.x + SunOS 4.x Please let us know if you had to use the above workaround (and whether it worked or not.) If there is enough demand we will try to push clean @@ -2675,32 +2328,29 @@ typedef unsigned int in_addr_t; Q-5: Where can I get a precompiled x11vnc binary for my Operating System? - Hopefully the [143]build steps above and [144]FAQ provide enough info - for a painless compile for most environments. Please report problems - with the x11vnc configure, make, etc. on your system (if your system - is known to compile other GNU packages successfully.) + Hopefully the build steps above and FAQ provide enough info for a + painless compile for most environments. Please report problems with + the x11vnc configure, make, etc. on your system (if your system is + known to compile other GNU packages successfully.) There are precompiled x11vnc binaries built by other groups that are available at the following locations: - Slackware: (.tgz) [145]http://www.linuxpackages.net/ - - SuSE: (.rpm) [146]http:/software.opensuse.org/ Gentoo: (info) - [147]http://gentoo-wiki.com/ and [148]http://gentoo-portage.com/ - FreeBSD: (.tbz) [149]http://www.freebsd.org/ - [150]http://www.freshports.org/net/x11vnc NetBSD: (src) - [151]http://pkgsrc.se/x11/x11vnc OpenBSD: (.tgz) - [152]http://openports.se/ Arch Linux: (.tgz) - [153]http://www.archlinux.org/ Nokia 770 (.deb) - [154]http://mike.saunby.googlepages.com/x11vncfornokia7702 Sharp - Zaurus [155]http://www.focv.com/ Debian: (.deb) - [156]http://packages.debian.org/x11vnc Redhat/Fedora: (.rpm) - [157]http://packages.sw.be/x11vnc RPMforge - [158]http://dag.wieers.com/rpm/packages/x11vnc/ (N.B.: unmaintained - after 0.9.3) Solaris: (pkg) [159]http://www.sunfreeware.com/ (N.B: - very old; better to compile from source) + Slackware: (.tgz) http://www.linuxpackages.net/ + + SuSE: (.rpm) http:/software.opensuse.org/ Gentoo: (info) + http://gentoo-wiki.com/ and http://gentoo-portage.com/ FreeBSD: (.tbz) + http://www.freebsd.org/ http://www.freshports.org/net/x11vnc NetBSD: + (src) http://pkgsrc.se/x11/x11vnc OpenBSD: (.tgz) http://openports.se/ + Arch Linux: (.tgz) http://www.archlinux.org/ Nokia 770 (.deb) + http://mike.saunby.googlepages.com/x11vncfornokia7702 Sharp Zaurus + http://www.focv.com/ Debian: (.deb) http://packages.debian.org/x11vnc + Redhat/Fedora: (.rpm) http://packages.sw.be/x11vnc RPMforge + http://dag.wieers.com/rpm/packages/x11vnc/ (N.B.: unmaintained after + 0.9.3) Solaris: (pkg) http://www.sunfreeware.com/ (N.B: very old; + better to compile from source) If the above binaries don't work and building x11vnc on your OS fails - (and all else fails!) you can try one of [160]My Collection of x11vnc + (and all else fails!) you can try one of My Collection of x11vnc Binaries for various OS's and x11vnc releases. As a general note, the x11vnc program is simple enough you don't @@ -2718,7 +2368,7 @@ typedef unsigned int in_addr_t; If you use a standalone binary like this and also want x11vnc to serve up the Java VNC Viewer jar file (either SSL enabled or regular one), then you will need to extract the classes subdirectory from the source - tarball and point x11vnc to it via the [161]-httpdir option. E.g.: + tarball and point x11vnc to it via the -httpdir option. E.g.: x11vnc -httpdir /path/to/x11vnc-0.9.9/classes/ssl ... @@ -2727,11 +2377,11 @@ typedef unsigned int in_addr_t; To obtain VNC viewers for the viewing side (Windows, Mac OS, or Unix) try here: - * [162]http://www.tightvnc.com/download.html - * [163]http://www.realvnc.com/download-free.html - * [164]http://sourceforge.net/projects/cotvnc/ - * [165]http://www.ultravnc.com/ - * [166]Our Enhanced TightVNC Viewer (SSVNC) + * http://www.tightvnc.com/download.html + * http://www.realvnc.com/download-free.html + * http://sourceforge.net/projects/cotvnc/ + * http://www.ultravnc.com/ + * Our Enhanced TightVNC Viewer (SSVNC) [ssvnc.gif] @@ -2741,8 +2391,7 @@ typedef unsigned int in_addr_t; Run: x11vnc -opts to list just the option names or run: x11vnc -help for long descriptions about each option. The output is listed - [167]here as well. Yes, x11vnc does have a lot of options, doesn't - it... + here as well. Yes, x11vnc does have a lot of options, doesn't it... Q-8: I don't like typing arcane command line options every time I @@ -2773,10 +2422,10 @@ display :0 program is needed for operation. The gui is not particularly user-friendly, it just provides a point and click mode to set all the many x11vnc parameters and obtain help on them. It is also very useful - for testing. See the [168]-gui option for more info. Examples: "x11vnc - ... -gui" and "x11vnc ... -gui other:0" in the latter case the gui is + for testing. See the -gui option for more info. Examples: "x11vnc ... + -gui" and "x11vnc ... -gui other:0" in the latter case the gui is displayed on other:0, not the X display x11vnc is polling. There is - also a "[169]-gui tray" system tray mode. + also a "-gui tray" system tray mode. [tkx11vnc.gif] @@ -2790,11 +2439,11 @@ display :0 smaller, simpler icon? As of Jul/2005 the gui can run in a more friendly small icon mode - "[170]-gui icon" or in the system tray: "[171]-gui tray". It has - balloon status, a simple menu, and a Properities dialog. The full, - complicated, gui is only available under "Advanced". Other - improvements were added as well. Try "Misc -> simple_gui" for a gui - with fewer esoteric menu items. + "-gui icon" or in the system tray: "-gui tray". It has balloon status, + a simple menu, and a Properities dialog. The full, complicated, gui is + only available under "Advanced". Other improvements were added as + well. Try "Misc -> simple_gui" for a gui with fewer esoteric menu + items. If the gui fails to embed itself in the system tray, do a retry via "Window View -> icon" followed by "Window View -> tray" with the popup @@ -2826,18 +2475,18 @@ LAY PORT=59xx line to see which port it found, then subtract 5900 from it for the VNC display number to enter into the VNC Viewer(s). - The "[172]-N" option will try to match the VNC display number to the X + The "-N" option will try to match the VNC display number to the X display (e.g. X11 DISPLAY of :5 (port 6005) will have VNC display :5 (port 5905).) - Also see the "[173]-autoport n" option to indicated at which value the - auto probing should start at. + Also see the "-autoport n" option to indicated at which value the auto + probing should start at. Q-11: My Firewall/Router doesn't allow VNC Viewers to connect to x11vnc. - See the [174]Firewalls/Routers discussion. + See the Firewalls/Routers discussion. Q-12: Is it possible for a VNC Viewer and a VNC Server to connect to @@ -2848,10 +2497,16 @@ LAY reachable by both, is used as a relay. So we assume a third machine is somehow being used as a relay. + (Update: It may be possible to do "NAT-2-NAT" without a relay machine + by using a UDP tunnel such as http://samy.pl/pwnat/. All that is + required is that both NAT firewalls allow in UDP packets from an IP + address to which a UDP packet has recently been sent to. If you try it + out let us know how it went.) + In the following discussion, we will suppose port 5950 is being used on the relay machine as the VNC port for the rendezvous. - A way to rendezvous is to have the VNC Server start a [175]reverse + A way to rendezvous is to have the VNC Server start a reverse connection to the relay machine: x11vnc -connect third-machine.net:5950 ... @@ -2865,19 +2520,19 @@ LAY be used... Try a google search on "tcp relay" or "ip relay". However, note that this isn't a simple redirection because it hooks up two incoming connections. You can look at our UltraVNC repeater - implementation [176]ultravnc_repeater.pl for ideas and possibly to + implementation ultravnc_repeater.pl for ideas and possibly to customize. Also, if you are not the admin of third-machine you'd have to convince the owner to allow you to install this software (and he would likely need to open his server's firewall to allow the port through.) - It is recommended that [177]SSL is used for encryption (e.g. - "[178]-ssl SAVE") when going over the internet. + It is recommended that SSL is used for encryption (e.g. "-ssl SAVE") + when going over the internet. We have a prototype for performing a rendezvous via a Web Server - acting as the relay machine. Download the [179]vncxfer CGI script and - see the instructions at the top. + acting as the relay machine. Download the vncxfer CGI script and see + the instructions at the top. Once that CGI script is set up on the website, both users go to, say, http://somesite.com/vncxfer (or maybe a "/cgi-bin" directory or ".cgi" @@ -2906,8 +2561,8 @@ LAY port requirement (e.g. use HTTP/CGI itself for the transfer... it is difficult to emulate a full-duplex TCP connection with them.) - See also the [180]Firewalls/Routers discussion and [181]Reverse - Connection Proxy discussion. + See also the Firewalls/Routers discussion and Reverse Connection Proxy + discussion. SSH method: If both users (i.e. one on Viewer-side and the other on @@ -2933,8 +2588,8 @@ LAY Run Viewer on the VNC Viewer side: vncviewer -encodings "copyrect tight zrle hextile" localhost:0 - (we assume the old-style -encodings option needs to be used. See - [182]here for details.) + (we assume the old-style -encodings option needs to be used. See here + for details.) If the SSH machine has been configured (see sshd_config(5)) with the option GatewayPorts=yes, then the tunnel set up by the VNC Server will @@ -2944,16 +2599,16 @@ LAY only runs: vncviewer third-machine.net:33 - In this case we recommend [183]SSL be used for encryption. + In this case we recommend SSL be used for encryption. - The creation of both tunnels can be automated. As of Oct/2007 the - [184]-ssh x11vnc option is available and so only this command needs to - be run on the VNC Server side: + The creation of both tunnels can be automated. As of Oct/2007 the -ssh + x11vnc option is available and so only this command needs to be run on + the VNC Server side: x11vnc -ssh user@third-machine.net:33 ... (the SSH passphrase may need to be supplied.) - To automate on the VNC Viewer side, the user can use the [185]Enhanced + To automate on the VNC Viewer side, the user can use the Enhanced TightVNC Viewer (SSVNC) by: * Clicking on 'Use SSH' * Entering user@third-machine.net:33 into 'VNC Host:Display' entry @@ -2970,11 +2625,11 @@ LAY Q-13: Can I make x11vnc more quiet and also go into the background after starting up? - Use the [186]-q and [187]-bg options, respectively. (also: -quiet is - an alias for -q) + Use the -q and -bg options, respectively. (also: -quiet is an alias + for -q) Note that under -bg the stderr messages will be lost unless you use - the "[188]-o logfile" option. + the "-o logfile" option. Q-14: Sometimes when a VNC viewer dies abruptly, x11vnc also dies with @@ -3000,8 +2655,8 @@ LAY Q-16: KDE's krdc VNC viewer cannot connect to x11vnc. - This has been fixed in x11vnc version 0.8.4. More info [189]here, - [190]here, and [191]here. + This has been fixed in x11vnc version 0.8.4. More info here, here, and + here. Q-17: When I start x11vnc on an Alpha Tru64 workstation the X server @@ -3011,7 +2666,7 @@ LAY able to crash it. The problem seems to be with the RECORD X extension and so a - workaround is to use the "[192]-noxrecord" x11vnc command line option. + workaround is to use the "-noxrecord" x11vnc command line option. Q-18: When running x11vnc on an IBM AIX workstation after a few @@ -3023,8 +2678,8 @@ LAY than 0.9.2. The problem seems to be with the RECORD X extension on AIX and so a - workaround is to use the "[193]-noxrecord" x11vnc command line option. - The user found no freezes occurred when using that option. + workaround is to use the "-noxrecord" x11vnc command line option. The + user found no freezes occurred when using that option. Q-19: Are there any build-time customizations possible, e.g. change @@ -3032,7 +2687,7 @@ LAY There are some options. They are enabled by adding something like -Dxxxx=1 to the CPPFLAGS environment variable before running configure - (see the [194]build notes for general background.) + (see the build notes for general background.) /* * Mar/2006 * Build-time customization via CPPFLAGS. @@ -3103,21 +2758,21 @@ LAY dual-screen mode to pass the keystrokes and mouse motions to the X11 display? - Yes, for best response start up x11vnc with the "[195]-nofb" option + Yes, for best response start up x11vnc with the "-nofb" option (disables framebuffer polling, and does other optimizations) on the secondary display (X11) machine. Then start up Win2VNC on the primary display (Windows) referring it to the secondary display. - This will also work X11 to X11 using [196]x2vnc, however you would - probably just want to avoid VNC and use x2x for that. + This will also work X11 to X11 using x2vnc, however you would probably + just want to avoid VNC and use x2x for that. For reference, here are some links to Win2VNC-like programs for multiple monitor setups: - * [197]Original Win2VNC - * [198]Enhanced Win2VNC (broken?) and [199]sourceforge link - * [200]x2vnc - * [201]x2x - * [202]zvnc (MorphOS) + * Original Win2VNC + * Enhanced Win2VNC (broken?) and sourceforge link + * x2vnc + * x2x + * zvnc (MorphOS) All of them will work with x11vnc (except x2x where it is not needed.) @@ -3137,9 +2792,9 @@ LAY on your display to be depth 24 TrueColor? Sun machines often have 8+24 overlay/multi-depth visuals, and you can make the default visual depth 24 TrueColor (see fbconfig(1) and Xsun(1).) 2) As of Feb/2004 x11vnc - has the [203]-visual option to allow you to force the framebuffer - visual to whatever you want (this usually messes up the colors unless - you are very clever.) In this case, the option provides a convenient + has the -visual option to allow you to force the framebuffer visual to + whatever you want (this usually messes up the colors unless you are + very clever.) In this case, the option provides a convenient workaround for the Win2VNC bug: x11vnc -nofb -visual TrueColor -display :0 ... @@ -3151,8 +2806,8 @@ LAY and keyboard input to it from Windows and X11 machines via Win2VNC and x2vnc, respectively? - Yes, as of Nov/2006 [204]you can. There may be a trick or two you'll - need to do to get the Clipboard exchange between the machines to work. + Yes, as of Nov/2006 you can. There may be a trick or two you'll need + to do to get the Clipboard exchange between the machines to work. @@ -3162,7 +2817,7 @@ LAY PseudoColor (i.e. only 256 distinct colors.) The x11vnc colors may start out OK, but after a while they are incorrect in certain windows. - Use the [205]-flashcmap option to have x11vnc watch for changes in the + Use the -flashcmap option to have x11vnc watch for changes in the colormap, and propagate those changes back to connected clients. This can be slow (since the whole screen must be updated over the network whenever the colormap changes.) This flashing colormap behavior often @@ -3171,13 +2826,12 @@ LAY example of this. Consider reconfiguring the system to 16 bpp or depth 24 TrueColor if at all possible. - Also note the option [206]-8to24 (Jan/2006) can often remove the need - for flashing the colormap. Everything is dynamically transformed to - depth 24 at 32 bpp using the colormaps. There may be painting errors - however (see the following FAQ for tips on reducing and correcting - them.) + Also note the option -8to24 (Jan/2006) can often remove the need for + flashing the colormap. Everything is dynamically transformed to depth + 24 at 32 bpp using the colormaps. There may be painting errors however + (see the following FAQ for tips on reducing and correcting them.) - In some rare cases (SCO unixware) the [207]-notruecolor option has + In some rare cases (SCO unixware) the -notruecolor option has corrected colors on 8bpp displays. The red, green, and blue masks were non-zero in 8bpp PseudoColor on an obscure setup, and this option corrected the problems. @@ -3188,13 +2842,13 @@ LAY different color depths: e.g. there are both depth 8 and 24 visuals available at the same time. - You may want to review the [208]previous question regarding 8 bpp + You may want to review the previous question regarding 8 bpp PseudoColor. - On some hardware (Sun/SPARC and SGI), the [209]-overlay option - discussed a couple paragraphs down may solve this for you (you may - want to skip to it directly.) On other hardware the less robust - [210]-8to24 option may help (also discussed below.) + On some hardware (Sun/SPARC and SGI), the -overlay option discussed a + couple paragraphs down may solve this for you (you may want to skip to + it directly.) On other hardware the less robust -8to24 option may help + (also discussed below.) Run xdpyinfo(1) to see what the default visual is and what the depths of the other visuals are. Does the default visual have a depth of 8 @@ -3230,7 +2884,7 @@ TrueColor defdepth 24 The -overlay mode: Another option is if the system with overlay visuals is a Sun system running Solaris or SGI running IRIX you can - use the [211]-overlay x11vnc option (Aug/2004) to have x11vnc use the + use the -overlay x11vnc option (Aug/2004) to have x11vnc use the Solaris XReadScreen(3X11) function to poll the "true view" of the whole screen at depth 24 TrueColor. XReadDisplay(3X11) is used on IRIX. This is useful for Legacy applications (older versions of @@ -3255,10 +2909,10 @@ TrueColor defdepth 24 Xsun, e.g. in your /etc/dt/config/Xservers file.) - The -8to24 mode: The [212]-8to24 x11vnc option (Jan/2006) is a kludge - to try to dynamically rewrite the pixel values so that the 8bpp part - of the screen is mapped onto depth 24 TrueColor. This is less robust - than the -overlay mode because it is done by x11vnc outside of the X + The -8to24 mode: The -8to24 x11vnc option (Jan/2006) is a kludge to + try to dynamically rewrite the pixel values so that the 8bpp part of + the screen is mapped onto depth 24 TrueColor. This is less robust than + the -overlay mode because it is done by x11vnc outside of the X server. So only use it on OS's that do not support -overlay. The -8to24 mode will work if the default visual is depth 24 or depth 8. It scans for any windows within 3 levels of the root window that are 8bpp @@ -3269,14 +2923,13 @@ TrueColor defdepth 24 32bpp view is exported via VNC. Even on pure 8bpp displays it can be used as an alternative to - [213]-flashcmap to avoid color flashing completely. + -flashcmap to avoid color flashing completely. This scheme is approximate and can often lead to painting errors. You can manually correct most painting errors by pressing 3 Alt_L's in a - row, or by using something like: [214]-fixscreen V=3.0 to - automatically refresh the screen every 3 seconds. Also -fixscreen - 8=3.0 has been added to just refresh the non-default visual parts of - the screen. + row, or by using something like: -fixscreen V=3.0 to automatically + refresh the screen every 3 seconds. Also -fixscreen 8=3.0 has been + added to just refresh the non-default visual parts of the screen. In general the scheme uses many resources and may give rise to sluggish behavior. If multiple windows are using different 8bpp @@ -3286,25 +2939,25 @@ TrueColor defdepth 24 nogetimage can give a nice speedup if the default depth 24 X server supports hiding the 8bpp bits in bits 25-32 of the framebuffer data. On very slow machines -8to24 poll=0.2,cachewin=5.0 gives an useful - speedup. See the [215]-8to24 help description for information on - tunable parameters, etc. + speedup. See the -8to24 help description for information on tunable + parameters, etc. Colors still not working correctly? Run xwininfo on the application with the incorrect colors to verify that the depth of its visual is different from the default visual depth (gotten from xdpyinfo.) One - possible workaround in this case is to use the [216]-id option to - point x11vnc at the application window itself. If the application is + possible workaround in this case is to use the -id option to point + x11vnc at the application window itself. If the application is complicated (lots of toplevel windows and popup menus) this may not be acceptable, and may even crash x11vnc (but not the application.) See - also [217]-appshare. + also -appshare. It is theoretically possible to solve this problem in general (see xwd(1) for example), but it does not seem trivial or sufficiently fast - for x11vnc to be able to do so in real time. The [218]-8to24 method - does this approximately and is somewhat usable. Fortunately the - [219]-overlay option works for Solaris machines with overlay visuals - where most of this problem occurs. + for x11vnc to be able to do so in real time. The -8to24 method does + this approximately and is somewhat usable. Fortunately the -overlay + option works for Solaris machines with overlay visuals where most of + this problem occurs. Q-25: I am on a high color system (depth >= 24) but I seem to have @@ -3339,9 +2992,9 @@ TrueColor defdepth 24 the desired application window. After clicking, it will print out much information, including the window id (e.g. 0x6000010.) Also, the visual and depth of the window printed out is often useful in - debugging x11vnc [220]color problems. + debugging x11vnc color problems. - Also, as of Dec/2004 you can use "[221]-id pick" to have x11vnc run + Also, as of Dec/2004 you can use "-id pick" to have x11vnc run xwininfo(1) for you and after you click the window it extracts the windowid. Besides "pick" there is also "id:root" to allow you to go back to root window when doing remote-control. @@ -3359,11 +3012,11 @@ TrueColor defdepth 24 you should be able to see these transient windows. If things are not working and you still want to do the single window - polling, try the [222]-sid windowid option ("shifted" windowid.) + polling, try the -sid windowid option ("shifted" windowid.) - Update: as of Nov/2009 in the 0.9.9 x11vnc developement tarball, there + Update: as of Nov/2009 in the 0.9.9 x11vnc development tarball, there is an experimental Application Sharing mode that improves upon the - -id/-sid single window sharing: [223]-appshare (run "x11vnc -appshare + -id/-sid single window sharing: -appshare (run "x11vnc -appshare -help" for more info.) It is still very primitive and approximate, but at least it displays multiple top-level windows. @@ -3401,8 +3054,8 @@ TrueColor defdepth 24 handle 24bpp from the server, so you may want to use those. They evidently request 32 bpp and libvncserver obliges. - Update: as of Apr/2006 you can use the [224]-24to32 option to have - x11vnc dynamically transform the 24bpp pixel data to 32bpp. This extra + Update: as of Apr/2006 you can use the -24to32 option to have x11vnc + dynamically transform the 24bpp pixel data to 32bpp. This extra transformation could slow things down further however. Now coming the opposite direction if you are running the vncviewer on @@ -3411,8 +3064,8 @@ TrueColor defdepth 24 couldn't find suitable pixmap format" so evidently you cannot use 24bpp for the vncviewers to work on that X display. - Note, however, that the Unix viewer in the [225]Enhanced TightVNC - Viewer (SSVNC) project can handle 24bpp X displays. It does this by + Note, however, that the Unix viewer in the Enhanced TightVNC Viewer + (SSVNC) project can handle 24bpp X displays. It does this by requesting a 16bpp pixel format (or 8bpp if the -bgr233 option has been supplied) from the VNC server, and translates that to 24bpp locally. @@ -3426,10 +3079,10 @@ TrueColor defdepth 24 since you will be polling the X display over the network as opposed to over the local hardware. To do this, run x11vnc on a UNIX machine as close as possible network-wise (e.g. same switch) to the Xterminal - machine. Use the [226]-display option to point the display to that of - the Xterminal (you'll of course need basic X11 permission to do that) - and finally supply the [227]-noshm option (this enables the polling - over the network.) + machine. Use the -display option to point the display to that of the + Xterminal (you'll of course need basic X11 permission to do that) and + finally supply the -noshm option (this enables the polling over the + network.) If the Xterminal's X display is open to the network for connections, you might use something like "-display xterm123:0". If you are trying @@ -3441,8 +3094,8 @@ TrueColor defdepth 24 The response will likely be sluggish (maybe only one "frame" per second.) This mode is not recommended except for "quick checks" of hard to get to X servers. Use something like "-wait 150" to cut down - on the polling rate. You may also need [228]-flipbyteorder if the - colors get messed up due to endian byte order differences. + on the polling rate. You may also need -flipbyteorder if the colors + get messed up due to endian byte order differences. Q-30: How do I get my X permissions (MIT-MAGIC-COOKIE file) correct for a Unix/Linux machine acting as an Xterminal? @@ -3464,9 +3117,9 @@ TrueColor defdepth 24 file data (XAUTHORITY or $HOME/.Xauthority) must be accessible by or copied to the Xterminal. If $HOME/.Xauthority is exported via NFS (this is insecure of course, but has been going on for decades), then - x11vnc can simply pick it up via NFS (you may need to use the - [229]-auth option to point to the correct file.) Other options include - copying the auth file using scp, or something like: + x11vnc can simply pick it up via NFS (you may need to use the -auth + option to point to the correct file.) Other options include copying + the auth file using scp, or something like: central-server> xauth nextract - xterm123:0 | ssh xterm123 xauth nmerge - and then, say, ssh from central-server to xterm123 to start x11vnc. @@ -3477,7 +3130,7 @@ TrueColor defdepth 24 details. If the display name in the cookie file needs to be changed between the - two hosts, see [230]this note on the "xauth add ..." command. + two hosts, see this note on the "xauth add ..." command. A less secure option is to run something like "xhost +127.0.0.1" while sitting at the Xterminal box to allow cookie-free local access for @@ -3491,10 +3144,10 @@ TrueColor defdepth 24 occasional app more efficiently locally on the Xterminal box (e.g. realplayer.) - Not recommended, but as a last resort, you could have x11vnc [231]poll - the Xterminal Display over the network. For this you would run a - "x11vnc -noshm ..." process on the central-server (and hope the - network admin doesn't get angry...) + Not recommended, but as a last resort, you could have x11vnc poll the + Xterminal Display over the network. For this you would run a "x11vnc + -noshm ..." process on the central-server (and hope the network admin + doesn't get angry...) Note: use of Display Manager (gdm, kdm, ...) auth cookie files (i.e. from /var/..., /tmp/..., or elsewhere) may require modification via @@ -3520,36 +3173,36 @@ TrueColor defdepth 24 Q-31: I'm having trouble using x11vnc with my Sun Ray session. - The [232]Sun Ray technology is a bit like "VNC done in hardware" (the - Sun Ray terminal device, DTU, playing the role of the vncviewer.) + The Sun Ray technology is a bit like "VNC done in hardware" (the Sun + Ray terminal device, DTU, playing the role of the vncviewer.) Completely independent of that, the SunRay user's session is still an X server that speaks the X11 protocol and so x11vnc simply talks to the X server part to export the SunRay desktop to any place in the world (i.e. not only to a Sun Ray terminal device), creating a sort of - "Soft Ray". Please see [233]this discussion of Sun Ray issues for - solutions to problems. + "Soft Ray". Please see this discussion of Sun Ray issues for solutions + to problems. - Also see the [234]Sun Ray Remote Control Toolkit that uses x11vnc. + Also see the Sun Ray Remote Control Toolkit that uses x11vnc. [Remote Control] Q-32: How do I stop x11vnc once it is running in the background? As of Dec/2004 there is a remote control feature. It can change a huge - number of parameters on the fly: see the [235]-remote and [236]-query - options. To shut down the running x11vnc server just type "x11vnc -R - stop". To disconnect all clients do "x11vnc -R disconnect:all", etc. + number of parameters on the fly: see the -remote and -query options. + To shut down the running x11vnc server just type "x11vnc -R stop". To + disconnect all clients do "x11vnc -R disconnect:all", etc. - If the [237]-forever option has not been supplied, x11vnc will + If the -forever option has not been supplied, x11vnc will automatically exit after the first client disconnects. In general if you cannot use the remote control, then you will have to kill the x11vnc process This can be done via: "kill NNNNN" (where NNNNN is the x11vnc process id number found from ps(1)), or "pkill x11vnc", or "killall x11vnc" (Linux only.) - If you have not put x11vnc in the background via the [238]-bg option - or shell & operator, then simply press Ctrl-C in the shell where - x11vnc is running to stop it. + If you have not put x11vnc in the background via the -bg option or + shell & operator, then simply press Ctrl-C in the shell where x11vnc + is running to stop it. Potential Gotcha: If somehow your Keypress of Ctrl-C went through x11vnc to the Xserver that then delivered it to x11vnc it is possible @@ -3557,32 +3210,32 @@ TrueColor defdepth 24 down state in the Xserver. Tapping the stuck key (either via a new x11vnc or at the physical console) will release it from the stuck state. If the keyboard seems to be acting strangely it is often fixed - by tapping Ctrl, Shift, and Alt. Alternatively, the [239]-clear_mods - option and [240]-clear_keys option can be used to release pressed keys - at startup and exit. The option [241]-clear_all will also try to unset - Caps_Lock, Num_Lock, etc. + by tapping Ctrl, Shift, and Alt. Alternatively, the -clear_mods option + and -clear_keys option can be used to release pressed keys at startup + and exit. The option -clear_all will also try to unset Caps_Lock, + Num_Lock, etc. Q-33: Can I change settings in x11vnc without having to restart it? Can I remote control it? - Look at the [242]-remote (an alias is -R) and [243]-query (an alias is - -Q) options added in Dec/2004. They allow nearly everything to be - changed dynamically and settings to be queried. Examples: "x11vnc -R - shared", "x11vnc -R forever", "x11vnc -R scale:3/4", "x11vnc -Q - modtweak", "x11vnc -R stop", "x11vnc -R disconnect:all", etc.. + Look at the -remote (an alias is -R) and -query (an alias is -Q) + options added in Dec/2004. They allow nearly everything to be changed + dynamically and settings to be queried. Examples: "x11vnc -R shared", + "x11vnc -R forever", "x11vnc -R scale:3/4", "x11vnc -Q modtweak", + "x11vnc -R stop", "x11vnc -R disconnect:all", etc.. These commands do not start a x11vnc server, but rather communicate with one that is already running. The X display (X11VNC_REMOTE property) is used as the communication channel, so the X permissions and DISPLAY must be set up correctly for communication to be possible. - There is also a simple Tcl/Tk [244]gui based on this remote control - mechanism. See the [245]-gui option for more info. You will need to - have Tcl/Tk (i.e. /usr/bin/wish) installed for it to work. It can also - run in the system tray: "-gui tray" or as a standalone small icon - window: "-gui icon". Use "-gui tray=setpass" for a naive user "Share - My Desktop" mode. + There is also a simple Tcl/Tk gui based on this remote control + mechanism. See the -gui option for more info. You will need to have + Tcl/Tk (i.e. /usr/bin/wish) installed for it to work. It can also run + in the system tray: "-gui tray" or as a standalone small icon window: + "-gui icon". Use "-gui tray=setpass" for a naive user "Share My + Desktop" mode. [Security and Permissions] @@ -3593,13 +3246,12 @@ TrueColor defdepth 24 (i.e. launching the Xvnc server.) Otherwise, you could use the vncpasswd(1) program from those packages. - As of Jun/2004 x11vnc supports the -storepasswd "pass" "file" - [246]option, which is the same functionality of storepasswd. Be sure - to quote the "pass" if it contains shell meta characters, spaces, etc. - Example: + As of Jun/2004 x11vnc supports the -storepasswd "pass" "file" option, + which is the same functionality of storepasswd. Be sure to quote the + "pass" if it contains shell meta characters, spaces, etc. Example: x11vnc -storepasswd 'sword*fish' $HOME/myvncpasswd - You then use the password via the x11vnc option: "[247]-rfbauth + You then use the password via the x11vnc option: "-rfbauth $HOME/myvncpasswd" As of Jan/2006 if you do not supply any arguments: @@ -3611,13 +3263,12 @@ TrueColor defdepth 24 ~/.mypass", the password you are prompted for will be stored in that file. - x11vnc also has the [248]-passwdfile and -passwd/-viewpasswd plain - text (i.e. not obscured like the -rfbauth VNC passwords) password - options. + x11vnc also has the -passwdfile and -passwd/-viewpasswd plain text + (i.e. not obscured like the -rfbauth VNC passwords) password options. - You can use the [249]-usepw option to automatically use any password - file you have in ~/.vnc/passwd or ~/.vnc/passwdfile (the latter is - used with the -passwdfile option.) + You can use the -usepw option to automatically use any password file + you have in ~/.vnc/passwd or ~/.vnc/passwdfile (the latter is used + with the -passwdfile option.) x11vnc -usepw -display :0 ... @@ -3647,24 +3298,23 @@ TrueColor defdepth 24 Q-36: Can I have two passwords for VNC viewers, one for full access and the other for view-only access to the display? - Yes, as of May/2004 there is the [250]-viewpasswd option to supply the - view-only password. Note the full-access password option [251]-passwd - must be supplied at the same time. E.g.: -passwd sword -viewpasswd - fish. + Yes, as of May/2004 there is the -viewpasswd option to supply the + view-only password. Note the full-access password option -passwd must + be supplied at the same time. E.g.: -passwd sword -viewpasswd fish. To avoid specifying the passwords on the command line (where they could be observed via the ps(1) command by any user) you can use the - [252]-passwdfile option to specify a file containing plain text - passwords. Presumably this file is readable only by you, and ideally - it is located on the machine x11vnc is run on (to avoid being snooped - on over the network.) The first line of this file is the full-access + -passwdfile option to specify a file containing plain text passwords. + Presumably this file is readable only by you, and ideally it is + located on the machine x11vnc is run on (to avoid being snooped on + over the network.) The first line of this file is the full-access password. If there is a second line in the file and it is non-blank, it is taken as the view-only password. (use "__EMPTY__" to supply an empty one.) - View-only passwords currently do not work for the [253]-rfbauth - password option (standard VNC password storing mechanism.) FWIW, note - that although the output (usually placed in $HOME/.vnc/passwd) by the + View-only passwords currently do not work for the -rfbauth password + option (standard VNC password storing mechanism.) FWIW, note that + although the output (usually placed in $HOME/.vnc/passwd) by the vncpasswd or storepasswd programs (or from x11vnc -storepasswd) looks encrypted they are really just obscured to avoid "casual" password stealing. It takes almost no skill to figure out how to extract the @@ -3675,9 +3325,9 @@ TrueColor defdepth 24 Q-37: Can I have as many full-access and view-only passwords as I like? - Yes, as of Jan/2006 in the libvncserver CVS the [254]-passwdfile - option has been extended to handle as many passwords as you like. You - put the view-only passwords after a line __BEGIN_VIEWONLY__. + Yes, as of Jan/2006 in the libvncserver CVS the -passwdfile option has + been extended to handle as many passwords as you like. You put the + view-only passwords after a line __BEGIN_VIEWONLY__. You can also easily annotate and comment out passwords in the file. You can have x11vnc re-read the file dynamically when it is modified. @@ -3685,8 +3335,8 @@ TrueColor defdepth 24 Q-38: Does x11vnc support Unix usernames and passwords? Can I further limit the set of Unix usernames who can connect to the VNC desktop? - Update: as of Feb/2006 x11vnc has the [255]-unixpw option that does - this outside of the VNC protocol and libvncserver. The standard su(1) + Update: as of Feb/2006 x11vnc has the -unixpw option that does this + outside of the VNC protocol and libvncserver. The standard su(1) program is used to validate the user's password. A familiar "login:" and "Password:" dialog is presented to the user on a black screen inside the vncviewer. The connection is dropped if the user fails to @@ -3695,7 +3345,7 @@ TrueColor defdepth 24 A list of allowed Unix usernames may also be supplied along with per-user settings. - There is also the [256]-unixpw_nis option for non-shadow-password + There is also the -unixpw_nis option for non-shadow-password (typically NIS environments, hence the name) systems where the traditional getpwnam() and crypt() functions are used instead of su(1). The encrypted user passwords must be accessible to the user @@ -3704,21 +3354,21 @@ TrueColor defdepth 24 shadow(5). Two settings are enforced in the -unixpw and -unixpw_nis modes to - provide extra security: the 1) [257]-localhost and 2) [258]-stunnel or - [259]-ssl options. Without these one might send the Unix username and - password data in clear text over the network which is a very bad idea. - They can be relaxed if you want to provide encryption other than - stunnel or [260]-ssl (the constraint is automatically relaxed if - SSH_CONNECTION is set and indicates you have ssh-ed in, however the - -localhost requirement is still enforced.) + provide extra security: the 1) -localhost and 2) -stunnel or -ssl + options. Without these one might send the Unix username and password + data in clear text over the network which is a very bad idea. They can + be relaxed if you want to provide encryption other than stunnel or + -ssl (the constraint is automatically relaxed if SSH_CONNECTION is set + and indicates you have ssh-ed in, however the -localhost requirement + is still enforced.) The two -unixpw modes have been tested on Linux, Solaris, Mac OS X, - HP-UX, Tru64, FreeBSD, OpenBSD, and NetBSD. Additional testing is + HP-UX, AIX, Tru64, FreeBSD, OpenBSD, and NetBSD. Additional testing is appreciated. For the last 4 it appears that su(1) will not prompt for a password if su-ing to oneself. Since x11vnc requires a password - prompt from su, those logins will fail even when the correct password - is supplied. On *BSD it appears this can be corrected by commenting - out the pam_self.so entry in /etc/pam.d/su. + prompt from su, x11vnc forces those logins to fail even when the + correct password is supplied. On *BSD it appears this can be corrected + by removing the pam_self.so entry in /etc/pam.d/su. Previous older discussion (prior to the -unixpw option): @@ -3726,14 +3376,14 @@ TrueColor defdepth 24 Until the VNC protocol and libvncserver support this things will be approximate at best. - One approximate method involves starting x11vnc with the - [261]-localhost option. This basically requires the viewer user to log - into the workstation where x11vnc is running via their Unix username - and password, and then somehow set up a port redirection of his - vncviewer connection to make it appear to emanate from the local - machine. As discussed above, ssh is useful for this: "ssh -L - 5900:localhost:5900 user@hostname ..." See the ssh wrapper scripts - mentioned [262]elsewhere on this page. [263]stunnel does this as well. + One approximate method involves starting x11vnc with the -localhost + option. This basically requires the viewer user to log into the + workstation where x11vnc is running via their Unix username and + password, and then somehow set up a port redirection of his vncviewer + connection to make it appear to emanate from the local machine. As + discussed above, ssh is useful for this: "ssh -L 5900:localhost:5900 + user@hostname ..." See the ssh wrapper scripts mentioned elsewhere on + this page. stunnel does this as well. Of course a malicious user could allow other users to get in through his channel, but that is a problem with every method. Another thing to @@ -3744,7 +3394,7 @@ TrueColor defdepth 24 traditional way would be to further require a VNC password to supplied (-rfbauth, -passwd, etc) and only tell the people allowed in what the VNC password is. A scheme that avoids a second password involves using - the [264]-accept option that runs a program to examine the connection + the -accept option that runs a program to examine the connection information to determine which user is connecting from the local machine. That may be difficult to do, but, for example, the program could use the ident service on the local machine (normally ident @@ -3780,38 +3430,38 @@ exit 1 # reject it method (e.g. Dynamic/One-time passwords or non-Unix (LDAP) usernames and passwords)? Yes, there are several possibilities. For background see the FAQ on - the [265]-accept where an external program may be run to decide if a - VNC client should be allowed to try to connect and log in. If the - program (or local user prompted by a popup) answers "yes", then - -accept proceeds to the normal VNC and x11vnc authentication methods, + the -accept where an external program may be run to decide if a VNC + client should be allowed to try to connect and log in. If the program + (or local user prompted by a popup) answers "yes", then -accept + proceeds to the normal VNC and x11vnc authentication methods, otherwise the connection is dropped. To provide more direct coupling to the VNC client's username and/or supplied password the following options were added in Sep/2006: - * [266]-unixpw_cmd command - * [267]-passwdfile cmd:command - * [268]-passwdfile custom:command + * -unixpw_cmd command + * -passwdfile cmd:command + * -passwdfile custom:command In each case "command" is an external command run by x11vnc. You supply it. For example, it may couple to your LDAP system or other servers you set up. - For [269]-unixpw_cmd the normal [270]-unixpw Login: and Password: - prompts are supplied to the VNC viewer and the strings the client - returns are then piped into "command" as the first two lines of its - standard input. If the command returns success, i.e. exit(0), the VNC - client is accepted, otherwise it is rejected. - - For "[271]-passwdfile cmd:command" the command is run and it returns a - password list (like a password file, see the [272]-passwdfile - read:filename mode.) Perhaps a dynamic, one-time password is retrieved - from a server this way. - - For "[273]-passwdfile custom:command" one gets complete control over - the VNC challenge-response dialog with the VNC client. x11vnc sends - out a string of random bytes (16 by the VNC spec) and the client - returns the same number of bytes in a way the server can verify only - the authorized user could have created. The VNC protocol specifies DES + For -unixpw_cmd the normal -unixpw Login: and Password: prompts are + supplied to the VNC viewer and the strings the client returns are then + piped into "command" as the first two lines of its standard input. If + the command returns success, i.e. exit(0), the VNC client is accepted, + otherwise it is rejected. + + For "-passwdfile cmd:command" the command is run and it returns a + password list (like a password file, see the -passwdfile read:filename + mode.) Perhaps a dynamic, one-time password is retrieved from a server + this way. + + For "-passwdfile custom:command" one gets complete control over the + VNC challenge-response dialog with the VNC client. x11vnc sends out a + string of random bytes (16 by the VNC spec) and the client returns the + same number of bytes in a way the server can verify only the + authorized user could have created. The VNC protocol specifies DES encryption with a password. If you are willing to modify the VNC viewers, you can have it be anything you want, perhaps a less crackable MD5 hash scheme or one-time pad. Your program will read from @@ -3821,7 +3471,7 @@ exit 1 # reject it accepted, otherwise it is rejected. In all cases the "RFB_*" environment variables are set as under - [274]-accept. These variables can provide useful information for the + -accept. These variables can provide useful information for the externally supplied program to use. @@ -3831,24 +3481,23 @@ exit 1 # reject it These defaults are simple safety measures to avoid someone unknowingly leaving his X11 desktop exposed (to the internet, say) for long - periods of time. Use the [275]-forever option (aka -many) to have - x11vnc wait for more connections after the first client disconnects. - Use the [276]-shared option to have x11vnc allow multiple clients to - connect simultaneously. + periods of time. Use the -forever option (aka -many) to have x11vnc + wait for more connections after the first client disconnects. Use the + -shared option to have x11vnc allow multiple clients to connect + simultaneously. - Recommended additional safety measures include using ssh ([277]see - above), stunnel, [278]-ssl, or a VPN to authenticate and encrypt the - viewer connections or to at least use the -rfbauth passwd-file - [279]option to use VNC password protection (or [280]-passwdfile) It is - up to YOU to apply these security measures, they will not be done for - you automatically. + Recommended additional safety measures include using ssh (see above), + stunnel, -ssl, or a VPN to authenticate and encrypt the viewer + connections or to at least use the -rfbauth passwd-file option to use + VNC password protection (or -passwdfile) It is up to YOU to apply + these security measures, they will not be done for you automatically. Q-41: Can I limit which machines incoming VNC clients can connect from? - Yes, look at the [281]-allow and [282]-localhost options to limit - connections by hostname or IP address. E.g. + Yes, look at the -allow and -localhost options to limit connections by + hostname or IP address. E.g. x11vnc -allow 192.168.0.1,192.168.0.2 for those two hosts or @@ -3859,8 +3508,8 @@ exit 1 # reject it Note that -localhost achieves the same thing as "-allow 127.0.0.1" For more control, build libvncserver with libwrap support - [283](tcp_wrappers) and then use /etc/hosts.allow See hosts_access(5) - for complete details. + (tcp_wrappers) and then use /etc/hosts.allow See hosts_access(5) for + complete details. Q-42: How do I build x11vnc/libvncserver with libwrap (tcp_wrappers) @@ -3879,7 +3528,7 @@ exit 1 # reject it is "vnc", e.g.: vnc: 192.168.100.3 .example.com - Note that if you run x11vnc out of [284]inetd you do not need to build + Note that if you run x11vnc out of inetd you do not need to build x11vnc with libwrap support because the /usr/sbin/tcpd reference in /etc/inetd.conf handles the tcp_wrappers stuff. @@ -3888,39 +3537,39 @@ exit 1 # reject it internal LAN) rather than having it listen on all network interfaces and relying on -allow to filter unwanted connections out? - As of Mar/2005 there is the "[285]-listen ipaddr" option that enables - this. For ipaddr either supply the desired network interface's IP - address (or use a hostname that resolves to it) or use the string - "localhost". For additional filtering simultaneously use the - "[286]-allow host1,..." option to allow only specific hosts in. + As of Mar/2005 there is the "-listen ipaddr" option that enables this. + For ipaddr either supply the desired network interface's IP address + (or use a hostname that resolves to it) or use the string "localhost". + For additional filtering simultaneously use the "-allow host1,..." + option to allow only specific hosts in. This option is useful if you want to insure that no one can even begin a dialog with x11vnc from untrusted network interfaces (e.g. ppp0.) - The option [287]-localhost now implies "-listen localhost" since that - is what most people expect it to do. + The option -localhost now implies "-listen localhost" since that is + what most people expect it to do. Q-44: Now that -localhost implies listening only on the loopback interface, how I can occasionally allow in a non-localhost via the -R allowonce remote control command? - To do this specify "[288]-allow localhost". Unlike [289]-localhost - this will leave x11vnc listening on all interfaces (but of course only - allowing in local connections, e.g. ssh redirs.) Then you can later - run "x11vnc -R allowonce:somehost" or use to gui to permit a one-shot - connection from a remote host. + To do this specify "-allow localhost". Unlike -localhost this will + leave x11vnc listening on all interfaces (but of course only allowing + in local connections, e.g. ssh redirs.) Then you can later run "x11vnc + -R allowonce:somehost" or use to gui to permit a one-shot connection + from a remote host. Q-45: Can I fine tune what types of user input are allowed? E.g. have some users just be able to move the mouse, but not click or type anything? - As of Feb/2005, the [290]-input option allows you to do this. "K", - "M", "B", "C", and "F" stand for Keystroke, Mouse-motion, - Button-clicks, Clipboard, and File-Transfer, respectively. The - setting: "-input M" makes attached viewers only able to move the - mouse. "-input KMBC,M" lets normal clients do everything and enables - view-only clients to move the mouse. + As of Feb/2005, the -input option allows you to do this. "K", "M", + "B", "C", and "F" stand for Keystroke, Mouse-motion, Button-clicks, + Clipboard, and File-Transfer, respectively. The setting: "-input M" + makes attached viewers only able to move the mouse. "-input KMBC,M" + lets normal clients do everything and enables view-only clients to + move the mouse. These settings can also be applied on a per-viewer basis via the remote control mechanism or the GUI. E.g. x11vnc -R input:hostname:M @@ -3931,11 +3580,11 @@ exit 1 # reject it some clients view-only? How about running an arbitrary program to make the decisions? - Yes, look at the "[291]-accept command" option, it allows you to - specify an external command that is run for each new client. (use - quotes around the command if it contains spaces, etc.) If the external - command returns 0 (success) the client is accepted, otherwise with any - other return code the client is rejected. See below how to also accept + Yes, look at the "-accept command" option, it allows you to specify an + external command that is run for each new client. (use quotes around + the command if it contains spaces, etc.) If the external command + returns 0 (success) the client is accepted, otherwise with any other + return code the client is rejected. See below how to also accept clients view-only. The external command will have the RFB_CLIENT_IP environment variable @@ -3952,8 +3601,8 @@ exit 1 # reject it client press "y" or click mouse on the "Yes" button. To reject the client press "n" or click mouse on the "No" button. To accept the client View-only, press "v" or click mouse on the "View" button. If - the [292]-viewonly option has been supplied, the "View" action will - not be present: the whole display is view only in that case. + the -viewonly option has been supplied, the "View" action will not be + present: the whole display is view only in that case. The popup window times out after 120 seconds, to change this behavior use "-accept popup:N" where N is the number of seconds (use 0 for no @@ -3967,7 +3616,7 @@ exit 1 # reject it program to prompt the user whether the client should be accepted or not. This requires that you have xmessage installed and available via PATH. In case it is not already on your system, the xmessage program - is available at [293]ftp://ftp.x.org/ + is available at ftp://ftp.x.org/ (End of Built-in Popup Window:) To include view-only decisions for the external commands, prefix the @@ -4007,24 +3656,24 @@ elif [ $rc = 4 ]; then fi exit 1 - Stefan Radman has written a nice dtksh script [294]dtVncPopup for use - in CDE environments to do the same sort of thing. Information on how - to use it is found at the top of the file. He encourages you to - provide feedback to him to help improve the script. + Stefan Radman has written a nice dtksh script dtVncPopup for use in + CDE environments to do the same sort of thing. Information on how to + use it is found at the top of the file. He encourages you to provide + feedback to him to help improve the script. Note that in all cases x11vnc will block while the external command or popup is being run, so attached clients will not receive screen updates, etc during this period. - To run a command when a client disconnects, use the "[295]-gone - command" option. This is for the user's convenience only: the return - code of the command is not interpreted by x11vnc. The same environment + To run a command when a client disconnects, use the "-gone command" + option. This is for the user's convenience only: the return code of + the command is not interpreted by x11vnc. The same environment variables are set as in "-accept command" (except that RFB_MODE will be "gone".) - As of Jan/2006 the "[296]-afteraccept command" option will run the - command only after the VNC client has been accepted and authenticated. - Like -gone the return code is not interpreted. RFB_MODE will be + As of Jan/2006 the "-afteraccept command" option will run the command + only after the VNC client has been accepted and authenticated. Like + -gone the return code is not interpreted. RFB_MODE will be "afteraccept".) @@ -4032,9 +3681,9 @@ exit 1 display manager like gdm(1). Can I have x11vnc later switch to a different user? - As of Feb/2005 x11vnc has the [297]-users option that allows things - like this. Please read the documentation on it (also in the x11vnc - -help output) carefully for features and caveats. It's use can often + As of Feb/2005 x11vnc has the -users option that allows things like + this. Please read the documentation on it (also in the x11vnc -help + output) carefully for features and caveats. It's use can often decrease security unless care is taken. BTW, a nice use of it is "-users +nobody" that switches to the Unix @@ -4057,7 +3706,7 @@ exit 1 In any event, as of Jun/2004 there is an experimental utility to make it more difficult for nosey people to see your x11vnc activities. The - source for it is [298]blockdpy.c The idea behind it is simple (but + source for it is blockdpy.c The idea behind it is simple (but obviously not bulletproof): when a VNC client attaches to x11vnc put the display monitor in the DPMS "off" state, if the DPMS state ever changes immediately start up the screen-lock program. The x11vnc user @@ -4073,27 +3722,27 @@ exit 1 bulletproof. A really robust solution would likely require X server and perhaps even video hardware support. - The blockdpy utility is launched by the [299]-accept option and told - to exit via the [300]-gone option (the vnc client user should - obviously re-lock the screen before disconnecting!) Instructions can - be found in the source code for the utility at the above link. Roughly - it is something like this: + The blockdpy utility is launched by the -accept option and told to + exit via the -gone option (the vnc client user should obviously + re-lock the screen before disconnecting!) Instructions can be found in + the source code for the utility at the above link. Roughly it is + something like this: x11vnc ... -accept "blockdpy -bg -f $HOME/.bdpy" -gone "touch $HOME/.bdpy" but please read the top of the file. Update: As of Feb/2007 there is some builtin support for this: - [301]-forcedpms and [302]-clientdpms however, they are probably less - robust than the above blockdpy.c scheme, since if the person floods - the physical machine with mouse or pointer input he can usually see - flashes of the screen before the monitor is powered off again. See - also the [303]-grabkbd, [304]-grabptr, and [305]-grabalways options. + -forcedpms and -clientdpms however, they are probably less robust than + the above blockdpy.c scheme, since if the person floods the physical + machine with mouse or pointer input he can usually see flashes of the + screen before the monitor is powered off again. See also the -grabkbd, + -grabptr, and -grabalways options. Q-49: Can I have x11vnc automatically lock the screen when I disconnect the VNC viewer? - Yes, a user mentions he uses the [306]-gone option under CDE to run a + Yes, a user mentions he uses the -gone option under CDE to run a screen lock program: x11vnc -display :0 -forever -gone 'dtaction LockDisplay' @@ -4103,8 +3752,8 @@ exit 1 x11vnc -display :0 -forever -gone 'xlock &' x11vnc -display :0 -forever -gone 'xlock -mode blank &' - Here is a scheme using the [307]-afteraccept option (in version 0.8) - to unlock the screen after the first valid VNC login and to lock the + Here is a scheme using the -afteraccept option (in version 0.8) to + unlock the screen after the first valid VNC login and to lock the screen after the last valid VNC login disconnects: x11vnc -display :0 -forever -shared -afteraccept ./myxlocker -gone ./myxlocke r @@ -4144,23 +3793,23 @@ exec @ARGV; Q-50: How can I tunnel my connection to x11vnc via an encrypted SSH channel between two Unix machines? - See the description earlier on this page on [308]how to tunnel VNC via - SSH from Unix to Unix. A number of ways are described along with some + See the description earlier on this page on how to tunnel VNC via SSH + from Unix to Unix. A number of ways are described along with some issues you may encounter. Other secure encrypted methods exists, e.g. stunnel, IPSEC, various VPNs, etc. - See also the [309]Enhanced TightVNC Viewer (SSVNC) page where much of - this is now automated. + See also the Enhanced TightVNC Viewer (SSVNC) page where much of this + is now automated. Q-51: How can I tunnel my connection to x11vnc via an encrypted SSH channel from Windows using an SSH client like Putty? - [310]Above we described how to tunnel VNC via SSH from Unix to Unix, - you may want to review it. To do this from Windows using Putty it - would go something like this: + Above we described how to tunnel VNC via SSH from Unix to Unix, you + may want to review it. To do this from Windows using Putty it would go + something like this: * In the Putty dialog window under 'Session' enter the hostname or IP number of the Unix machine with display to be viewed. * Make sure the SSH protocol is selected and the server port is @@ -4179,11 +3828,11 @@ exec @ARGV; :0 (plus other cmdline options) in the 'Remote command' Putty setting under 'Connections/SSH'. - See also the [311]Enhanced TightVNC Viewer (SSVNC) page where much of - this is now automated via the Putty plink utility. + See also the Enhanced TightVNC Viewer (SSVNC) page where much of this + is now automated via the Putty plink utility. - For extra protection feel free to run x11vnc with the [312]-localhost - and [313]-rfbauth/[314]-passwdfile options. + For extra protection feel free to run x11vnc with the -localhost and + -rfbauth/-passwdfile options. If the machine you SSH into via Putty is not the same machine with the X display you wish to view (e.g. your company provides incoming SSH @@ -4191,40 +3840,39 @@ exec @ARGV; dialog setting to: 'Destination: otherhost:5900', Once logged in, you'll need to do a second login (ssh or rsh) to the workstation machine 'otherhost' and then start up x11vnc on it. This can also be - automated by [315]Chaining SSH's. + automated by Chaining SSH's. - As discussed [316]above another option is to first start the VNC - viewer in "listen" mode, and then launch x11vnc with the - "[317]-connect localhost" option to establish the reverse connection. - In this case a Remote port redirection (not Local) is needed for port - 5500 instead of 5900 (i.e. 'Source port: 5500' and - 'Destination: localhost:5500' for a Remote connection.) + As discussed above another option is to first start the VNC viewer in + "listen" mode, and then launch x11vnc with the "-connect localhost" + option to establish the reverse connection. In this case a Remote port + redirection (not Local) is needed for port 5500 instead of 5900 (i.e. + 'Source port: 5500' and 'Destination: localhost:5500' for a Remote + connection.) Q-52: How can I tunnel my connection to x11vnc via an encrypted SSL channel using an external tool like stunnel? It is possible to use a "lighter weight" encryption setup than SSH or - IPSEC. SSL tunnels such as [318]stunnel (also [319]stunnel.org) - provide an encrypted channel without the need for Unix users, - passwords, and key passphrases required for ssh (and at the other - extreme SSL can also provide a complete signed certificate chain of - trust.) On the other hand, since SSH is usually installed everywhere - and firewalls often let its port through, ssh is frequently the path - of least resistance (it also nicely manages public keys for you.) - - Update: As of Feb/2006 x11vnc has the options [320]-ssl, - [321]-stunnel, and [322]-sslverify to provide integrated SSL schemes. - They are discussed [323]in the Next FAQ (you probably want to skip to - it now.) + IPSEC. SSL tunnels such as stunnel (also stunnel.org) provide an + encrypted channel without the need for Unix users, passwords, and key + passphrases required for ssh (and at the other extreme SSL can also + provide a complete signed certificate chain of trust.) On the other + hand, since SSH is usually installed everywhere and firewalls often + let its port through, ssh is frequently the path of least resistance + (it also nicely manages public keys for you.) + + Update: As of Feb/2006 x11vnc has the options -ssl, -stunnel, and + -sslverify to provide integrated SSL schemes. They are discussed in + the Next FAQ (you probably want to skip to it now.) We include these non-built-in method descriptions below for historical reference. They are handy because can be used to create SSL tunnels to any VNC (or other type of) server. - Here are some basic examples using [324]stunnel but the general idea - for any SSL tunnel utility is the same: + Here are some basic examples using stunnel but the general idea for + any SSL tunnel utility is the same: * Start up x11vnc and constrain it to listen on localhost. * Then start up the SSL tunnel running on the same machine to forward incoming connections to that x11vnc. @@ -4247,7 +3895,7 @@ exec @ARGV; The above two commands are run on host "far-away.east". The stunnel.pem is the self-signed PEM file certificate created when - stunnel is built. One can also create certificates [325]signed by + stunnel is built. One can also create certificates signed by Certificate Authorities or self-signed if desired using the x11vnc utilities described there. @@ -4261,25 +3909,24 @@ exec @ARGV; Then point the viewer to the local tunnel on port 5902: vncviewer -encodings "copyrect tight zrle hextile" localhost:2 - That's it. Note that the [326]ss_vncviewer script can automate this - easily, and so can the [327]Enhanced TightVNC Viewer (SSVNC) package. + That's it. Note that the ss_vncviewer script can automate this + easily, and so can the Enhanced TightVNC Viewer (SSVNC) package. Be sure to use a VNC password because unlike ssh by default the encrypted SSL channel provides no authentication (only privacy.) With some extra configuration one could also set up certificates to provide authentication of either or both sides as well (and hence avoid man-in-the-middle attacks.) See the stunnel and openssl documentation - and also [328]the key management section for details. + and also the key management section for details. stunnel has also been ported to Windows, and there are likely others to choose from for that OS. Much info for using it on Windows can be - found at the stunnel site and in this [329]article The article also - shows the detailed steps to set up all the authentication - certificates. (for both server and clients, see also the [330]x11vnc - utilities that do this.) The default Windows client setup (no certs) - is simpler and only 4 files are needed in a folder: stunnel.exe, - stunnel.conf, libssl32.dll, libeay32.dll. We used an stunnel.conf - containing: + found at the stunnel site and in this article The article also shows + the detailed steps to set up all the authentication certificates. (for + both server and clients, see also the x11vnc utilities that do this.) + The default Windows client setup (no certs) is simpler and only 4 + files are needed in a folder: stunnel.exe, stunnel.conf, libssl32.dll, + libeay32.dll. We used an stunnel.conf containing: # stunnel.conf: client = yes options = ALL @@ -4296,7 +3943,7 @@ connect = far-away.east:5901 As an aside, if you don't like the little "gap" of unencrypted TCP traffic (and a localhost listening socket) on the local machine between stunnel and x11vnc it can actually be closed by having stunnel - start up x11vnc in [331]-inetd mode: + start up x11vnc in -inetd mode: stunnel -p /path/to/stunnel.pem -P none -d 5900 -l ./x11vnc_sh Where the script x11vnc_sh starts up x11vnc: @@ -4333,36 +3980,35 @@ connect = 5900 SSL VNC Viewers: Regarding VNC viewers that "natively" do SSL unfortunately there do - not seem to be many. The [332]SingleClick UltraVNC Java Viewer is SSL - and is compatible with x11vnc's [333]-ssl option and stunnel.) - Commercial versions of VNC seem to have some SSL-like encryption built - in, but we haven't tried those either and they probably wouldn't work - since their (proprietary) SSL-like negotiation is likely embedded in - the VNC protocol unlike our case where it is external. - - Note: as of Mar/2006 libvncserver/x11vnc provides a [334]SSL-enabled - Java applet that can be served up via the [335]-httpdir or [336]-http - options when [337]-ssl is enabled. It will also be served via HTTPS - via either the VNC port (e.g. https://host:5900/) or a 2nd port via - the [338]-https option. + not seem to be many. The SingleClick UltraVNC Java Viewer is SSL and + is compatible with x11vnc's -ssl option and stunnel.) Commercial + versions of VNC seem to have some SSL-like encryption built in, but we + haven't tried those either and they probably wouldn't work since their + (proprietary) SSL-like negotiation is likely embedded in the VNC + protocol unlike our case where it is external. + + Note: as of Mar/2006 libvncserver/x11vnc provides a SSL-enabled Java + applet that can be served up via the -httpdir or -http options when + -ssl is enabled. It will also be served via HTTPS via either the VNC + port (e.g. https://host:5900/) or a 2nd port via the -https option. In general current SSL VNC solutions are not particularly "seemless". But it can be done, and with a wrapper script on the viewer side and - the [339]-stunnel or [340]-ssl option on the server side it works well - and is convenient. Here is a simple script [341]ss_vncviewer that - automates running stunnel on the VNC viewer side on Unix a little more - carefully than the commands printed above. (One could probably do a - similar thing with a .BAT file on Windows in the stunnel folder.) + the -stunnel or -ssl option on the server side it works well and is + convenient. Here is a simple script ss_vncviewer that automates + running stunnel on the VNC viewer side on Unix a little more carefully + than the commands printed above. (One could probably do a similar + thing with a .BAT file on Windows in the stunnel folder.) - Update Jul/2006: we now provide an [342]Enhanced TightVNC Viewer - (SSVNC) package that starts up STUNNEL automatically along with some - other features. All binaries (stunnel, vncviewer, and some utilities) - are provided in the package. It works on Unix, Mac OS X, and Windows. + Update Jul/2006: we now provide an Enhanced TightVNC Viewer (SSVNC) + package that starts up STUNNEL automatically along with some other + features. All binaries (stunnel, vncviewer, and some utilities) are + provided in the package. It works on Unix, Mac OS X, and Windows. Q-53: Does x11vnc have built-in SSL tunneling? - You can read about non-built-in methods [343]in the Previous FAQ for + You can read about non-built-in methods in the Previous FAQ for background. SSL tunnels provide an encrypted channel without the need for Unix @@ -4374,13 +4020,13 @@ connect = 5900 Built-in SSL x11vnc options: - As of Feb/2006 the x11vnc [344]-ssl option automates the SSL tunnel - creation on the x11vnc server side. An [345]SSL-enabled Java Viewer - applet is also provided that can be served via HTTP or HTTPS to - automate SSL on the client side. + As of Feb/2006 the x11vnc -ssl option automates the SSL tunnel + creation on the x11vnc server side. An SSL-enabled Java Viewer applet + is also provided that can be served via HTTP or HTTPS to automate SSL + on the client side. - The [346]-ssl mode uses the [347]www.openssl.org library if available - at build time. + The -ssl mode uses the www.openssl.org library if available at build + time. The mode requires an SSL certificate and key (i.e. .pem file.) These are usually created via the openssl(1) program (in fact in for "-ssl" @@ -4405,11 +4051,11 @@ connect = 5900 "-ssl SAVE_NOPROMPT" to not be prompted. Use "-ssl TMP" to create a temporary self-signed cert that will be discarded when x11vnc exits. - Update: As of Nov/2008 x11vnc also supports the [348]VeNCrypt SSL/TLS + Update: As of Nov/2008 x11vnc also supports the VeNCrypt SSL/TLS tunnel extension to the VNC protocol. The older ANONTLS method (vino) is also supported. This support is on by default when the -ssl option - is in use and can be fine-tuned using these options: [349]-vencrypt, - [350]-anontls, and [351]-sslonly. + is in use and can be fine-tuned using these options: -vencrypt, + -anontls, and -sslonly. The normal x11vnc -ssl operation is somewhat like a URL method vncs://hostname if vnc://hostname indicates a standard unencrypted VNC @@ -4421,8 +4067,8 @@ connect = 5900 SSL VNC Viewers:. Viewer-side will need to use SSL as well. See the - [352]next FAQ and [353]here for SSL enabled VNC Viewers, including - SSVNC, to connect to the above x11vnc via SSL. + next FAQ and here for SSL enabled VNC Viewers, including SSVNC, to + connect to the above x11vnc via SSL. As seen above, the PEM (privacy enhanced mail) file does not need to @@ -4436,13 +4082,13 @@ connect = 5900 is to encrypt the key with a passphrase (note however this requires supplying the passphrase each time x11vnc is started up.) - See the discussion on [354]x11vnc Key Management for some utilities + See the discussion on x11vnc Key Management for some utilities provided for creating and managing certificates and keys and even for creating your own Certificate Authority (CA) for signing VNC server and client certificates. This may be done by importing the certificate into Web Browser or Java plugin keystores, or pointing stunnel to it. - The wrapper script [355]ss_vncviewer provides an example on unix (see - the -verify option.) + The wrapper script ss_vncviewer provides an example on unix (see the + -verify option.) Here are some notes on the simpler default (non-CA) operation. To have x11vnc save the generated certificate and key, use the "SAVE" keyword @@ -4455,7 +4101,7 @@ connect = 5900 the possibility of copying the server.crt to machines where the VNC Viewer will be run to enable authenticating the x11vnc SSL VNC server to the clients. When authentication takes place this way (or via the - more sophisticated CA signing described [356]here), then + more sophisticated CA signing described here), then Man-In-The-Middle-Attacks are prevented. Otherwise, the SSL encryption only provides protection against passive network traffic "sniffing" (i.e. you are not protected against M-I-T-M attacks.) Nowadays, most @@ -4487,12 +4133,12 @@ connect = 5900 The older -stunnel option: Before the -ssl option there was a - convenience option [357]-stunnel that would start an external SSL - tunnel for you using stunnel. The -ssl method is the preferred way, - but for historical reference we keep the -stunnel info here. + convenience option -stunnel that would start an external SSL tunnel + for you using stunnel. The -ssl method is the preferred way, but for + historical reference we keep the -stunnel info here. - The [358]-stunnel mode requires the [359]stunnel.mirt.net command - stunnel(8) to be installed on the system. + The -stunnel mode requires the stunnel.mirt.net command stunnel(8) to + be installed on the system. Some -stunnel examples: x11vnc -display :0 -stunnel /path/to/stunnel.pem -passwdfile ~/mypass @@ -4522,10 +4168,10 @@ connect = 5900 There aren't any native VNC Viewers that do SSL (ask your VNC viewer developer to add the feature.) So a tunnel must be setup that you point the VNC Viewer to. This is often STUNNEL. You can do this - [360]manually, or use the [361]ss_vncviewer script on Unix, or our - [362]Enhanced TightVNC Viewer (SSVNC) package on Unix, Windows, or - MacOSX. See the next section for Java Web browser SSL VNC Viewers (you - only need a Java-enabled Web browser for it to work.) + manually, or use the ss_vncviewer script on Unix, or our Enhanced + TightVNC Viewer (SSVNC) package on Unix, Windows, or MacOSX. See the + next section for Java Web browser SSL VNC Viewers (you only need a + Java-enabled Web browser for it to work.) Notes on the SSL enabled Java VNC Viewer provided in x11vnc classes/ssl/VncViewer.jar: @@ -4535,13 +4181,12 @@ connect = 5900 The SSL enabled Java VNC Viewer (VncViewer.jar) in the x11vnc package supports only SSL based connections by default. As mentioned above the - [363]-httpdir can be used to specify the path to .../classes/ssl. A - typical location might be /usr/local/share/x11vnc/classes/ssl. Or - [364]-http can be used to try to have it find the directory - automatically. + -httpdir can be used to specify the path to .../classes/ssl. A typical + location might be /usr/local/share/x11vnc/classes/ssl. Or -http can be + used to try to have it find the directory automatically. - Also note that the [365]SingleClick UltraVNC Java Viewer is compatible - with x11vnc's [366]-ssl SSL mode. (We tested it this way: "java -cp + Also note that the SingleClick UltraVNC Java Viewer is compatible with + x11vnc's -ssl SSL mode. (We tested it this way: "java -cp ./VncViewer.jar VncViewer HOST far-away.east PORT 5900 USESSL 1 TRUSTALL 1") @@ -4576,14 +4221,14 @@ connect = 5900 If you are using a router/firewall with port-redirection, and you are redirecting ports other than the default ones (5800, 5900) listed - above [367]see here. + above see here. The https service provided thru the actual VNC port (5900 in the above example) can occasionally be slow or unreliable (it has to read some input and try to guess if the connection is VNC or HTTP.) If it is unreliable for you and you still want to serve the Java applet via - https, use the [368]-https option to get an additional port dedicated - to https (its URL will also be printed in the output.) + https, use the -https option to get an additional port dedicated to + https (its URL will also be printed in the output.) Another possibility is to add the GET applet parameter: https://far-away.east:5900/?GET=1 @@ -4595,8 +4240,8 @@ connect = 5900 You may also use "urlPrefix=somestring" to have /somestring prepended to /request.https.vnc.connection". Perhaps you are using a web server - [369]proxy scheme to enter a firewall or otherwise have rules applied - to the URL. If you need to have any slashes "/" in "somestring" use + proxy scheme to enter a firewall or otherwise have rules applied to + the URL. If you need to have any slashes "/" in "somestring" use "_2F_" (a deficiency in libvncserver prevents using the more natural "%2F".) @@ -4688,23 +4333,23 @@ connect = 5900 Then, if you plan to use them, enable "fancy stuff" like "-svc" or "-unixpw", etc, etc. Be sure to add a password either "-rfbauth" or "-unixpw" or both. If you need to have the web browser use a corporate - [370]Web Proxy (i.e. it cannot connect directly) work on that last. - Ditto for the [371]Apache portal. + Web Proxy (i.e. it cannot connect directly) work on that last. Ditto + for the Apache portal. Router/Firewall port redirs: If you are doing port redirection at - your [372]router to an internal machine running x11vnc AND the - internet facing port is different from the internal machine's VNC - port, you will need to apply the PORT applet parameter to indicate to - the applet the Internet facing port number (otherwise by default the - internal machine's port, say 5900, is sent and that of course is - rejected at the firewall/router.) For example: + your router to an internal machine running x11vnc AND the internet + facing port is different from the internal machine's VNC port, you + will need to apply the PORT applet parameter to indicate to the applet + the Internet facing port number (otherwise by default the internal + machine's port, say 5900, is sent and that of course is rejected at + the firewall/router.) For example: https://far-away.east:443/?GET=1&PORT=443 So in this example the user configures his router to redirect connections to port 443 on his Internet side to, say, port 5900 on the - internal machine running x11vnc. See also the [373]-httpsredir option - that will try to automate this for you. + internal machine running x11vnc. See also the -httpsredir option that + will try to automate this for you. To configure your router to do port redirection, see its instructions. Typically, from the inside you point a web browser to a special URL @@ -4714,9 +4359,9 @@ connect = 5900 or Unix system acting as your firewall/router, see its firewall configuration. - You can also use x11vnc options [374]-rfbport NNNNN and [375]-httpport - NNNNN to match the ports that your firewall will be redirecting to the - machine where x11vnc is run. + You can also use x11vnc options -rfbport NNNNN and -httpport NNNNN to + match the ports that your firewall will be redirecting to the machine + where x11vnc is run. Tedious Dialogs: If you do serve the SSL enabled Java viewer via https @@ -4743,12 +4388,12 @@ connect = 5900 NOT linger at. If you see in the x11vnc output a request for VncViewer.class instead of VncViewer.jar it is too late... you will need to completely restart the Web browser to get it to try for the - jar again. You can use the [376]-https option if you want a dedicated - port for HTTPS connections instead of sharing the VNC port. + jar again. You can use the -https option if you want a dedicated port + for HTTPS connections instead of sharing the VNC port. To see example x11vnc output for a successful https://host:5900/ - connection with the Java Applet see [377]This Page. And here is a - newer example [378]including the Java Console output. + connection with the Java Applet see This Page. And here is a newer + example including the Java Console output. All of the x11vnc Java Viewer applet parameters are described in the file classes/ssl/README @@ -4759,16 +4404,16 @@ connect = 5900 If you want to use a native VNC Viewer with the SSL enabled x11vnc you will need to run an external SSL tunnel on the Viewer side. There do not seem to be any native SSL VNC Viewers outside of our x11vnc and - [379]SSVNC packages. The basic ideas of doing this were discussed - [380]for external tunnel utilities here. + SSVNC packages. The basic ideas of doing this were discussed for + external tunnel utilities here. - The [381]ss_vncviewer script provided with x11vnc and SSVNC can set up - the stunnel tunnel automatically on unix as long as the stunnel - command is installed on the Viewer machine and available in PATH (and - vncviewer too of course.) Note that on a Debian based system you will - need to install the package stunnel4 not stunnel. You can set the - environment variables STUNNEL and VNCVIEWERCMD to point to the correct - programs if you want to override the defaults. + The ss_vncviewer script provided with x11vnc and SSVNC can set up the + stunnel tunnel automatically on unix as long as the stunnel command is + installed on the Viewer machine and available in PATH (and vncviewer + too of course.) Note that on a Debian based system you will need to + install the package stunnel4 not stunnel. You can set the environment + variables STUNNEL and VNCVIEWERCMD to point to the correct programs if + you want to override the defaults. Here are some examples: 1) ss_vncviewer far-away.east:0 @@ -4796,17 +4441,17 @@ connect = 5900 The fifth one shows that Web proxies can be used if that is the only way to get out of the firewall. If the "double proxy" situation arises - separate the two by commas. See [382]this page for more information on - how Web proxies come into play. + separate the two by commas. See this page for more information on how + Web proxies come into play. - If one uses a Certificate Authority (CA) scheme described [383]here, - the wrapper script would use the CA cert instead of the server cert: + If one uses a Certificate Authority (CA) scheme described here, the + wrapper script would use the CA cert instead of the server cert: 3') ss_vncviewer -verify ./cacert.crt far-away.east:0 - Update Jul/2006: we now provide an [384]Enhanced TightVNC Viewer - (SSVNC) package that starts up STUNNEL automatically along with some - other features. All binaries (stunnel, vncviewer, and some utilities) - are provided in the package. It works on Unix, Mac OS X, and Windows. + Update Jul/2006: we now provide an Enhanced TightVNC Viewer (SSVNC) + package that starts up STUNNEL automatically along with some other + features. All binaries (stunnel, vncviewer, and some utilities) are + provided in the package. It works on Unix, Mac OS X, and Windows. Q-55: How do I use the Java applet VNC Viewer with built-in SSL @@ -4866,20 +4511,20 @@ connect = 5900 https://yourmachine.com/proxy.vnc?PORT=443 this is cleaner because it avoids editing the file, but requires more - parameters in the URL. See also the [385]-httpsredir x11vnc option - that will try to automate this for you. To use the GET [386]trick - discussed above, do: + parameters in the URL. See also the -httpsredir x11vnc option that + will try to automate this for you. To use the GET trick discussed + above, do: https://yourmachine.com/proxy.vnc?GET=1&PORT=443 All of the x11vnc Java Viewer applet parameters are described in the file classes/ssl/README - Here is an example of Java Console and x11vnc output for the [387]Web - proxy case. + Here is an example of Java Console and x11vnc output for the Web proxy + case. - Note that both the [388]ss_vncviewer stunnel Unix wrapper script and - [389]Enhanced TightVNC Viewer (SSVNC) can use Web proxies as well even + Note that both the ss_vncviewer stunnel Unix wrapper script and + Enhanced TightVNC Viewer (SSVNC) can use Web proxies as well even though they do not involve a Web browser. @@ -4887,21 +4532,21 @@ connect = 5900 SSL from the Internet with a Web browser to x11vnc running on their workstations behind a firewall? Yes. You will need to configure apache to forward these connections. - It is discussed [390]here. This SSL VNC portal provides a clean - alternative to the traditional method where the user uses SSH to log - in through the gateway to create the encrypted port redirection to - x11vnc running on her desktop. + It is discussed here. This SSL VNC portal provides a clean alternative + to the traditional method where the user uses SSH to log in through + the gateway to create the encrypted port redirection to x11vnc running + on her desktop. - Also see the [391]desktop.cgi CGI script method that achieves much of - what this Apache VNC SSL portal method does (as long as desktop.cgi's - 'port redirection' mode is enabled.) + Also see the desktop.cgi CGI script method that achieves much of what + this Apache VNC SSL portal method does (as long as desktop.cgi's 'port + redirection' mode is enabled.) Q-57: Can I create and use my own SSL Certificate Authority (CA) with x11vnc? - Yes, see [392]this page for how to do this and the utility commands - x11vnc provides to create and manage many types of certificates and - private keys. + Yes, see this page for how to do this and the utility commands x11vnc + provides to create and manage many types of certificates and private + keys. @@ -4918,15 +4563,13 @@ connect = 5900 need to have sufficient permissions to connect to the X display. Here are some ideas: - * Use the description under "Continuously" in the [393]FAQ on x11vnc - and Display Managers - * Use the description in the [394]FAQ on x11vnc and inetd(8) - * Use the description in the [395]FAQ on Unix user logins and - inetd(8) + * Use the description under "Continuously" in the FAQ on x11vnc and + Display Managers + * Use the description in the FAQ on x11vnc and inetd(8) + * Use the description in the FAQ on Unix user logins and inetd(8) * Start x11vnc from your $HOME/.xsession (or $HOME/.xinitrc or autostart script or ...) - * Although less reliable, see the [396]x11vnc_loop rc.local hack - below. + * Although less reliable, see the x11vnc_loop rc.local hack below. The display manager scheme will not be specific to which user has the X session unless a test is specifically put into the display startup @@ -4947,14 +4590,14 @@ x11vnc -logfile $HOME/.x11vnc.log -rfbauth $HOME/.vnc/passwd -forever -bg X startup scripts (traditionally .xsession/.xinitrc) may have to be in a different directory or have a different basename. One user recommends the description under 'Running Scripts Automatically' at - [397]this link. - - Firewalls: note all methods will require the host-level [398]firewall - to be configured to allow connections in on a port. E.g. 5900 (default - VNC port) or 22 (default SSH port for tunnelling VNC.) Most systems - these days have firewalls turned on by default, so you will actively - have to do something to poke a hole in the firewall at the desired - port number. See your system administration tool for Firewall settings + this link. + + Firewalls: note all methods will require the host-level firewall to be + configured to allow connections in on a port. E.g. 5900 (default VNC + port) or 22 (default SSH port for tunnelling VNC.) Most systems these + days have firewalls turned on by default, so you will actively have to + do something to poke a hole in the firewall at the desired port + number. See your system administration tool for Firewall settings (Yast, Firestarter, etc.) @@ -4976,7 +4619,7 @@ x11vnc -logfile $HOME/.x11vnc.log -rfbauth $HOME/.vnc/passwd -forever -bg while running x11vnc as root, e.g. for the gnome display manager, GDM: x11vnc -auth /var/gdm/:0.Xauth -display :0 - (the [399]-auth option sets the XAUTHORITY variable for you.) + (the -auth option sets the XAUTHORITY variable for you.) There will be a similar thing to do for xdm using however a different auth directory path (perhaps something like @@ -4996,8 +4639,8 @@ x11vnc -logfile $HOME/.x11vnc.log -rfbauth $HOME/.vnc/passwd -forever -bg the auth file to some location and make it readable by your userid. Then run x11vnc as your userid with -auth pointed to the copied file. - Update Dec/2009: use "[400]-auth guess" to have x11vnc try to guess - the location of the auth file for you. + Update Dec/2009: use "-auth guess" to have x11vnc try to guess the + location of the auth file for you. You next connect to x11vnc with a VNC viewer, give your username and password to the X login prompt to start your session. @@ -5013,12 +4656,12 @@ x11vnc -logfile $HOME/.x11vnc.log -rfbauth $HOME/.vnc/passwd -forever -bg Note: Solaris: For dtlogin in addition to the above sort of trick (BTW, the auth file should be in /var/dt), you'll also need to add something like Dtlogin*grabServer:False to the Xconfig file - (/etc/dt/config/Xconfig or /usr/dt/config/Xconfig on Solaris, see - [401]the example at the end of this FAQ.) Then restart dtlogin, e.g.: + (/etc/dt/config/Xconfig or /usr/dt/config/Xconfig on Solaris, see the + example at the end of this FAQ.) Then restart dtlogin, e.g.: /etc/init.d/dtlogin stop; /etc/init.d/dtlogin start or reboot. - Update Nov/2008: Regarding GDM KillInitClients: see the [402]-reopen - option for another possible workaround. + Update Nov/2008: Regarding GDM KillInitClients: see the -reopen option + for another possible workaround. Update Oct/2009: Regarding GDM KillInitClients: starting with x11vnc 0.9.9 it will try to apply heuristics to detect if a window manager is @@ -5044,7 +4687,7 @@ x11vnc -logfile $HOME/.x11vnc.log -rfbauth $HOME/.vnc/passwd -forever -bg Please consider the security implications of this! The VNC display for the X session always accessible (but hopefully password protected.) - Add [403]-localhost if you only plan to access via a [404]SSH tunnel. + Add -localhost if you only plan to access via a SSH tunnel. The name of the display manager startup script file depends on desktop used and seem to be: @@ -5082,16 +4725,14 @@ x11vnc -logfile $HOME/.x11vnc.log -rfbauth $HOME/.vnc/passwd -forever -bg -forever -bg where you should customize the exact command to your needs (e.g. - [405]-localhost for SSH tunnel-only access; [406]-ssl SAVE for SSL - access; etc.) + -localhost for SSH tunnel-only access; -ssl SAVE for SSL access; etc.) Happy, happy, joy, joy: Note that we do not need to specify -display or -auth because happily they are already set for us in the DISPLAY and XAUTHORITY environment variables for the Xsetup script!!! You may also want to force the VNC port with something like "-rfbport - 5900" (or [407]-N) to avoid autoselecting one if 5900 is already - taken. + 5900" (or -N) to avoid autoselecting one if 5900 is already taken. _________________________________________________________________ Fedora/gdm: Here is an example of what we did on a vanilla install of @@ -5106,8 +4747,8 @@ x11vnc -logfile $HOME/.x11vnc.log -rfbauth $HOME/.vnc/passwd -forever -bg Then restart: /usr/sbin/gdm-restart (or reboot.) The KillInitClients=false setting is important: without it x11vnc will be - killed immediately after the user logs in. Here are [408]full details - on how to configure gdm + killed immediately after the user logs in. Here are full details on + how to configure gdm _________________________________________________________________ Solaris/dtlogin: Here is an example of what we did on a vanilla @@ -5148,21 +4789,21 @@ x11vnc -logfile $HOME/.x11vnc.log -rfbauth $HOME/.vnc/passwd -forever -bg If you do not want to deal with any display manager startup scripts, here is a kludgey script that can be run manually or out of a boot - file like rc.local: [409]x11vnc_loop It will need some local - customization before running. Because the XAUTHORITY auth file must be - guessed by this script, use of the display manager script method - described above is greatly preferred. There is also the [410]-loop - option that does something similar. - - If the machine is a traditional Xterminal you may want to read - [411]this FAQ. - - Firewalls: note all methods will require the host-level [412]firewall - to be configured to allow connections in on a port. E.g. 5900 (default - VNC port) or 22 (default SSH port for tunnelling VNC.) Most systems - these days have firewalls turned on by default, so you will actively - have to do something to poke a hole in the firewall at the desired - port number. See your system administration tool for Firewall settings + file like rc.local: x11vnc_loop It will need some local customization + before running. Because the XAUTHORITY auth file must be guessed by + this script, use of the display manager script method described above + is greatly preferred. There is also the -loop option that does + something similar. + + If the machine is a traditional Xterminal you may want to read this + FAQ. + + Firewalls: note all methods will require the host-level firewall to be + configured to allow connections in on a port. E.g. 5900 (default VNC + port) or 22 (default SSH port for tunnelling VNC.) Most systems these + days have firewalls turned on by default, so you will actively have to + do something to poke a hole in the firewall at the desired port + number. See your system administration tool for Firewall settings (Yast, Firestarter, etc.) @@ -5173,9 +4814,8 @@ x11vnc -logfile $HOME/.x11vnc.log -rfbauth $HOME/.vnc/passwd -forever -bg 5900 stream tcp nowait root /usr/sbin/tcpd /usr/local/bin/x11vnc_sh - where the shell script /usr/local/bin/x11vnc_sh uses the [413]-inetd - option and looks something like (you'll need to customize to your - settings.) + where the shell script /usr/local/bin/x11vnc_sh uses the -inetd option + and looks something like (you'll need to customize to your settings.) #!/bin/sh /usr/local/bin/x11vnc -inetd -display :0 -auth /home/fred/.Xauthority \ -rfbauth /home/fred/.vnc/passwd -o /var/log/x11vnc_sh.log @@ -5186,21 +4826,21 @@ x11vnc -logfile $HOME/.x11vnc.log -rfbauth $HOME/.vnc/passwd -forever -bg and that confuses it greatly, causing it to abort.) If you do not use a wrapper script as above but rather call x11vnc directly in /etc/inetd.conf and do not redirect stderr to a file, then you must - specify the -q (aka [414]-quiet) option: "/usr/local/bin/x11vnc -q - -inetd ...". When you supply both -q and -inet and no "-o logfile" - then stderr will automatically be closed (to prevent, e.g. library - stderr messages leaking out to the viewer.) The recommended practice - is to use "-o logfile" to collect the output in a file or wrapper - script with "2>logfile" redirection because the errors and warnings - printed out are very useful in troubleshooting problems. - - Note also the need to set XAUTHORITY via [415]-auth to point to the + specify the -q (aka -quiet) option: "/usr/local/bin/x11vnc -q -inetd + ...". When you supply both -q and -inet and no "-o logfile" then + stderr will automatically be closed (to prevent, e.g. library stderr + messages leaking out to the viewer.) The recommended practice is to + use "-o logfile" to collect the output in a file or wrapper script + with "2>logfile" redirection because the errors and warnings printed + out are very useful in troubleshooting problems. + + Note also the need to set XAUTHORITY via -auth to point to the MIT-COOKIE auth file to get permission to connect to the X display (setting and exporting the XAUTHORITY variable accomplishes the same thing.) See the x11vnc_loop file in the previous question for more ideas on what that auth file may be, etc. The scheme described in the - [416]FAQ on Unix user logins and inetd(8) works around the XAUTHORITY - issue nicely. + FAQ on Unix user logins and inetd(8) works around the XAUTHORITY issue + nicely. Note: On Solaris you cannot have the bare number 5900 in /etc/inetd.conf, you'll need to replace it with a word like x11vnc an @@ -5284,11 +4924,11 @@ exec /usr/local/bin/x11vnc -inetd -o /var/log/x11vnc.log -find -env FD_XDM=1 it automatically? Yes, as of Feb/2007 x11vnc supports mDNS / Zeroconf advertising of its - service via the Avahi client library. Use the option [417]-avahi (same - as [418]-mdns or [419]-zeroconf) to enable it. Depending on your setup - you may need to install [420]Avahi (including the development/build - packages), enable the server: avahi-daemon and avahi-dnsconfd, and - possibly open up UDP port 5353 on your firewall. + service via the Avahi client library. Use the option -avahi (same as + -mdns or -zeroconf) to enable it. Depending on your setup you may need + to install Avahi (including the development/build packages), enable + the server: avahi-daemon and avahi-dnsconfd, and possibly open up UDP + port 5353 on your firewall. If the Avahi client library or build environment is not available at build-time, then at run-time x11vnc will try to look for external @@ -5315,51 +4955,50 @@ exec /usr/local/bin/x11vnc -inetd -o /var/log/x11vnc.log -find -env FD_XDM=1 machine and then attach to it? How about starting an X session if one cannot be found? - The easiest way to do this is via [421]inetd(8) using the [422]-unixpw - and [423]-display WAIT options. The reason inetd(8) makes this easier - is that it starts a new x11vnc process for each new user connection. - Otherwise a wrapper would have to listen for connections and spawn new - x11vnc's (see [424]this example and also the [425]-loopbg option.) - inetd(8) is not required for this, but it makes some aspects more - general. + The easiest way to do this is via inetd(8) using the -unixpw and + -display WAIT options. The reason inetd(8) makes this easier is that + it starts a new x11vnc process for each new user connection. Otherwise + a wrapper would have to listen for connections and spawn new x11vnc's + (see this example and also the -loopbg option.) inetd(8) is not + required for this, but it makes some aspects more general. Also with inetd(8) users always connect to a fixed VNC display, say hostname:0, and do not need to memorize a special VNC display number just for their personal use, etc. - Update: Use the [426]-find, [427]-create, [428]-svc, and [429]-xdmsvc - options that are shorthand for common FINDCREATEDISPLAY usage modes - (e.g. terminal services) described below. (i.e. simply use "-svc" - instead of the cumbersome "-display WAIT:cmd=FINDCREATEDISPLAY-Xvfb - -unixpw -users unixpw= -ssl SAVE") + Update: Use the -find, -create, -svc, and -xdmsvc options that are + shorthand for common FINDCREATEDISPLAY usage modes (e.g. terminal + services) described below. (i.e. simply use "-svc" instead of the + cumbersome "-display WAIT:cmd=FINDCREATEDISPLAY-Xvfb -unixpw -users + unixpw= -ssl SAVE") - The [430]-display WAIT option makes x11vnc wait until a VNC viewer is + The -display WAIT option makes x11vnc wait until a VNC viewer is connected before attaching to the X display. Additionally it can be used to run an external command that returns the DISPLAY and XAUTHORITY data. We provide some useful builtin ones (FINDDISPLAY and FINDCREATEDISPLAY below), but in principle one could supply his own script: "-display WAIT:cmd=/path/to/find_display" where - the script find_display might look something like [431]this. + the script find_display might look something like this. A default script somewhat like the above is used under "-display - WAIT:cmd=FINDDISPLAY" (same as [432]-find) The format for any such - command is that it returns DISPLAY=:disp as the first line and any - remaining lines are either XAUTHORITY=file or raw xauth data (the - above example does the latter.) If applicable (-unixpw mode), the - program is run as the Unix user name who logged in. + WAIT:cmd=FINDDISPLAY" (same as -find) The format for any such command + is that it returns DISPLAY=:disp as the first line and any remaining + lines are either XAUTHORITY=file or raw xauth data (the above example + does the latter.) If applicable (-unixpw mode), the program is run as + the Unix user name who logged in. On Linux if the virtual terminal is known the program appends ",VT=n" to the DISPLAY line; a chvt n will be attempted automatically. Or if only the X server process ID is known it appends ",XPID=n" (a chvt will be attempted by x11vnc.) - Tip: Note that the [433]-find option is an alias for "-display + Tip: Note that the -find option is an alias for "-display WAIT:cmd=FINDDISPLAY". Use it! - The [434]-unixpw option allows [435]UNIX password logins. It - conveniently knows the Unix username whose X display should be found. - Here are a couple /etc/inetd.conf examples of this usage: + The -unixpw option allows UNIX password logins. It conveniently knows + the Unix username whose X display should be found. Here are a couple + /etc/inetd.conf examples of this usage: 5900 stream tcp nowait nobody /usr/sbin/tcpd /usr/local/bin/x11vnc -inetd -unixpw \ -find -o /var/log/x11vnc.log -ssl SAVE -ssldir /usr/local/certs @@ -5367,40 +5006,39 @@ exec /usr/local/bin/x11vnc -inetd -o /var/log/x11vnc.log -find -env FD_XDM=1 -unixpw \ -find -o /var/log/x11vnc.log -ssl SAVE -users unixpw= - Note we have used the [436]-find alias and the very long lines have - been split. An alternative is to use a wrapper script, e.g. + Note we have used the -find alias and the very long lines have been + split. An alternative is to use a wrapper script, e.g. /usr/local/bin/x11vnc.sh that has all of the options. (see also the - [437]-svc alias.) + -svc alias.) In the first inetd line x11vnc is run as user "nobody" and stays user nobody during the whole session. The permissions of the log files and certs directory will need to be set up to allow "nobody" to use them. In the second one x11vnc is run as root and switches to the user that - logs in due to the "[438]-users unixpw=" option. + logs in due to the "-users unixpw=" option. - Note that [439]SSL is required for this mode because otherwise the - Unix password would be passed in clear text over the network. In - general -unixpw is not required for this sort of scheme, but it is - convenient because it determines exactly who the Unix user is whose - display should be sought. Otherwise the find_display script would have - to use some method to work out DISPLAY, XAUTHORITY, etc (perhaps you - use multiple inetd ports and hardwire usernames for different ports.) + Note that SSL is required for this mode because otherwise the Unix + password would be passed in clear text over the network. In general + -unixpw is not required for this sort of scheme, but it is convenient + because it determines exactly who the Unix user is whose display + should be sought. Otherwise the find_display script would have to use + some method to work out DISPLAY, XAUTHORITY, etc (perhaps you use + multiple inetd ports and hardwire usernames for different ports.) - If you really want to disable the SSL or SSH [440]-localhost - constraints (this is not recommended unless you really know what you - are doing: Unix passwords sent in clear text is a very bad idea...) - read the [441]-unixpw documentation. + If you really want to disable the SSL or SSH -localhost constraints + (this is not recommended unless you really know what you are doing: + Unix passwords sent in clear text is a very bad idea...) read the + -unixpw documentation. A inetd(8) scheme for a fixed user that doesn't use SSL or unix passwds could be: /usr/local/bin/x11vnc -inetd -users =fred -find -rfbauth /home/fred/.vnc/pass wd -o /var/log/x11vnc.log - The "[442]-users =fred" option will cause x11vnc to switch to user - fred and then find his X display. The VNC password (-rfbauth) as - opposed to Unix password (-unixpw) is used to authenticate the VNC - client. + The "-users =fred" option will cause x11vnc to switch to user fred and + then find his X display. The VNC password (-rfbauth) as opposed to + Unix password (-unixpw) is used to authenticate the VNC client. Similar looking commands to the above examples can be run directly and do not use inetd (just remove the -inetd option and run from the @@ -5418,9 +5056,9 @@ wd -o /var/log/x11vnc.log apt-get install xvfb) or our Xdummy program (see below.) By default it will only try to start up virtual (non-hardware) X - servers: first [443]Xvfb and if that is not available then Xdummy - (included in the x11vnc source code.) Note that Xdummy only works on - Linux whereas Xvfb works just about everywhere (and in some situations + servers: first Xvfb and if that is not available then Xdummy (included + in the x11vnc source code.) Note that Xdummy only works on Linux + whereas Xvfb works just about everywhere (and in some situations Xdummy must be run as root.) An advantage of Xdummy over Xvfb is that Xdummy supports RANDR dynamic screen resizing, which can be handy if the user accesses the desktop from different sized screens (e.g. @@ -5432,19 +5070,18 @@ wd -o /var/log/x11vnc.log -ssl SAVE -unixpw -users unixpw= -display WAIT:cmd=FINDCREATEDISPLAY Where the very long lines have been split. See below where that long - and cumbersome last line is replaced by the [444]-svc alias. + and cumbersome last line is replaced by the -svc alias. - The above mode will allow direct SSL (e.g. [445]ss_vncviewer or - [446]SSVNC) access and also Java Web browers access via: - https://hostname:5900/. + The above mode will allow direct SSL (e.g. ss_vncviewer or SSVNC) + access and also Java Web browers access via: https://hostname:5900/. - Tip: Note that the [447]-create option is an alias for "-display + Tip: Note that the -create option is an alias for "-display WAIT:cmd=FINDCREATEDISPLAY-Xvfb". - Tip: Note that [448]-svc is a short hand for the long "-ssl SAVE - -unixpw -users unixpw= -display WAIT:cmd=FINDCREATEDISPLAY" part. - Unlike -create, this alias also sets up SSL encryption and Unix - password login. + Tip: Note that -svc is a short hand for the long "-ssl SAVE -unixpw + -users unixpw= -display WAIT:cmd=FINDCREATEDISPLAY" part. Unlike + -create, this alias also sets up SSL encryption and Unix password + login. The above inetd example then simplifies to: 5900 stream tcp nowait root /usr/sbin/tcpd /usr/local/bin/x11vnc -inetd \ @@ -5452,12 +5089,12 @@ wd -o /var/log/x11vnc.log -svc Tip: In addition to the usual unixpw parameters, inside the VNC viewer - the user can specify after his username (following a ":" see - [449]-display WAIT for details) for FINDCREATEDISPLAY they can add - "geom=WxH" or "geom=WxHxD" to specify the width, height, and - optionally the color depth. E.g. "fred:geom=800x600" at the login: - prompt. Also if the env. var X11VNC_CREATE_GEOM is set to the desired - WxH or WxHxD that will be used by x11vnc. + the user can specify after his username (following a ":" see -display + WAIT for details) for FINDCREATEDISPLAY they can add "geom=WxH" or + "geom=WxHxD" to specify the width, height, and optionally the color + depth. E.g. "fred:geom=800x600" at the login: prompt. Also if the env. + var X11VNC_CREATE_GEOM is set to the desired WxH or WxHxD that will be + used by x11vnc. You can set the env. var X11VNC_SKIP_DISPLAY to a comma separated list of displays to ignore in the FINDDISPLAY process (to force creation of @@ -5487,13 +5124,12 @@ bin/x11vnc -svc To print out the script in this case use "-display WAIT:cmd=FINDCREATEDISPLAY-print". To change the preference of Xservers and which to try list them, e.g.: "-display - WAIT:cmd=FINDCREATEDISPLAY-X,Xvfb,Xdummy" or use "[450]-create_xsrv + WAIT:cmd=FINDCREATEDISPLAY-X,Xvfb,Xdummy" or use "-create_xsrv X,Xvfb,Xdummy". The "X" one means to try to start up a real, hardware X server, e.g. startx(1) (if there is already a real X server running - this may only work on Linux and the chvt program may [451]need to be - run to switch to the correct Linux virtual terminal.) x11vnc will try - to run chvt automatically if it can determine which VT should be - switched to. + this may only work on Linux and the chvt program may need to be run to + switch to the correct Linux virtual terminal.) x11vnc will try to run + chvt automatically if it can determine which VT should be switched to. XDM/GDM/KDM Login Greeter Panel: If you want to present the user with a xdm/gdm/kdm display manager "greeter" login you can use Xvfb.xdmcp @@ -5519,8 +5155,8 @@ bin/x11vnc -svc will also typically block UDP (port 177 for XDMCP) by default effectively limiting the UDP connections to localhost. - Tip: Note that [452]-xdmsvc is a short hand alias for the long "-ssl - SAVE -unixpw -users unixpw= -display + Tip: Note that -xdmsvc is a short hand alias for the long "-ssl SAVE + -unixpw -users unixpw= -display WAIT:cmd=FINDCREATEDISPLAY-Xvfb.xdmcp". So we simply use: service x11vnc { @@ -5587,24 +5223,24 @@ t:5 Q-63: Can I have x11vnc restart itself after it terminates? - One could do this in a shell script, but now there is an option - [453]-loop that makes it easier. Of course when x11vnc restarts it - needs to have permissions to connect to the (potentially new) X - display. This mode could be useful if the X server restarts often. Use - e.g. "-loop5000" to sleep 5000 ms between restarts. Also "-loop2000,5" - to sleep 2000 ms and only restart 5 times. + One could do this in a shell script, but now there is an option -loop + that makes it easier. Of course when x11vnc restarts it needs to have + permissions to connect to the (potentially new) X display. This mode + could be useful if the X server restarts often. Use e.g. "-loop5000" + to sleep 5000 ms between restarts. Also "-loop2000,5" to sleep 2000 ms + and only restart 5 times. - One can also use the [454]-loopbg to emulate inetd(8) to some degree, - where each connected process runs in the background. It could be - combined, say, with the [455]-svc option to provide simple terminal - services without using inetd(8). + One can also use the -loopbg to emulate inetd(8) to some degree, where + each connected process runs in the background. It could be combined, + say, with the -svc option to provide simple terminal services without + using inetd(8). Q-64: How do I make x11vnc work with the Java VNC viewer applet in a web browser? To have x11vnc serve up a Java VNC viewer applet to any web browsers - that connect to it, run x11vnc with this [456]option: + that connect to it, run x11vnc with this option: -httpdir /path/to/the/java/classes/dir (this directory will contain the files index.vnc and, for example, @@ -5623,7 +5259,7 @@ t:5 then you can connect to that URL with any Java enabled browser. Feel free to customize the default index.vnc file in the classes directory. - As of May/2005 the [457]-http option will try to guess where the Java + As of May/2005 the -http option will try to guess where the Java classes jar file is by looking in expected locations and ones relative to the x11vnc binary. @@ -5632,14 +5268,13 @@ t:5 either the java or appletviewer commands to run the program. java -cp ./VncViewer.jar VncViewer HOST far-away.east PORT 5900 - Proxies: See the [458]discussion here if the web browser must use a - web proxy to connect to the internet. It is tricky to get Java applets - to work in this case: a signed applet must be used so it can connect - to the proxy and ask for the redirection to the VNC server. One way to - do this is to use the signed SSL one referred to in - classes/ssl/proxy.vnc and set disableSSL=yes (note that this has no - encryption; please use SSL or SSH as discuss elsewhere on this page) - in the URL or the file. + Proxies: See the discussion here if the web browser must use a web + proxy to connect to the internet. It is tricky to get Java applets to + work in this case: a signed applet must be used so it can connect to + the proxy and ask for the redirection to the VNC server. One way to do + this is to use the signed SSL one referred to in classes/ssl/proxy.vnc + and set disableSSL=yes (note that this has no encryption; please use + SSL or SSH as discuss elsewhere on this page) in the URL or the file. Q-65: Are reverse connections (i.e. the VNC server connecting to the @@ -5648,23 +5283,22 @@ t:5 As of Mar/2004 x11vnc supports reverse connections. On Unix one starts the VNC viewer in listen mode: "vncviewer -listen" (see your documentation for Windows, etc), and then starts up x11vnc with the - [459]-connect option. To connect immediately at x11vnc startup time - use the "-connect host:port" option (use commas for a list of hosts to - connect to.) The ":port" is optional (default is VNC listening port is - 5500.) + -connect option. To connect immediately at x11vnc startup time use the + "-connect host:port" option (use commas for a list of hosts to connect + to.) The ":port" is optional (default is VNC listening port is 5500.) If a file is specified instead: -connect /path/to/some/file then that file is checked periodically (about once a second) for new hosts to connect to. - The [460]-remote control option (aka -R) can also be used to do this - during an active x11vnc session, e.g.: + The -remote control option (aka -R) can also be used to do this during + an active x11vnc session, e.g.: x11vnc -display :0 -R connect:hostname.domain - Use the "[461]-connect_or_exit" option to have x11vnc exit if the - reverse connection fails. Also, note the "-rfbport 0" option disables - TCP listening for connections (potentially useful for reverse - connection mode, assuming you do not want any "forward" connections.) + Use the "-connect_or_exit" option to have x11vnc exit if the reverse + connection fails. Also, note the "-rfbport 0" option disables TCP + listening for connections (potentially useful for reverse connection + mode, assuming you do not want any "forward" connections.) Note that as of Mar/2006 x11vnc requires password authentication for reverse connections as well as for forward ones (assuming password @@ -5674,7 +5308,7 @@ x11vnc -display :0 -R connect:hostname.domain X11VNC_REVERSE_CONNECTION_NO_AUTH=1" to x11vnc. Vncconnect command: To use the vncconnect(1) program (from the core - VNC package at www.realvnc.com) specify the [462]-vncconnect option to + VNC package at www.realvnc.com) specify the -vncconnect option to x11vnc (Note: as of Dec/2004 -vncconnect is now the default.) vncconnect(1) must be pointed to the same X11 DISPLAY as x11vnc (since it uses X properties to communicate with x11vnc.) If you do not have @@ -5693,10 +5327,10 @@ xprop -root -f VNC_CONNECT 8s -set VNC_CONNECT "$1" proxy or SSH? Yes, as of Oct/2007 x11vnc supports reverse connections through - proxies: use the "[463]-proxy host:port" option. The default is to - assume the proxy is a Web proxy. Note that most Web proxies only allow - proxy destination connections to ports 443 (HTTPS) and 563 (SNEWS) and - so this might not be too useful unless the proxy has been modified + proxies: use the "-proxy host:port" option. The default is to assume + the proxy is a Web proxy. Note that most Web proxies only allow proxy + destination connections to ports 443 (HTTPS) and 563 (SNEWS) and so + this might not be too useful unless the proxy has been modified (AllowCONNECT apache setting) or the VNC viewer listens on one of those ports (or the router does a port redir.) A web proxy may also be specified via "-proxy http://host:port" @@ -5713,11 +5347,11 @@ xprop -root -f VNC_CONNECT 8s -set VNC_CONNECT "$1" connections. An experimental mode is "-proxy http://host:port/..." where the URL - (e.g. a CGI script) is retrieved via the GET method. See [464]-proxy - for more info. + (e.g. a CGI script) is retrieved via the GET method. See -proxy for + more info. Another experimental mode is "-proxy ssh://user@host" in which case a - SSH tunnel is used for the proxying. See [465]-proxy for more info. + SSH tunnel is used for the proxying. See -proxy for more info. Up to 3 proxies may be chained together by listing them by commas e.g.: "-proxy http://host1:port1,socks5://host2:port2" in case one @@ -5727,13 +5361,13 @@ xprop -root -f VNC_CONNECT 8s -set VNC_CONNECT "$1" Q-67: Can x11vnc provide a multi-user desktop web login service as an Apache CGI or PHP script? - Yes. See the example script [466]desktop.cgi for ideas. It is in the - source tree in the directory x11vnc/misc. It serves x11vnc's SSL - enabled Java Applet to the web browser with the correct connection - information for the user's virtual desktop (an [467]Xvfb session via - [468]-create; be sure to add the Xvfb package.) HTTPS/SSL enabled - Apache should be used to serve the script to avoid unix and vnc - passwords from being sent in cleartext and sniffed. + Yes. See the example script desktop.cgi for ideas. It is in the source + tree in the directory x11vnc/misc. It serves x11vnc's SSL enabled Java + Applet to the web browser with the correct connection information for + the user's virtual desktop (an Xvfb session via -create; be sure to + add the Xvfb package.) HTTPS/SSL enabled Apache should be used to + serve the script to avoid unix and vnc passwords from being sent in + cleartext and sniffed. By default it uses a separate VNC port for each user desktop (either by autoprobing in a range of ports or using a port based on the userid @@ -5742,14 +5376,14 @@ xprop -root -f VNC_CONNECT 8s -set VNC_CONNECT "$1" It is somewhat difficult to do all of this with x11vnc listening on a single port, however there is also a 'fixed port' scheme described in - the script based on [469]-loopbg that works fairly well (but more + the script based on -loopbg that works fairly well (but more experience is needed to see what problems contention for the same port causes; however at worst one user may need to re-login.) There is also an optional 'port redirection' mode for desktop.cgi that allows redirection to other machines inside the firewall already running SSL enabled VNC servers. This provides much of the - functionality as the [470]SSL Portal and is easier to set up. + functionality as the SSL Portal and is easier to set up. Q-68: Can I use x11vnc as a replacement for Xvnc? (i.e. not for a real @@ -5770,10 +5404,10 @@ xprop -root -f VNC_CONNECT 8s -set VNC_CONNECT "$1" (e.g. apt-get install xvfb) or our Xdummy program (see below.) In either case, one can view this desktop both remotely and also - [471]locally using vncviewer. Make sure vncviewer's "-encodings raw" - is in effect for local viewing (compression seems to slow things down + locally using vncviewer. Make sure vncviewer's "-encodings raw" is in + effect for local viewing (compression seems to slow things down locally.) For local viewing you set up a "bare" window manager that - just starts up vncviewer and nothing else ([472]See how below.) + just starts up vncviewer and nothing else (See how below.) Here is one way to start up Xvfb: xinit -- /usr/bin/Xvfb :1 -cc 4 -screen 0 1024x768x16 @@ -5793,20 +5427,19 @@ xprop -root -f VNC_CONNECT 8s -set VNC_CONNECT "$1" "screen scrape" it very efficiently (more than, say, 100X faster than normal video hardware.) - Update Nov/2006: See the [473]FINDCREATEDISPLAY discussion of the - "[474]-display WAIT:cmd=FINDDISPLAY" option where virtual (Xvfb or - Xdummy, or even real ones by changing an option) X servers are started - automatically for new users connecting. This provides a "desktop - service" for the machine. You either get your real X session or your - virtual (Xvfb/Xdummy) one whenever you connect to the machine - (inetd(8) is a nice way to provide this service.) The [475]-find, - [476]-create, [477]-svc, and [478]-xdmsvc aliases can also come in - handy here. + Update Nov/2006: See the FINDCREATEDISPLAY discussion of the "-display + WAIT:cmd=FINDDISPLAY" option where virtual (Xvfb or Xdummy, or even + real ones by changing an option) X servers are started automatically + for new users connecting. This provides a "desktop service" for the + machine. You either get your real X session or your virtual + (Xvfb/Xdummy) one whenever you connect to the machine (inetd(8) is a + nice way to provide this service.) The -find, -create, -svc, and + -xdmsvc aliases can also come in handy here. There are some annoyances WRT Xvfb however. The default keyboard - mapping seems to be very poor. One should run x11vnc with - [479]-add_keysyms option to have keysyms added automatically. Also, to - add the Shift_R and Control_R modifiers something like this is needed: + mapping seems to be very poor. One should run x11vnc with -add_keysyms + option to have keysyms added automatically. Also, to add the Shift_R + and Control_R modifiers something like this is needed: #!/bin/sh xmodmap -e "keycode any = Shift_R" xmodmap -e "add Shift = Shift_L Shift_R" @@ -5817,9 +5450,9 @@ xmodmap -e "keycode any = Alt_R" xmodmap -e "keycode any = Meta_L" xmodmap -e "add Mod1 = Alt_L Alt_R Meta_L" - (note: these are applied automatically in the [480]FINDCREATEDISPLAY - mode of x11vnc.) Perhaps the Xvfb options -xkbdb or -xkbmap could be - used to get a better default keyboard mapping... + (note: these are applied automatically in the FINDCREATEDISPLAY mode + of x11vnc.) Perhaps the Xvfb options -xkbdb or -xkbmap could be used + to get a better default keyboard mapping... Dummy Driver: A user points out a faster and more accurate method is to use the "dummy" Device Driver of XFree86/Xorg instead of Xvfb. He @@ -5832,14 +5465,14 @@ xmodmap -e "add Mod1 = Alt_L Alt_R Meta_L" The main drawback to this method (besides requiring extra configuration and possibly root permission) is that it also does the - Linux Virtual Console/Terminal (VC/VT) [481]switching even though it - does not need to (since it doesn't use a real framebuffer.) There are - some "dual headed" (actually multi-headed/multi-user) patches to the X + Linux Virtual Console/Terminal (VC/VT) switching even though it does + not need to (since it doesn't use a real framebuffer.) There are some + "dual headed" (actually multi-headed/multi-user) patches to the X server that turn off the VT usage in the X server. Update: As of - Jul/2005 we have an LD_PRELOAD script [482]Xdummy that allows you to - use a stock (i.e. unpatched) Xorg or XFree86 server with the "dummy" - driver and not have any VT switching problems! An advantage of Xdummy - over Xvfb is that Xdummy supports RANDR dynamic screen resizing. + Jul/2005 we have an LD_PRELOAD script Xdummy that allows you to use a + stock (i.e. unpatched) Xorg or XFree86 server with the "dummy" driver + and not have any VT switching problems! An advantage of Xdummy over + Xvfb is that Xdummy supports RANDR dynamic screen resizing. The standard way to start the "dummy" driver would be: startx -- :1 -config /etc/X11/xorg.conf.dummy @@ -5863,7 +5496,7 @@ x11vnc -display :5 -rfbport 5905 -bg vncviewer -geometry +0+0 -encodings raw -passwd $HOME/.vnc/passwd localhost:5 The display numbers (VNC and X) will likely be different (you could - also try [483]-find), and you may not need the -passwd. Recent RealVNC + also try -find), and you may not need the -passwd. Recent RealVNC viewers might be this: #!/bin/sh x11vnc -display :5 -rfbport 5905 -bg @@ -5881,7 +5514,7 @@ t:5 XDM/GDM/KDM One-Shot X sessions: For the general replacement of Xvnc by Xvfb+x11vnc, one user describes a similar setup he created where the X sessions are one-shot's (destroyed after the vncviewer - disconnects) and it uses the XDM/GDM/KDM login greeter [484]here. + disconnects) and it uses the XDM/GDM/KDM login greeter here. Q-69: How can I use x11vnc on "headless" machines? Why might I want @@ -5896,8 +5529,8 @@ t:5 An X server can be started on the headless machine (sometimes this requires configuring the X server to not fail if it cannot detect a keyboard or mouse, see the next paragraph.) Then you can export that X - display via x11vnc (e.g. see [485]this FAQ) and access it from - anywhere on the network via a VNC viewer. + display via x11vnc (e.g. see this FAQ) and access it from anywhere on + the network via a VNC viewer. Some tips on getting X servers to start on machines without keyboard or mouse: For XFree86/Xorg the Option "AllowMouseOpenFail" "true" @@ -5920,11 +5553,10 @@ t:5 cards as it can hold to provide multiple simultaneous access or testing on different kinds of video hardware. - See also the [486]FINDCREATEDISPLAY discussion of the "[487]-display + See also the FINDCREATEDISPLAY discussion of the "-display WAIT:cmd=FINDDISPLAY" option where virtual Xvfb or Xdummy, or real X - servers are started automatically for new users connecting. The - [488]-find, [489]-create, [490]-svc, and [491]-xdmsvc aliases can also - come in handy here. + servers are started automatically for new users connecting. The -find, + -create, -svc, and -xdmsvc aliases can also come in handy here. [Resource Usage and Performance] @@ -5946,8 +5578,8 @@ t:5 19/03/2004 10:10:58 error creating tile-row shm for len=4 19/03/2004 10:10:58 reverting to single_copytile mode - Here is a shell script [492]shm_clear to list and prompt for removal - of your unattached shm segments (attached ones are skipped.) I use it + Here is a shell script shm_clear to list and prompt for removal of + your unattached shm segments (attached ones are skipped.) I use it while debugging x11vnc (I use "shm_clear -y" to assume "yes" for each prompt.) If x11vnc is regularly not cleaning up its shm segments, please contact me so we can work to improve the situation. @@ -5980,46 +5612,46 @@ ied) in /etc/system. See the next paragraph for more workarounds. To minimize the number of shm segments used by x11vnc try using the - [493]-onetile option (corresponds to only 3 shm segments used, and - adding -fs 1.0 knocks it down to 2.) If you are having much trouble - with shm segments, consider disabling shm completely via the - [494]-noshm option. Performance will be somewhat degraded but when - done over local machine sockets it should be acceptable (see an - [495]earlier question discussing -noshm.) + -onetile option (corresponds to only 3 shm segments used, and adding + -fs 1.0 knocks it down to 2.) If you are having much trouble with shm + segments, consider disabling shm completely via the -noshm option. + Performance will be somewhat degraded but when done over local machine + sockets it should be acceptable (see an earlier question discussing + -noshm.) Q-71: How can I make x11vnc use less system resources? - The [496]-nap (now on by default; use -nonap to disable) and - "[497]-wait n" (where n is the sleep between polls in milliseconds, - the default is 30 or so) option are good places to start. In addition, - something like "[498]-sb 15" will cause x11vnc to go into a deep-sleep - mode after 15 seconds of no activity (instead of the default 60.) + The -nap (now on by default; use -nonap to disable) and "-wait n" + (where n is the sleep between polls in milliseconds, the default is 30 + or so) option are good places to start. In addition, something like + "-sb 15" will cause x11vnc to go into a deep-sleep mode after 15 + seconds of no activity (instead of the default 60.) Reducing the X server bits per pixel depth (e.g. to 16bpp or even 8bpp) will further decrease memory I/O and network I/O. The ShadowFB X server setting will make x11vnc's screen polling less severe. Using - the [499]-onetile option will use less memory and use fewer shared - memory slots (add [500]-fs 1.0 for one less slot.) + the -onetile option will use less memory and use fewer shared memory + slots (add -fs 1.0 for one less slot.) Q-72: How can I make x11vnc use MORE system resources? - You can try [501]-threads (note this mode can be unstable and/or - crash; and as of May/2008 is strongly discouraged, see the option - description) or dial down the wait time (e.g. -wait 1) and possibly - dial down [502]-defer as well. Note that if you try to increase the - "frame rate" too much you can bog down the server end with the extra - work it needs to do compressing the framebuffer data, etc. + You can try -threads (note this mode can be unstable and/or crash; and + as of May/2008 is strongly discouraged, see the option description) or + dial down the wait time (e.g. -wait 1) and possibly dial down -defer + as well. Note that if you try to increase the "frame rate" too much + you can bog down the server end with the extra work it needs to do + compressing the framebuffer data, etc. That said, it is possible to "stream" video via x11vnc if the video window is small enough. E.g. a 256x192 xawtv TV capture window (using - the x11vnc [503]-id option) can be streamed over a LAN or wireless at - a reasonable frame rate. If the graphics card's framebuffer read rate - is [504]faster than normal then the video window size and frame rate - can be much higher. The use of [505]TurboVNC and/or TurboJPEG can make - the frame rate somewhat higher still (but most of this hinges on the - graphics card's read rate.) + the x11vnc -id option) can be streamed over a LAN or wireless at a + reasonable frame rate. If the graphics card's framebuffer read rate is + faster than normal then the video window size and frame rate can be + much higher. The use of TurboVNC and/or TurboJPEG can make the frame + rate somewhat higher still (but most of this hinges on the graphics + card's read rate.) Q-73: I use x11vnc over a slow link with high latency (e.g. dialup @@ -6033,8 +5665,8 @@ ied) (reduces amount of data needed to be polled, compressed, and sent) * Use a smaller desktop size (e.g. 1024x768 instead of 1280x1024) * Make sure the desktop background is a solid color (the background - is resent every time it is re-exposed.) Consider using the - [506]-solid [color] option to try to do this automatically. + is resent every time it is re-exposed.) Consider using the -solid + [color] option to try to do this automatically. * Configure your window manager or desktop "theme" to not use fancy images, shading, and gradients for the window decorations, etc. Disable window animations, etc. Maybe your desktop has a "low @@ -6043,11 +5675,11 @@ ied) -> Use Smooth Scrolling (deselect it.) * Avoid small scrolls of large windows using the Arrow keys or scrollbar. Try to use PageUp/PageDown instead. (not so much of a - problem in x11vnc 0.7.2 if [507]-scrollcopyrect is active and - detecting scrolls for the application.) - * If the [508]-wireframe option is not available (earlier than - x11vnc 0.7.2 or you have disabled it via -nowireframe) then - Disable Opaque Moves and Resizes in the window manager/desktop. + problem in x11vnc 0.7.2 if -scrollcopyrect is active and detecting + scrolls for the application.) + * If the -wireframe option is not available (earlier than x11vnc + 0.7.2 or you have disabled it via -nowireframe) then Disable + Opaque Moves and Resizes in the window manager/desktop. * However if -wireframe is active (on by default in x11vnc 0.7.2) then you should Enable Opaque Moves and Resizes in the window manager! This seems counter-intuitive, but because x11vnc detects @@ -6068,16 +5700,15 @@ ied) noticed. VNC viewer parameters: - * Use a [509]TightVNC enabled viewer! (Actually, RealVNC 4.x viewer - with ZRLE encoding is not too bad either; some claim it is - faster.) + * Use a TightVNC enabled viewer! (Actually, RealVNC 4.x viewer with + ZRLE encoding is not too bad either; some claim it is faster.) * Make sure the tight (or zrle) encoding is being used (look at vncviewer and x11vnc outputs) * Request 8 bits per pixel using -bgr233 (up to 4X speedup over depth 24 TrueColor (32bpp), but colors will be off) * RealVNC 4.x viewer has some extremely low color modes (only 64 and - even 8 colors.) [510]SSVNC does too. The colors are poor, but it - is usually noticeably faster than bgr233 (256 colors.) + even 8 colors.) SSVNC does too. The colors are poor, but it is + usually noticeably faster than bgr233 (256 colors.) * Try increasing the TightVNC -compresslevel (compresses more on server side before sending, but uses more CPU) * Try reducing the TightVNC -quality (increases JPEG compression, @@ -6090,41 +5721,41 @@ ied) file. x11vnc parameters: - * Make sure the [511]-wireframe option is active (it should be on by + * Make sure the -wireframe option is active (it should be on by default) and you have Opaque Moves/Resizes Enabled in the window manager. - * Make sure the [512]-scrollcopyrect option is active (it should be - on by default.) This detects scrolls in many (but not all) - applications an applies the CopyRect encoding for a big speedup. + * Make sure the -scrollcopyrect option is active (it should be on by + default.) This detects scrolls in many (but not all) applications + an applies the CopyRect encoding for a big speedup. * Enforce a solid background when VNC viewers are connected via - [513]-solid - * Try x11vnc's client-side caching [514]client-side caching scheme: - [515]-ncache - * Specify [516]-speeds modem to force the wireframe and - scrollcopyrect heuristic parameters (and any future ones) to those - of a dialup modem connection (or supply the rd,bw,lat numerical - values that characterize your link.) + -solid + * Try x11vnc's client-side caching client-side caching scheme: + -ncache + * Specify -speeds modem to force the wireframe and scrollcopyrect + heuristic parameters (and any future ones) to those of a dialup + modem connection (or supply the rd,bw,lat numerical values that + characterize your link.) * If wireframe and scrollcopyrect aren't working, try using the more - drastic [517]-nodragging (no screen updates when dragging mouse, - but sometimes you miss visual feedback) - * Set [518]-fs 1.0 (disables fullscreen updates) - * Try increasing [519]-wait or [520]-defer (reduces the maximum - "frame rate", but won't help much for large screen changes) - * Try the [521]-progressive pixelheight mode with the block - pixelheight 100 or so (delays sending vertical blocks since they - may change while viewer is receiving earlier ones) - * If you just want to watch one (simple) window use [522]-id or - [523]-appshare (cuts down extraneous polling and updates, but can - be buggy or insufficient) - * Set [524]-nosel (disables all clipboard selection exchange) - * Use [525]-nocursor and [526]-nocursorpos (repainting the remote - cursor position and shape takes resources and round trips) + drastic -nodragging (no screen updates when dragging mouse, but + sometimes you miss visual feedback) + * Set -fs 1.0 (disables fullscreen updates) + * Try increasing -wait or -defer (reduces the maximum "frame rate", + but won't help much for large screen changes) + * Try the -progressive pixelheight mode with the block pixelheight + 100 or so (delays sending vertical blocks since they may change + while viewer is receiving earlier ones) + * If you just want to watch one (simple) window use -id or -appshare + (cuts down extraneous polling and updates, but can be buggy or + insufficient) + * Set -nosel (disables all clipboard selection exchange) + * Use -nocursor and -nocursorpos (repainting the remote cursor + position and shape takes resources and round trips) * On very slow links (e.g. <= 28.8) you may need to increase the - [527]-readtimeout n setting if it sometimes takes more than 20sec - to paint the full screen, etc. - * Do not use [528]-fixscreen to automatically refresh the whole - screen, tap three Alt_L's then the screen has painting errors - (rare problem.) + -readtimeout n setting if it sometimes takes more than 20sec to + paint the full screen, etc. + * Do not use -fixscreen to automatically refresh the whole screen, + tap three Alt_L's then the screen has painting errors (rare + problem.) Example for the KDE desktop: @@ -6191,7 +5822,7 @@ ied) Note that the DAMAGE extension does not speed up the actual reading of pixels from the video card framebuffer memory, by, say, mirroring them - in main memory. So reading the fb is still painfully [529]slow (e.g. + in main memory. So reading the fb is still painfully slow (e.g. 5MB/sec), and so even using X DAMAGE when large changes occur on the screen the bulk of the time is still spent retrieving them. Not ideal, but use of the ShadowFB XFree86/Xorg option speeds up the reading @@ -6209,77 +5840,76 @@ ied) DAMAGE rectangles to contain real damage. The larger rectangles are only used as hints to focus the traditional scanline polling (i.e. if a scanline doesn't intersect a recent DAMAGE rectangle, the scan is - skipped.) You can use the "[530]-xd_area A" option to adjust the size - of the trusted DAMAGE rectangles. The default is 20000 pixels (e.g. a + skipped.) You can use the "-xd_area A" option to adjust the size of + the trusted DAMAGE rectangles. The default is 20000 pixels (e.g. a 140x140 square, etc.) Use "-xd_area 0" to disable the cutoff and trust all DAMAGE rectangles. - The option "[531]-xd_mem f" may also be of use in tuning the - algorithm. To disable using DAMAGE entirely use "[532]-noxdamage". + The option "-xd_mem f" may also be of use in tuning the algorithm. To + disable using DAMAGE entirely use "-noxdamage". Q-75: My OpenGL application shows no screen updates unless I supply the -noxdamage option to x11vnc. One user reports in his environment (MythTV using the NVIDIA OpenGL drivers) he gets no updates after the initial screen is drawn unless - he uses the "[533]-noxdamage" option. + he uses the "-noxdamage" option. This seems to be a bug in the X DAMAGE implementation of that driver. You may have to use -noxdamage as well. A way to autodetect this will be tried, probably the best it will do is automatically stop using X DAMAGE. - A developer for [534]MiniMyth reports that the 'alphapulse' tag of the + A developer for MiniMyth reports that the 'alphapulse' tag of the theme G.A.N.T. can also cause problems, and should be avoided when using VNC. - Update: see [535]this FAQ too. + Update: see this FAQ too. Q-76: When I drag windows around with the mouse or scroll up and down things really bog down (unless I do the drag in a single, quick motion.) Is there anything to do to improve things? - This problem is primarily due to [536]slow hardware read rates from - video cards: as you scroll or move a large window around the screen - changes are much too rapid for x11vnc to keep up them (it can usually - only read the video card at about 5-10 MB/sec, so it can take a good + This problem is primarily due to slow hardware read rates from video + cards: as you scroll or move a large window around the screen changes + are much too rapid for x11vnc to keep up them (it can usually only + read the video card at about 5-10 MB/sec, so it can take a good fraction of a second to read the changes induce from moving a large window, if this to be done a number of times in succession the window or scroll appears to "lurch" forward.) See the description in the - [537]-pointer_mode option for more info. The next bottleneck is - compressing all of these changes and sending them out to connected - viewers, however the VNC protocol is pretty much self-adapting with - respect to that (updates are only packaged and sent when viewers ask - for them.) + -pointer_mode option for more info. The next bottleneck is compressing + all of these changes and sending them out to connected viewers, + however the VNC protocol is pretty much self-adapting with respect to + that (updates are only packaged and sent when viewers ask for them.) As of Jan/2004 there are some improvements to libvncserver. The default should now be much better than before and dragging small windows around should no longer be a huge pain. If for some reason these changes make matters worse, you can go back to the old way via - the "[538]-pointer_mode 1" option. + the "-pointer_mode 1" option. - Also added was the [539]-nodragging option that disables all screen - updates while dragging with the mouse (i.e. mouse motion with a button - held down.) This gives the snappiest response, but might be undesired - in some circumstances when you want to see the visual feedback while + Also added was the -nodragging option that disables all screen updates + while dragging with the mouse (i.e. mouse motion with a button held + down.) This gives the snappiest response, but might be undesired in + some circumstances when you want to see the visual feedback while dragging (e.g. menu traversal or text selection.) - As of Dec/2004 the [540]-pointer_mode n option was introduced. n=1 is - the original mode, n=2 an improvement, etc.. See the -pointer_mode n - help for more info. + As of Dec/2004 the -pointer_mode n option was introduced. n=1 is the + original mode, n=2 an improvement, etc.. See the -pointer_mode n help + for more info. - Also, in some circumstances the [541]-threads option can improve - response considerably. Be forewarned that if more than one vncviewer - is connected at the same time then libvncserver may not be thread safe + Also, in some circumstances the -threads option can improve response + considerably. Be forewarned that if more than one vncviewer is + connected at the same time then libvncserver may not be thread safe (try to get the viewers to use different VNC encodings, e.g. tight and ZRLE.) This option can be unstable and so as of Feb/2008 it is disabled by default. Set env. X11VNC_THREADED=1 to re-enable. - As of Apr/2005 two new options (see the [542]wireframe FAQ and - [543]scrollcopyrect FAQ below) provide schemes to sweep this problem - under the rug for window moves or resizes and for some (but not all) - window scrolls. These are the preferred way of avoiding the "lurching" + As of Apr/2005 two new options (see the wireframe FAQ and + scrollcopyrect FAQ below) provide schemes to sweep this problem under + the rug for window moves or resizes and for some (but not all) window + scrolls. These are the preferred way of avoiding the "lurching" problem, contact me if they are not working. Note on SuSE and some other distros the RECORD X extension used by scrollcopyrect is not enabled by default, turn it on in xorg.conf: @@ -6301,21 +5931,21 @@ EndSection the window move/resize stops, it returns to normal processing: you should only see the window appear in the new position. This spares you from interacting with a "lurching" window between all of the - intermediate steps. BTW the lurching is due to [544]slow video card - read rates (see [545]here too.) A displacement, even a small one, of a - large window requires a non-negligible amount of time, a good fraction - of a second, to read in from the hardware framebuffer. + intermediate steps. BTW the lurching is due to slow video card read + rates (see here too.) A displacement, even a small one, of a large + window requires a non-negligible amount of time, a good fraction of a + second, to read in from the hardware framebuffer. Note that Opaque Moves/Resizes must be Enabled by your window manager for -wireframe to do any good. The mode is currently on by default because most people are afflicted - with the problem. It can be disabled with the [546]-nowireframe option - (aka -nowf.) Why might one want to turn off the wireframing? Since - x11vnc is merely guessing when windows are being moved/resized, it may - guess poorly for your window-manager or desktop, or even for the way - you move the pointer. If your window-manager or desktop already does - its own wireframing then this mode is a waste of time and could do the + with the problem. It can be disabled with the -nowireframe option (aka + -nowf.) Why might one want to turn off the wireframing? Since x11vnc + is merely guessing when windows are being moved/resized, it may guess + poorly for your window-manager or desktop, or even for the way you + move the pointer. If your window-manager or desktop already does its + own wireframing then this mode is a waste of time and could do the wrong thing occasionally. There may be other reasons the new mode feels unnatural. If you have very expensive video hardware (SGI, well now even proprietary Xorg drivers are fast at reading) or are using an @@ -6356,22 +5986,22 @@ EndSection * Maximum time to show a wireframe animation. * Minimum time between sending wireframe outlines. - See the [547]"-wireframe tweaks" option for more details. On a slow - link, e.g. dialup modem, the parameters may be automatically adjusted - for better response. + See the "-wireframe tweaks" option for more details. On a slow link, + e.g. dialup modem, the parameters may be automatically adjusted for + better response. CopyRect encoding: In addition to the above there is the - [548]"-wirecopyrect mode" option. It is also on by default. This - instructs x11vnc to not only show the wireframe animation, but to also - instruct all connected VNC viewers to locally translate the window - image data from the original position to the new position on the - screen when the animation is done. This speedup is the VNC CopyRect - encoding: the framebuffer update doesn't need to send the actual new - image data. This is nice in general, and very convenient over a slow - link, but since it is based on heuristics you may need to disable it - with the -nowirecopyrect option (aka -nowcr) if it works incorrectly - or unnaturally for you. + "-wirecopyrect mode" option. It is also on by default. This instructs + x11vnc to not only show the wireframe animation, but to also instruct + all connected VNC viewers to locally translate the window image data + from the original position to the new position on the screen when the + animation is done. This speedup is the VNC CopyRect encoding: the + framebuffer update doesn't need to send the actual new image data. + This is nice in general, and very convenient over a slow link, but + since it is based on heuristics you may need to disable it with the + -nowirecopyrect option (aka -nowcr) if it works incorrectly or + unnaturally for you. The -wirecopyrect modes are: "never" (same as -nowirecopyrect); "top", only apply the CopyRect if the window is appears to be on the top of @@ -6410,7 +6040,7 @@ EndSection requiring the image data to be transmitted over the network. For fast links the speedup is primarily due to x11vnc not having to read the scrolled framebuffer data from the X server (recall that reading from - the hardware framebuffer is [549]slow.) + the hardware framebuffer is slow.) To do this x11vnc uses the RECORD X extension to snoop the X11 protocol between the X client with the focus window and the X server. @@ -6437,13 +6067,13 @@ EndSection the X server display: if one falls too far behind it could become a mess... - The initial implementation of [550]-scrollcopyrect option is useful in - that it detects many scrolls and thus gives a much nicer working - environment (especially when combined with the [551]-wireframe - [552]-wirecopyrect [553]options, which are also on by default; and if - you are willing to enable the ShadowFB things are very fast.) The fact - that there aren't long delays or lurches during scrolling is the - primary improvement. + The initial implementation of -scrollcopyrect option is useful in that + it detects many scrolls and thus gives a much nicer working + environment (especially when combined with the -wireframe + -wirecopyrect options, which are also on by default; and if you are + willing to enable the ShadowFB things are very fast.) The fact that + there aren't long delays or lurches during scrolling is the primary + improvement. But there are some drawbacks: * Not all scrolls are detected. Some apps scroll windows in ways @@ -6473,10 +6103,10 @@ EndSection One can tap the Alt_L key (Left "Alt" key) 3 times in a row to signal x11vnc to refresh the screen to all viewers. Your VNC-viewer may have its own screen refresh hot-key or button. See - also: [554]-fixscreen + also: -fixscreen * Some applications, notably OpenOffice, do XCopyArea scrolls in weird ways that assume ancestor window clipping is taking place. - See the [555]-scr_skip option for ways to tweak this on a + See the -scr_skip option for ways to tweak this on a per-application basis. * Selecting text while dragging the mouse may be slower, especially if the Button-down event happens near the window's edge. This is @@ -6493,7 +6123,7 @@ EndSection because it fails to detect scrolls in it. Sometimes clicking inside the application window or selecting some text in it to force the focus helps. - * When using the [556]-scale option there will be a quick CopyRect + * When using the -scale option there will be a quick CopyRect scroll, but it needs to be followed by a slower "cleanup" update. This is because for a fixed finite screen resolution (e.g. 75 dpi) scaling and copyrect-ing are not exactly independent. Scaling @@ -6506,8 +6136,8 @@ EndSection If you find the -scrollcopyrect behavior too approximate or distracting you can go back to the standard polling-only update method - with the [557]-noscrollcopyrect (or -noscr for short.) If you find - some extremely bad and repeatable behavior for -scrollcopyrect please + with the -noscrollcopyrect (or -noscr for short.) If you find some + extremely bad and repeatable behavior for -scrollcopyrect please report a bug. Alternatively, as with -wireframe, there are many tuning parameters to @@ -6531,10 +6161,10 @@ EndSection that pixel data is needed again it does not have to be retransmitted over the network. - As of Dec/2006 in the [558]0.9 development tarball there is an - experimental client-side caching implementation enabled by the - "[559]-ncache n" option. In fact, during the test period it was on by - default with n set to 10. To disable it use "-noncache". + As of Dec/2006 in the 0.9 development tarball there is an experimental + client-side caching implementation enabled by the "-ncache n" option. + In fact, during the test period it was on by default with n set to 10. + To disable it use "-noncache". It is a simple scheme where a (very large) lower portion of the framebuffer (i.e. starting just below the user's actual desktop @@ -6560,7 +6190,7 @@ EndSection there is a bug: you can scroll down in your viewer and see a strange "history" of windows on your desktop. This is working as intended. One will need to try to adjust the size of his VNC Viewer window so the - cache area cannot be seen. [560]SSVNC (see below) can do this + cache area cannot be seen. SSVNC (see below) can do this automatically. At some point LibVNCServer may implement a "rfbFBCrop" pseudoencoding @@ -6569,17 +6199,17 @@ EndSection perhaps something else, maybe double buffering or other offscreen rendering...) - The Enhanced TightVNC Viewer (SSVNC) Unix viewer has a nice - [561]-ycrop option to help hide the pixel cache area from view. It - will turn on automatically if the framebuffer appears to be very tall - (height more than twice the width), or you can supply the actual value - for the height. If the screen is resized by scaling, etc, the ycrop - value is scaled as well. In fullscreen mode you cannot scroll past the - end of the actual screen, and in non-fullscreen mode the window - manager frame is adjusted to fit the actual display (so you don't see - the pixel cache region) and the scrollbars are very thin to avoid - distraction and trouble fitting inside your display. Use the "-sbwidth - n" viewer option to make the scrollbars thicker if you like. + The Enhanced TightVNC Viewer (SSVNC) Unix viewer has a nice -ycrop + option to help hide the pixel cache area from view. It will turn on + automatically if the framebuffer appears to be very tall (height more + than twice the width), or you can supply the actual value for the + height. If the screen is resized by scaling, etc, the ycrop value is + scaled as well. In fullscreen mode you cannot scroll past the end of + the actual screen, and in non-fullscreen mode the window manager frame + is adjusted to fit the actual display (so you don't see the pixel + cache region) and the scrollbars are very thin to avoid distraction + and trouble fitting inside your display. Use the "-sbwidth n" viewer + option to make the scrollbars thicker if you like. Another drawback of the scheme is that it is VERY memory intensive, the n in "-ncache n" is the factor of increase over the base @@ -6601,7 +6231,7 @@ EndSection an additional factor of 2 in memory use. However, even in the smallest usage mode with n equal 2 and - [562]-ncache_no_rootpixmap set (this requires only 2X additional + -ncache_no_rootpixmap set (this requires only 2X additional framebuffer memory) there is still a noticable improvement for many activities, although it is not as dramatic as with, say n equal 12 and rootpixmap (desktop background) caching enabled. @@ -6612,8 +6242,8 @@ EndSection be tuned to use less, or the VNC community will extend the protocol to allow caching and replaying of compressed blobs of data. - Another option to experiment with is "[563]-ncache_cr". By specifying - it, x11vnc will try to do smooth opaque window moves instead of its + Another option to experiment with is "-ncache_cr". By specifying it, + x11vnc will try to do smooth opaque window moves instead of its wireframe. This can give a very nice effect (note: on Unix the realvnc viewer seems to be smoother than the tightvnc viewer), but can lead to some painting problems, and can be jerky in some circumstances. @@ -6669,24 +6299,24 @@ EndSection As of Feb/2009 (development tarball) there is an experimental kludge to let you build x11vnc using TurboVNC's modified TightVNC encoding. - [564]TurboVNC is part of the [565]VirtualGL project. It does two main - things to speed up the TightVNC encoding: + TurboVNC is part of the VirtualGL project. It does two main things to + speed up the TightVNC encoding: * It eliminates bottlenecks, overheads, wait-times in the TightVNC encoding implementation and instead only worries about sending very well (and quickly) compressed JPEG data. * A fast proprietary JPEG implemention is used (Intel IPP on x86) - instead of the usual libjpeg implementation. [566]TurboJPEG is an + instead of the usual libjpeg implementation. TurboJPEG is an interface library, libturbojpeg, provided by the project that achieves this. TurboVNC works very well over LAN and evidently fast Broadband too. When using it with x11vnc in such a situation you may want to dial - down the delays, e.g. "[567]-wait 5" and "[568]-defer 5" (or even a - smaller setting) to poll and pump things out more quickly. + down the delays, e.g. "-wait 5" and "-defer 5" (or even a smaller + setting) to poll and pump things out more quickly. See the instructions in "x11vnc/misc/turbovnc/README" for how to build x11vnc with TurboVNC support. You will also need to download the - [569]TurboJPEG software. + TurboJPEG software. In brief, the steps look like this: cd x11vnc-x.y.z/x11vnc/misc/turbovnc @@ -6698,28 +6328,27 @@ EndSection where you replace "/DIR" with the directory containing libturbojpeg.so you downloaded separately. If it works out well enough TurboVNC support will be integrated into x11vnc and more of its tuning features - will be implemented. Support for TurboVNC in [570]SSVNC viewer has - been added as an experiment as well. If you try either one, let us - know how it went. + will be implemented. Support for TurboVNC in SSVNC viewer has been + added as an experiment as well. If you try either one, let us know how + it went. There also may be some Linux.i686 and Darwin.i386 x11vnc binaries with - TurboVNC support in the [571]misc. bins directory. For other platforms - you will need to compile yourself. + TurboVNC support in the misc. bins directory. For other platforms you + will need to compile yourself. On relatively cheap and old hardware (Althon64 X2 5000+ / GeForce - 6200) x11vnc and [572]SSVNC, both TurboVNC enabled, were able to - sustain 13.5 frames/sec (fps) and 15 Megapixels/sec using the - VirtualGL supplied OpenGL benchmark program glxspheres. VirtualGL on - higher-end hardware can sustain [573]20-30 fps with the glxspheres - benchmark. - - Potential Slowdown: As we describe [574]elsewhere, unless you use - x11vnc with an X server using, say, NVidia proprietary drivers (or a - virtual X server like Xvfb or Xdummy, or in ShadowFB mode), then the - read rate from the graphics card can be rather slow (e.g. 10 MB/sec) - and becomes the bottleneck when using x11vnc over fast networks. Note - that all of Xorg's drivers currently (2009) have slow read rates (only - proprietary drivers appear to have optimized reads.) + 6200) x11vnc and SSVNC, both TurboVNC enabled, were able to sustain + 13.5 frames/sec (fps) and 15 Megapixels/sec using the VirtualGL + supplied OpenGL benchmark program glxspheres. VirtualGL on higher-end + hardware can sustain 20-30 fps with the glxspheres benchmark. + + Potential Slowdown: As we describe elsewhere, unless you use x11vnc + with an X server using, say, NVidia proprietary drivers (or a virtual + X server like Xvfb or Xdummy, or in ShadowFB mode), then the read rate + from the graphics card can be rather slow (e.g. 10 MB/sec) and becomes + the bottleneck when using x11vnc over fast networks. Note that all of + Xorg's drivers currently (2009) have slow read rates (only proprietary + drivers appear to have optimized reads.) So under these (more or less typical) conditions, the speed improvement provided by TurboVNC may only be marginal. Look for this @@ -6753,23 +6382,22 @@ EndSection this is because the cursor shape is often downloaded to the graphics hardware (video card), but I could be mistaken. - A simple kludge is provided by the "[575]-cursor X" option that - changes the cursor when the mouse is on the root background (or any - window has the same cursor as the root background.) Note that desktops - like GNOME or KDE often cover up the root background, so this won't - work for those cases. Also see the "[576]-cursor some" option for - additional kludges. + A simple kludge is provided by the "-cursor X" option that changes the + cursor when the mouse is on the root background (or any window has the + same cursor as the root background.) Note that desktops like GNOME or + KDE often cover up the root background, so this won't work for those + cases. Also see the "-cursor some" option for additional kludges. Note that as of Aug/2004 on Solaris using the SUN_OVL overlay extension and IRIX, x11vnc can show the correct mouse cursor when the - [577]-overlay option is supplied. See [578]this FAQ for more info. + -overlay option is supplied. See this FAQ for more info. Also as of Dec/2004 XFIXES X extension support has been added to allow exact extraction of the mouse cursor shape. XFIXES fixes the problem of the cursor-shape being write-only: x11vnc can now query the X server for the current shape and send it back to the connected viewers. XFIXES is available on recent Linux Xorg based distros and - [579]Solaris 10. + Solaris 10. The only XFIXES issue is the handling of alpha channel transparency in cursors. If a cursor has any translucency then in general it must be @@ -6777,7 +6405,7 @@ EndSection situations where the cursor transparency can also handled exactly: when the VNC Viewer requires the cursor shape be drawn into the VNC framebuffer or if you apply a patch to your VNC Viewer to extract - hidden alpha channel data under 32bpp. [580]Details can be found here. + hidden alpha channel data under 32bpp. Details can be found here. Q-82: When using XFIXES cursorshape mode, some of the cursors look @@ -6810,22 +6438,21 @@ EndSection for most cursor themes and you don't have to worry about it. In case it still looks bad for your cursor theme, there are (of - course!) some tunable parameters. The "[581]-alphacut n" option lets - you set the threshold "n" (between 0 and 255): cursor pixels with - alpha values below n will be considered completely transparent while - values equal to or above n will be completely opaque. The default is - 240. The "[582]-alphafrac f" option tries to correct individual - cursors that did not fare well with the default -alphacut value: if a - cursor has less than fraction f (between 0.0 and 1.0) of its pixels - selected by the default -alphacut, the threshold is lowered until f of - its pixels are selected. The default fraction is 0.33. - - Finally, there is an option [583]-alpharemove that is useful for - themes where many cursors are light colored (e.g. "whiteglass".) - XFIXES returns the cursor data with the RGB values pre-multiplied by - the alpha value. If the white cursors look too grey, specify - -alpharemove to brighten them by having x11vnc divide out the alpha - value. + course!) some tunable parameters. The "-alphacut n" option lets you + set the threshold "n" (between 0 and 255): cursor pixels with alpha + values below n will be considered completely transparent while values + equal to or above n will be completely opaque. The default is 240. The + "-alphafrac f" option tries to correct individual cursors that did not + fare well with the default -alphacut value: if a cursor has less than + fraction f (between 0.0 and 1.0) of its pixels selected by the default + -alphacut, the threshold is lowered until f of its pixels are + selected. The default fraction is 0.33. + + Finally, there is an option -alpharemove that is useful for themes + where many cursors are light colored (e.g. "whiteglass".) XFIXES + returns the cursor data with the RGB values pre-multiplied by the + alpha value. If the white cursors look too grey, specify -alpharemove + to brighten them by having x11vnc divide out the alpha value. One user played with these parameters and reported back: Of the cursor themes present on my system: @@ -6846,12 +6473,11 @@ EndSection alpha channel data to libvncserver. However, this data will only be used for VNC clients that do not support the CursorShapeUpdates VNC extension (or have disabled it.) It can be disabled for all clients - with the [584]-nocursorshape x11vnc option. In this case the cursor is + with the -nocursorshape x11vnc option. In this case the cursor is drawn, correctly blended with the background, into the VNC framebuffer before being sent out to the client. So the alpha blending is done on - the x11vnc side. Use the [585]-noalphablend option to disable this - behavior (always approximate transparent cursors with opaque RGB - values.) + the x11vnc side. Use the -noalphablend option to disable this behavior + (always approximate transparent cursors with opaque RGB values.) The CursorShapeUpdates VNC extension complicates matters because the cursor shape is sent to the VNC viewers supporting it, and the viewers @@ -6873,18 +6499,18 @@ EndSection example on how to change the Windows TightVNC viewer to achieve the same thing (send me the patch if you get that working.) - This patch is applied to the [586]Enhanced TightVNC Viewer (SSVNC) - package we provide. + This patch is applied to the Enhanced TightVNC Viewer (SSVNC) package + we provide. [Mouse Pointer] Q-84: Why does the mouse arrow just stay in one corner in my vncviewer, whereas my cursor (that does move) is just a dot? - This default takes advantage of a [587]tightvnc extension + This default takes advantage of a tightvnc extension (CursorShapeUpdates) that allows specifying a cursor image shape for - the local VNC viewer. You may disable it with the [588]-nocursor - option to x11vnc if your viewer does not have this extension. + the local VNC viewer. You may disable it with the -nocursor option to + x11vnc if your viewer does not have this extension. Note: as of Aug/2004 this should be fixed: the default for non-tightvnc viewers (or ones that do not support CursorShapeUpdates) @@ -6897,26 +6523,26 @@ EndSection clients (i.e. passive viewers can see the mouse cursor being moved around by another viewer)? - Use the [589]-cursorpos option when starting x11vnc. A VNC viewer must + Use the -cursorpos option when starting x11vnc. A VNC viewer must support the Cursor Positions Updates for the user to see the mouse motions (the TightVNC viewers support this.) As of Aug/2004 -cursorpos - is the default. See also [590]-nocursorpos and [591]-nocursorshape. + is the default. See also -nocursorpos and -nocursorshape. Q-86: Is it possible to swap the mouse buttons (e.g. left-handed operation), or arbitrarily remap them? How about mapping button clicks to keystrokes, e.g. to partially emulate Mouse wheel scrolling? - You can remap the mouse buttons via something like: [592]-buttonmap - 13-31 (or perhaps 12-21.) Also, note that xmodmap(1) lets you directly + You can remap the mouse buttons via something like: -buttonmap 13-31 + (or perhaps 12-21.) Also, note that xmodmap(1) lets you directly adjust the X server's button mappings, but in some circumstances it might be more desirable to have x11vnc do it. One user had an X server with only one mouse button(!) and was able to map all of the VNC client mouse buttons to it via: -buttonmap 123-111. - Note that the [593]-debug_pointer option prints out much info for - every mouse/pointer event and is handy in solving problems. + Note that the -debug_pointer option prints out much info for every + mouse/pointer event and is handy in solving problems. To map mouse button clicks to keystrokes you can use the alternate format where the keystrokes are enclosed between colons like this @@ -6937,8 +6563,8 @@ EndSection Exactly what keystroke "scrolling" events they should be bound to depends on one's taste. If this method is too approximate, one could - consider not using [594]-buttonmap but rather configuring the X server - to think it has a mouse with 5 buttons even though the physical mouse + consider not using -buttonmap but rather configuring the X server to + think it has a mouse with 5 buttons even though the physical mouse does not. (e.g. 'Option "ZAxisMapping" "4 5"'.) Note that when a keysym-mapped mouse button is clicked down this @@ -6967,31 +6593,30 @@ EndSection Q-87: How can I get my AltGr and Shift modifiers to work between keyboards for different languages? - The option [595]-modtweak should help here. It is a mode that monitors - the state of the Shift and AltGr Modifiers and tries to deduce the - correct keycode to send, possibly by sending fake modifier key presses - and releases in addition to the actual keystroke. + The option -modtweak should help here. It is a mode that monitors the + state of the Shift and AltGr Modifiers and tries to deduce the correct + keycode to send, possibly by sending fake modifier key presses and + releases in addition to the actual keystroke. Update: As of Jul/2004 -modtweak is now the default (use -nomodtweak to get the old behavior.) This was done because it was noticed on newer XFree86 setups even on bland "us" keyboards like "pc104 us" XFree86 included a "ghost" key with both "<" and ">" it. This key does - not exist on the keyboard (see [596]this FAQ for more info.) Without + not exist on the keyboard (see this FAQ for more info.) Without -modtweak there was then an ambiguity in the reverse map keysym => keycode, making it so the "<" symbol could not be typed. - Also see the [597]FAQ about the -xkb option for a more powerful method - of modifier tweaking for use on X servers with the XKEYBOARD - extension. + Also see the FAQ about the -xkb option for a more powerful method of + modifier tweaking for use on X servers with the XKEYBOARD extension. When trying to resolve keyboard mapping problems, note that the - [598]-debug_keyboard option prints out much info for every keystroke - and so can be useful debugging things. + -debug_keyboard option prints out much info for every keystroke and so + can be useful debugging things. Note that one user had a strange setup and none of the above helped. - His solution was to disable all of the above and use [599]-nomodtweak. - This is the simplest form of keystroke insertion and it actually - solved the problem. Try it if the other options don't help. + His solution was to disable all of the above and use -nomodtweak. This + is the simplest form of keystroke insertion and it actually solved the + problem. Try it if the other options don't help. Q-88: When I try to type a "<" (i.e. less than) instead I get ">" @@ -7002,10 +6627,10 @@ EndSection (e.g. pc105 in the XF86Config file when it should be something else, say pc104.) - Short Cut: Try the [600]-xkb or [601]-sloppy_keys options and see if - that helps the situation. The discussion below is a bit outdated (e.g. - [602]-modtweak is now the default) but it is useful reference for - various tricks and so is kept. + Short Cut: Try the -xkb or -sloppy_keys options and see if that helps + the situation. The discussion below is a bit outdated (e.g. -modtweak + is now the default) but it is useful reference for various tricks and + so is kept. The problem here is that on the Xserver where x11vnc is run there are @@ -7047,25 +6672,25 @@ EndSection -remap less-comma These are convenient in that they do not modify the actual X server - settings. The former ([603]-modtweak) is a mode that monitors the - state of the Shift and AltGr modifiers and tries to deduce the correct - keycode sequence to send. Since Jul/2004 -modtweak is now the default. - The latter ([604]-remap less-comma) is an immediate remapping of the - keysym less to the keysym comma when it comes in from a client (so - when Shift is down the comma press will yield "<".) + settings. The former (-modtweak) is a mode that monitors the state of + the Shift and AltGr modifiers and tries to deduce the correct keycode + sequence to send. Since Jul/2004 -modtweak is now the default. The + latter (-remap less-comma) is an immediate remapping of the keysym + less to the keysym comma when it comes in from a client (so when Shift + is down the comma press will yield "<".) - See also the [605]FAQ about the -xkb option as a possible workaround - using the XKEYBOARD extension. + See also the FAQ about the -xkb option as a possible workaround using + the XKEYBOARD extension. - Note that the [606]-debug_keyboard option prints out much info for - every keystroke to aid debugging keyboard problems. + Note that the -debug_keyboard option prints out much info for every + keystroke to aid debugging keyboard problems. Q-89: Extra Character Inserted, E.g.: When I try to type a "<" (i.e. less than) instead I get "<," (i.e. an extra comma.) This is likely because you press "Shift" then "<" but then released - the Shift key before releasing the "<". Because of a [607]keymapping + the Shift key before releasing the "<". Because of a keymapping ambiguity the last event "< up" is interpreted as "," because that key unshifted is the comma. @@ -7073,9 +6698,9 @@ EndSection characters: in general it can happen whenever the Shift key is released early. - This should not happen in [608]-xkb mode, because it works hard to - resolve the ambiguities. If you do not want to use -xkb, try the - option [609]-sloppy_keys to attempt a similar type of algorithm. + This should not happen in -xkb mode, because it works hard to resolve + the ambiguities. If you do not want to use -xkb, try the option + -sloppy_keys to attempt a similar type of algorithm. One user had this problem for Italian and German keyboards with the key containing ":" and "." When he typed ":" he would get an extra "." @@ -7103,11 +6728,11 @@ EndSection In both cases no AltGr is sent to the VNC server, but we know AltGr is needed on the physical international keyboard to type a "@". - This all worked fine with x11vnc running with the [610]-modtweak - option (it figures out how to adjust the Modifier keys (Shift or - AltGr) to get the "@".) However it fails under recent versions of - XFree86 (and the X.org fork.) These run the XKEYBOARD extension by - default and make heavy use of it to handle international keyboards. + This all worked fine with x11vnc running with the -modtweak option (it + figures out how to adjust the Modifier keys (Shift or AltGr) to get + the "@".) However it fails under recent versions of XFree86 (and the + X.org fork.) These run the XKEYBOARD extension by default and make + heavy use of it to handle international keyboards. To make a long story short, on these newer XFree86 setups the traditional X keymap lookup x11vnc uses is no longer accurate. x11vnc @@ -7120,17 +6745,17 @@ EndSection * there is a new option -xkb to use the XKEYBOARD extension API to do the Modifier key tweaking. - The [611]-xkb option seems to fix all of the missing keys: "@", "<", - ">", etc.: it is recommended that you try it if you have this sort of + The -xkb option seems to fix all of the missing keys: "@", "<", ">", + etc.: it is recommended that you try it if you have this sort of problem. Let us know if there are any remaining problems (see the next paragraph for some known problems.) If you specify the -debug_keyboard (aka -dk) option twice you will get a huge amount of keystroke debugging output (send it along with any problems you report.) - Update: as of Jun/2005 x11vnc will try to automatically enable - [612]-xkb if it appears that would be beneficial (e.g. if it sees any - of "@", "<", ">", "[" and similar keys are mapped in a way that needs - the -xkb to access them.) To disable this automatic check use -noxkb. + Update: as of Jun/2005 x11vnc will try to automatically enable -xkb if + it appears that would be beneficial (e.g. if it sees any of "@", "<", + ">", "[" and similar keys are mapped in a way that needs the -xkb to + access them.) To disable this automatic check use -noxkb. Known problems: * One user had to disable a "ghost" Mode_switch key that was causing @@ -7143,7 +6768,7 @@ EndSection was attached to keycode 93 (no physical key generates this keycode) while ISO_Level3_Shift was attached to keycode 113. The keycode skipping option was used to disable the ghost key: - [613]-skip_keycodes 93 + -skip_keycodes 93 * In implementing -xkb we noticed that some characters were still not getting through, e.g. "~" and "^". This is not really an XKEYBOARD problem. What was happening was the VNC viewer was @@ -7161,22 +6786,22 @@ EndSection What to do? In general the VNC protocol has not really solved this problem: what should be done if the VNC viewer sends a keysym not recognized by the VNC server side? Workarounds can possibly be - created using the [614]-remap x11vnc option: + created using the -remap x11vnc option: -remap asciitilde-dead_tilde,asciicircum-dead_circumflex etc. Use -remap filename if the list is long. Please send us your workarounds for this problem on your keyboard. Perhaps we can have x11vnc adjust automatically at some point. Also see the - [615]-add_keysyms option in the next paragraph. - Update: for convenience "[616]-remap DEAD" does many of these - mappings at once. - * To complement the above workaround using the [617]-remap, an - option [618]-add_keysyms was added. This option instructs x11vnc - to bind any unknown Keysyms coming in from VNC viewers to unused - Keycodes in the X server. This modifies the global state of the X - server. When x11vnc exits it removes the extra keymappings it - created. Note that the -remap mappings are applied first, right - when the Keysym is received from a VNC viewer, and only after that - would -add_keysyms, or anything else, come into play. + -add_keysyms option in the next paragraph. + Update: for convenience "-remap DEAD" does many of these mappings + at once. + * To complement the above workaround using the -remap, an option + -add_keysyms was added. This option instructs x11vnc to bind any + unknown Keysyms coming in from VNC viewers to unused Keycodes in + the X server. This modifies the global state of the X server. When + x11vnc exits it removes the extra keymappings it created. Note + that the -remap mappings are applied first, right when the Keysym + is received from a VNC viewer, and only after that would + -add_keysyms, or anything else, come into play. Update: -add_keysyms is now on by default. Use -noadd_keysyms to disable. @@ -7189,9 +6814,8 @@ EndSection Short answer: disable key autorepeating by running the command "xset r off" on the Xserver where x11vnc is run (restore via "xset r on") or - use the new (Jul/2004) [619]-norepeat x11vnc option. You will still - have autorepeating because that is taken care of on your VNC viewer - side. + use the new (Jul/2004) -norepeat x11vnc option. You will still have + autorepeating because that is taken care of on your VNC viewer side. Update: as of Dec/2004 -norepeat is now the default. Use -repeat to disable it. @@ -7213,9 +6837,9 @@ EndSection off", does the problem go away? The workaround is to manually apply "xset r off" and "xset r on" as - needed, or to use the [620]-norepeat (which has since Dec/2004 been - made the default.) Note that with X server autorepeat turned off the - VNC viewer side of the connection will (nearly always) do its own + needed, or to use the -norepeat (which has since Dec/2004 been made + the default.) Note that with X server autorepeat turned off the VNC + viewer side of the connection will (nearly always) do its own autorepeating so there is no big loss here, unless someone is also working at the physical display and misses his autorepeating. @@ -7224,7 +6848,7 @@ EndSection keystrokes!! Are you using x11vnc to log in to an X session via display manager? - (as described in [621]this FAQ) If so, x11vnc is starting before your + (as described in this FAQ) If so, x11vnc is starting before your session and it disables autorepeat when you connect, but then after you log in your session startup (GNOME, KDE, ...) could be resetting the autorepeat to be on. Or it could be something inside your desktop @@ -7285,12 +6909,12 @@ EndSection desktop manages these "warps". If the viewer is not notified it cannot know it needs to release the modifiers. - You can also use the [622]-clear_mods option to try to clear all of - the modifier keys at x11vnc startup. You will still have to be careful + You can also use the -clear_mods option to try to clear all of the + modifier keys at x11vnc startup. You will still have to be careful that you do not leave the modifier key pressed down during your session. It is difficult to prevent this problem from occurring (short - of using [623]-remap to prevent sending all of the problem modifier - keys, which would make the destkop pretty unusable.) + of using -remap to prevent sending all of the problem modifier keys, + which would make the destkop pretty unusable.) During a session these x11vnc remote control commands can also help: x11vnc -R clear_mods @@ -7302,19 +6926,19 @@ EndSection Num_Lock down. When these are locked on the remote side it can sometimes lead to strange desktop behavior (e.g. cannot drag or click on windows.) As above you may not notice this because the lock isn't - down on the local (Viewer) side. See [624]this FAQ on lock keys - problem. These options may help avoid the problem: [625]-skip_lockkeys - and [626]-capslock. See also [627]-clear_all. + down on the local (Viewer) side. See this FAQ on lock keys problem. + These options may help avoid the problem: -skip_lockkeys and + -capslock. See also -clear_all. Q-94: The machine where I run x11vnc has an AltGr key, but the local machine where I run the VNC viewer does not. Is there a way I can map a local unused key to send an AltGr? How about a Compose key as well? - Something like "[628]-remap Super_R-Mode_switch" x11vnc option may - work. Note that Super_R is the "Right Windoze(tm) Flaggie" key; you - may want to choose another. The -debug_keyboard option comes in handy - in finding keysym names (so does xev(1).) + Something like "-remap Super_R-Mode_switch" x11vnc option may work. + Note that Super_R is the "Right Windoze(tm) Flaggie" key; you may want + to choose another. The -debug_keyboard option comes in handy in + finding keysym names (so does xev(1).) For Compose how about "-remap Menu-Multi_key" (note that Multi_key is the official name for Compose.) To do both at the same time: "-remap @@ -7334,10 +6958,10 @@ EndSection Since xmodmap(1) modifies the X server mappings you may not want to do this (because it affects local work on that machine.) Something like - the [629]-remap Alt_L-Meta_L to x11vnc may be sufficient for ones - needs, and does not modify the X server environment. Note that you - cannot send Alt_L in this case, maybe -remap Super_L-Meta_L would be a - better choice if the Super_L key is typically unused in Unix. + the -remap Alt_L-Meta_L to x11vnc may be sufficient for ones needs, + and does not modify the X server environment. Note that you cannot + send Alt_L in this case, maybe -remap Super_L-Meta_L would be a better + choice if the Super_L key is typically unused in Unix. Q-96: Running x11vnc on HP-UX I cannot type "#" I just get a "3" @@ -7354,8 +6978,8 @@ EndSection and similar triple mappings (with two in the AltGr/Mode_switch group) of a keysum to a single keycode. - Use the [630]-nomodtweak option as a workaround. You can also use - xmodmap to correct these mappings in the server, e.g.: + Use the -nomodtweak option as a workaround. You can also use xmodmap + to correct these mappings in the server, e.g.: xmodmap -e "keycode 47 = 3 numbersign" Also, as of Feb/2007, set the environment variable MODTWEAK_LOWEST=1 @@ -7368,16 +6992,16 @@ EndSection This can be done directly in some X servers using AccessX and Pointer_EnableKeys, but is a bit awkward. It may be more convenient to - have x11vnc do the remapping. This can be done via the [631]-remap - option using the fake "keysyms" Button1, Button2, etc. as the "to" - keys (i.e. the ones after the "-") + have x11vnc do the remapping. This can be done via the -remap option + using the fake "keysyms" Button1, Button2, etc. as the "to" keys (i.e. + the ones after the "-") As an example, consider a laptop where the VNC viewer is run that has a touchpad with only two buttons. It is difficult to do a middle button "paste" because (using XFree86/Xorg Emulate3Buttons) you have to click both buttons on the touch pad at the same time. This remapping: - [632]-remap Super_R-Button2 + -remap Super_R-Button2 maps the Super_R "flag" key press to the Button2 click, thereby making X pasting a bit easier. @@ -7396,14 +7020,14 @@ EndSection Caps_Lock in the viewer your local machine goes into the Caps_Lock on state and sends keysym "A" say when you press "a". x11vnc will then fake things up so that Shift is held down to generate "A". The - [633]-skip_lockkeys option should help to accomplish this. For finer - grain control use something like: "[634]-remap Caps_Lock-None". + -skip_lockkeys option should help to accomplish this. For finer grain + control use something like: "-remap Caps_Lock-None". - Also try the [635]-nomodtweak and [636]-capslock options. + Also try the -nomodtweak and -capslock options. Another useful option that turns off any Lock keys on the remote side - at startup and end is the [637]-clear_all option. During a session you - can run these remote control commands to modify the Lock keys: + at startup and end is the -clear_all option. During a session you can + run these remote control commands to modify the Lock keys: x11vnc -R clear_locks x11vnc -R clear_all @@ -7431,7 +7055,7 @@ EndSection There may also be scaling viewers out there (e.g. TightVNC or UltraVNC on Windows) that automatically shrink or expand the remote framebuffer to fit the local display. Especially for hand-held devices. See also - [638]the next FAQ on x11vnc scaling. + the next FAQ on x11vnc scaling. Q-100: Does x11vnc support server-side framebuffer scaling? (E.g. to @@ -7439,10 +7063,10 @@ EndSection As of Jun/2004 x11vnc provides basic server-side scaling. It is a global scaling of the desktop, not a per-client setting. To enable it - use the "[639]-scale fraction" option. "fraction" can either be a - floating point number (e.g. -scale 0.75) or the alternative m/n - fraction notation (e.g. -scale 3/4.) Note that if fraction is greater - than one the display is magnified. + use the "-scale fraction" option. "fraction" can either be a floating + point number (e.g. -scale 0.75) or the alternative m/n fraction + notation (e.g. -scale 3/4.) Note that if fraction is greater than one + the display is magnified. Extra resources (CPU, memory I/O, and memory) are required to do the scaling. If the machine is slow where x11vnc is run with scaling @@ -7464,9 +7088,9 @@ EndSection One can also use the ":nb" with an integer scale factor (say "-scale 2:nb") to use x11vnc as a screen magnifier for vision impaired - [640]applications. Since with integer scale factors the framebuffers - become huge and scaling operations time consuming, be sure to use - ":nb" for the fastest response. + applications. Since with integer scale factors the framebuffers become + huge and scaling operations time consuming, be sure to use ":nb" for + the fastest response. In general for a scaled display if you are using a TightVNC viewer you may want to turn off jpeg encoding (e.g. vncviewer -nojpeg host:0.) @@ -7490,8 +7114,7 @@ EndSection If one desires per-client scaling for something like 1:1 from a workstation and 1:2 from a smaller device (e.g. handheld), currently the only option is to run two (or more) x11vnc processes with - different scalings listening on separate ports ([641]-rfbport option, - etc.) + different scalings listening on separate ports (-rfbport option, etc.) Update: As of May/2006 x11vnc also supports the UltraVNC server-side scaling. This is a per-client scaling by factors 1/2, 1/3, ... and so @@ -7500,19 +7123,19 @@ EndSection "-rfbversion 3.6" for this to be recognized by UltraVNC viewers. BTW, whenever you run two or more x11vnc's on the same X display and - use the [642]GUI, then to avoid all of the x11vnc's simultaneously - answering the gui you will need to use something like [643]"-connect - file1 -gui ..." with different connect files for each x11vnc you want - to control via the gui (or remote-control.) The "-connect file1" usage + use the GUI, then to avoid all of the x11vnc's simultaneously + answering the gui you will need to use something like "-connect file1 + -gui ..." with different connect files for each x11vnc you want to + control via the gui (or remote-control.) The "-connect file1" usage gives separate communication channels between a x11vnc process and the gui process. Otherwise they all share the same X property channels: VNC_CONNECT and X11VNC_REMOTE. Update: As of Mar/2005 x11vnc now scales the mouse cursor with the same scale factor as the screen. If you don't want that, use the - [644]"-scale_cursor frac" option to set the cursor scaling to a - different factor (e.g. use "-scale_cursor 1" to keep the cursor at its - natural unscaled size.) + "-scale_cursor frac" option to set the cursor scaling to a different + factor (e.g. use "-scale_cursor 1" to keep the cursor at its natural + unscaled size.) Q-101: Does x11vnc work with Xinerama? (i.e. multiple monitors joined @@ -7538,22 +7161,21 @@ EndSection screen is not rectangular (e.g. 1280x1024 and 1024x768 monitors joined together), then there will be "non-existent" areas on the screen. The X server will return "garbage" image data for these areas and so they - may be distracting to the viewer. The [645]-blackout x11vnc option - allows you to blacken-out rectangles by manually specifying their - WxH+X+Y geometries. If your system has the libXinerama library, the - [646]-xinerama x11vnc option can be used to have it automatically - determine the rectangles to be blackened out. (Note on 8bpp - PseudoColor displays the fill color may not be black.) Update: - [647]-xinerama is now on by default. + may be distracting to the viewer. The -blackout x11vnc option allows + you to blacken-out rectangles by manually specifying their WxH+X+Y + geometries. If your system has the libXinerama library, the -xinerama + x11vnc option can be used to have it automatically determine the + rectangles to be blackened out. (Note on 8bpp PseudoColor displays the + fill color may not be black.) Update: -xinerama is now on by default. Some users have reported that the mouse does not behave properly for their Xinerama display: i.e. the mouse cannot be moved to all regions - of the large display. If this happens try using the [648]-xwarppointer + of the large display. If this happens try using the -xwarppointer option. This instructs x11vnc to fake mouse pointer motions using the XWarpPointer function instead of the XTestFakeMotionEvent XTEST function. (This may be due to a bug in the X server for XTEST when - Xinerama is enabled.) Update: As of Dec/2006 [649]-xwarppointer will - be applied automatically if Xinerama is detected. To disable use: + Xinerama is enabled.) Update: As of Dec/2006 -xwarppointer will be + applied automatically if Xinerama is detected. To disable use: -noxwarppointer @@ -7575,44 +7197,44 @@ EndSection Note: if you are running on Solaris 8 or earlier you can easily hit up against the maximum of 6 shm segments per process (for Xsun in this case) from running multiple x11vnc processes. You should modify - /etc/system as mentioned in another [650]FAQ to increase the limit. It - is probably also a good idea to run with the [651]-onetile option in - this case (to limit each x11vnc to 3 shm segments), or even - [652]-noshm to use no shm segments. + /etc/system as mentioned in another FAQ to increase the limit. It is + probably also a good idea to run with the -onetile option in this case + (to limit each x11vnc to 3 shm segments), or even -noshm to use no shm + segments. Q-103: Can x11vnc show only a portion of the display? (E.g. for a special purpose application or a very large screen.) - As of Mar/2005 x11vnc has the "[653]-clip WxH+X+Y" option to select a + As of Mar/2005 x11vnc has the "-clip WxH+X+Y" option to select a rectangle of width W, height H and offset (X, Y). Thus the VNC screen will be the clipped sub-region of the display and be only WxH in size. - One user used -clip to split up a large [654]Xinerama screen into two - more managable smaller screens. + One user used -clip to split up a large Xinerama screen into two more + managable smaller screens. This also works to view a sub-region of a single application window if - the [655]-id or [656]-sid options are used. The offset is measured - from the upper left corner of the selected window. + the -id or -sid options are used. The offset is measured from the + upper left corner of the selected window. Q-104: Does x11vnc support the XRANDR (X Resize, Rotate and Reflection) extension? Whenever I rotate or resize the screen x11vnc just seems to crash. - As of Dec/2004 x11vnc supports XRANDR. You enable it with the - [657]-xrandr option to make x11vnc monitor XRANDR events and also trap - X server errors if the screen change occurred in the middle of an X - call like XGetImage. Once it traps the screen change it will create a - new framebuffer using the new screen. + As of Dec/2004 x11vnc supports XRANDR. You enable it with the -xrandr + option to make x11vnc monitor XRANDR events and also trap X server + errors if the screen change occurred in the middle of an X call like + XGetImage. Once it traps the screen change it will create a new + framebuffer using the new screen. If the connected vnc viewers support the NewFBSize VNC extension (Windows TightVNC viewer and RealVNC 4.0 windows and Unix viewers do) then the viewer will automatically resize. Otherwise, the new framebuffer is fit as best as possible into the original viewer size (portions of the screen may be clipped, unused, etc.) For these - viewers you can try the [658]-padgeom option to make the region big - enough to hold all resizes and rotations. We have fixed this problem - for the TightVNC Viewer on Unix: [659]SSVNC + viewers you can try the -padgeom option to make the region big enough + to hold all resizes and rotations. We have fixed this problem for the + TightVNC Viewer on Unix: SSVNC If you specify "-xrandr newfbsize" then vnc viewers that do not support NewFBSize will be disconnected before the resize. If you @@ -7624,8 +7246,8 @@ EndSection reflect the screen that the VNC viewers see? (e.g. for a handheld whose screen is rotated 90 degrees.) - As of Jul/2006 there is the [660]-rotate option allow this. E.g's: - "-rotate +90", "-rotate -90", "-rotate x", etc. + As of Jul/2006 there is the -rotate option allow this. E.g's: "-rotate + +90", "-rotate -90", "-rotate x", etc. Q-106: Why is the view in my VNC viewer completely black? Or why is @@ -7689,21 +7311,21 @@ EndSection This may be a bug in kdesktop_lock. For now the only workaround is to disable the screensaver. You can try using another one such as - straight xscreensaver (see the instructions [661]here for how to - disable kdesktop_lock.) If you have more info on this or see it - outside of KDE please let us know. + straight xscreensaver (see the instructions here for how to disable + kdesktop_lock.) If you have more info on this or see it outside of KDE + please let us know. Update: It appears this is due to kdesktop_lock enabling the screen saver when the Monitor is in DPMS low-power state (e.g. standby, - suspend, or off.) In Nov/2006 the x11vnc [662]-nodpms option was added - as a workaround. Normally it is a good thing that the monitor powers - down (since x11vnc can still poll the framebuffer in this state), but - if you experience the kdesktop_lock problem you can specify the - "-nodpms" option to keep the Monitor out of low power state while VNC - clients are connected. This is basically the same as typing "xset dpms - force on" periodically. (if you don't want to do these things just - disable the screensaver.) Feel free to file a bug against - kdesktop_lock with KDE. + suspend, or off.) In Nov/2006 the x11vnc -nodpms option was added as a + workaround. Normally it is a good thing that the monitor powers down + (since x11vnc can still poll the framebuffer in this state), but if + you experience the kdesktop_lock problem you can specify the "-nodpms" + option to keep the Monitor out of low power state while VNC clients + are connected. This is basically the same as typing "xset dpms force + on" periodically. (if you don't want to do these things just disable + the screensaver.) Feel free to file a bug against kdesktop_lock with + KDE. Q-110: I am running the beryl 3D window manager (or compiz, MythTv, Google Earth, or some other OpenGL app) and I do not get screen @@ -7711,16 +7333,16 @@ EndSection This appears to be because the 3D OpenGL/GLX hardware screen updates do not get reported via the XDAMAGE mechanism. So this is a bug in - [663]beryl/compiz or XDAMAGE/Xorg or the (possibly 3rd party) video - card driver. + beryl/compiz or XDAMAGE/Xorg or the (possibly 3rd party) video card + driver. - As a workaround apply the [664]-noxdamage option. As of Feb/2007 - x11vnc will try to autodetect the problem and disable XDAMAGE if is - appears to be missing a lot of updates. But if you know you are using - beryl you might as well always supply -noxdamage. Thanks to [665]this - user who reported the problem and discovered the workaround. + As a workaround apply the -noxdamage option. As of Feb/2007 x11vnc + will try to autodetect the problem and disable XDAMAGE if is appears + to be missing a lot of updates. But if you know you are using beryl + you might as well always supply -noxdamage. Thanks to this user who + reported the problem and discovered the workaround. - A developer for [666]MiniMyth reports that the 'alphapulse' tag of the + A developer for MiniMyth reports that the 'alphapulse' tag of the theme G.A.N.T. can also cause problems, and should be avoided when using VNC. @@ -7740,10 +7362,10 @@ EndSection * Fullscreen mode The way VMWare does Fullscreen mode on Linux is to display the Guest - desktop in a separate Virtual Terminal (e.g. VT 8) (see [667]this FAQ - on VT's for background.) Unfortunately, this Fullscreen VT is not an X - server. So x11vnc cannot access it (however, [668]see this discussion - of -rawfb for a possible workaround.) x11vnc works fine with "Normal X + desktop in a separate Virtual Terminal (e.g. VT 8) (see this FAQ on + VT's for background.) Unfortunately, this Fullscreen VT is not an X + server. So x11vnc cannot access it (however, see this discussion of + -rawfb for a possible workaround.) x11vnc works fine with "Normal X application window" and "Quick-Switch mode" because these use X. Update: It appears the in VMWare 5.x the Fullscreen mode is X, so @@ -7763,13 +7385,13 @@ EndSection improve response. One can also cut the display depth (e.g. to 16bpp) in this 2nd X session to improve video performance. This 2nd X session emulates Fullscreen mode to some degree and can be viewed via x11vnc - as long as the VMWare X session [669]is in the active VT. + as long as the VMWare X session is in the active VT. Also note that with a little bit of playing with "xwininfo -all -children" output one can extract the (non-toplevel) window-id of the of the Guest desktop only when VMWare is running as a normal X application. Then one can export just the guest desktop (i.e. without - the VMWare menu buttons) by use of the [670]-id windowid option. The + the VMWare menu buttons) by use of the -id windowid option. The caveats are the X session VMWare is in must be in the active VT and the window must be fully visible, so this mode is not terribly convenient, but could be useful in some circumstances (e.g. running @@ -7785,11 +7407,11 @@ EndSection controlled) via VNC with x11vnc? As of Apr/2005 there is support for this. Two options were added: - "[671]-rawfb string" (to indicate the raw frame buffer device, file, - etc. and its parameters) and "[672]-pipeinput command" (to provide an - external program that will inject or otherwise process mouse and - keystroke input.) Some useful [673]-pipeinput schemes, VID, CONSOLE, - and UINPUT, have since been built into x11vnc for convenience. + "-rawfb string" (to indicate the raw frame buffer device, file, etc. + and its parameters) and "-pipeinput command" (to provide an external + program that will inject or otherwise process mouse and keystroke + input.) Some useful -pipeinput schemes, VID, CONSOLE, and UINPUT, have + since been built into x11vnc for convenience. This non-X mode for x11vnc is somewhat experimental because it is so removed in scope from the intended usage of the tool. Incomplete @@ -7828,9 +7450,9 @@ EndSection access method.) Only use file if map isn't working. BTW, "mmap" is an alias for "map" and if you do not supply a type and the file exists, map is assumed (see the -help output and below for some exceptions to - this.) The "snap:" setting applies the [674]-snapfb option with - "file:" type reading (this is useful for exporting webcams or TV tuner - video; see [675]the next FAQ for more info.) + this.) The "snap:" setting applies the -snapfb option with "file:" + type reading (this is useful for exporting webcams or TV tuner video; + see the next FAQ for more info.) Also, if the string is of the form "setup:cmd" then cmd is run and the first line of its output retrieved and used as the rawfb string. This @@ -7875,8 +7497,8 @@ EndSection screen to either shm or a mapped file. The format of these is XWD and so the initial header should be skipped. BTW, since XWD is not strictly RGB the view will only be approximate, but usable. Of course - for the case of Xvfb x11vnc can poll it much better via the [676]X - API, but you get the idea. + for the case of Xvfb x11vnc can poll it much better via the X API, but + you get the idea. By default in -rawfb mode x11vnc will actually close any X display it happened to open. This is basically to shake out bugs (e.g it will @@ -7906,25 +7528,25 @@ minal #2) tty1-tty6), or X graphical display (usually starting at tty7.) In addition to the text console other graphical ones may be viewed and interacted with as well, e.g. DirectFB or SVGAlib apps, VMWare non-X - fullscreen, or [677]Qt-embedded apps (PDAs/Handhelds.) By default the + fullscreen, or Qt-embedded apps (PDAs/Handhelds.) By default the pipeinput mechanisms UINPUT and CONSOLE (keystrokes only) are automatically attempted in this mode under "-rawfb console". The Video4Linux Capture device, /dev/video0, etc is either a Webcam or a TV capture device and needs to have its driver enabled in the - kernel. See [678]this FAQ for details. If specified via "-rawfb Video" - then the pipeinput method "VID" is applied (it lets you change video + kernel. See this FAQ for details. If specified via "-rawfb Video" then + the pipeinput method "VID" is applied (it lets you change video parameters dynamically via keystrokes.) The last two, /dev/urandom and /dev/zero are just for fun, but are also useful in testing. - All of the above [679]-rawfb options are just for viewing the raw + All of the above -rawfb options are just for viewing the raw framebuffer (although some of the aliases do imply keystroke and mouse pipeinput methods.) That may be enough for certain applications of - this feature (e.g. suppose a [680]video camera mapped its framebuffer - into memory and you just wanted to look at it via VNC.) + this feature (e.g. suppose a video camera mapped its framebuffer into + memory and you just wanted to look at it via VNC.) To handle the pointer and keyboard input from the viewer users the "-pipeinput cmd" option was added to indicate a helper program to process the user input. The input is streamed to it and looks @@ -7961,8 +7583,8 @@ minal #2) keystrokes into the Linux console (e.g. the virtual consoles: /dev/tty1, /dev/tty2, etc) in x11vnc/misc/vcinject.pl. It is based on the vncterm/LinuxVNC.c program also in the libvncserver CVS. So to - view and interact with VT #2 (assuming it is the [681]active VT) one - can run something like: + view and interact with VT #2 (assuming it is the active VT) one can + run something like: x11vnc -rawfb map:/dev/fb0@1024x768x16 -pipeinput './vcinject.pl 2' This assumes your Linux framebuffer device (/dev/fb0) is properly @@ -8015,10 +7637,9 @@ minal #2) really want to view and interact with the Linux Text console it is better to use the more accurate and faster LinuxVNC program. The advantage x11vnc -rawfb might have is that it can allow interaction - with a non-text application, e.g. one based on SVGAlib or - [682]Qt-embedded Also, for example the [683]VMWare Fullscreen mode is - actually viewable under -rawfb and can be interacted with if uinput is - enabled. + with a non-text application, e.g. one based on SVGAlib or Qt-embedded + Also, for example the VMWare Fullscreen mode is actually viewable + under -rawfb and can be interacted with if uinput is enabled. If the Linux uinput driver is available then full keystroke and mouse input into the Linux console can be performed. You may be able to @@ -8081,10 +7702,10 @@ minal #2) Q-114: Can I export via VNC a Webcam or TV tuner framebuffer using x11vnc? - Yes, this is possible to some degree with the [684]-rawfb option. - There is no X11 involved: snapshots from the video capture device are - used for the screen image data. See the [685]previous FAQ on -rawfb - for background. For best results, use x11vnc version 0.8.1 or later. + Yes, this is possible to some degree with the -rawfb option. There is + no X11 involved: snapshots from the video capture device are used for + the screen image data. See the previous FAQ on -rawfb for background. + For best results, use x11vnc version 0.8.1 or later. Roughly, one would do something like this: x11vnc -rawfb snap:/dev/video@320x240x32 @@ -8095,10 +7716,10 @@ minal #2) snapshot to a file that you point -rawfb to; ask me if it is not clear what to do.) - The "snap:" enforces [686]-snapfb mode which appears to be necessary. - The read pointer for video capture devices cannot be repositioned - (which would be needed for scanline polling), but you can read a full - frame of data from the device. + The "snap:" enforces -snapfb mode which appears to be necessary. The + read pointer for video capture devices cannot be repositioned (which + would be needed for scanline polling), but you can read a full frame + of data from the device. On Linux, if the Video4Linux API is present or the v4l-info(1) program (related to xawtv) exists in in PATH, then x11vnc can be instructed to @@ -8117,16 +7738,15 @@ minal #2) Many video4linux drivers tend to set the framebuffer to be 24bpp (as opposed to 32bpp.) Since this can cause problems with VNC viewers, - etc, the [687]-24to32 option will be automatically imposed when in - 24bpp. + etc, the -24to32 option will be automatically imposed when in 24bpp. Note that by its very nature, video capture involves rapid change in the framebuffer. This is especially true for cameras where slight wavering in brightness is always happening. This can lead to much network bandwidth consumption for the VNC traffic and also local CPU and I/O resource usage. You may want to experiment with "dialing down" - the framerate via the [688]-wait, [689]-slow_fb, or [690]-defer - options. Decreasing the window size and bpp also helps. + the framerate via the -wait, -slow_fb, or -defer options. Decreasing + the window size and bpp also helps. Setting Camera/Tuner parameters via x11vnc: @@ -8214,7 +7834,7 @@ minal #2) format to HI240, RGB565, RGB24, RGB32, RGB555, and GREY respectively. See -rawfb video for details. - See also the [691]-freqtab option to supply your own xawtv channel to + See also the -freqtab option to supply your own xawtv channel to frequency mappings for your country (only ntsc-cable-us is built into x11vnc.) @@ -8223,10 +7843,10 @@ minal #2) running on my handheld or PC using the Linux console framebuffer (i.e. not X11)? - Yes, the basic method for this is the [692]-rawfb scheme where the - Linux console framebuffer (usually /dev/fb0) is polled and the uinput - driver is used to inject keystrokes and mouse input. Often you will - just have to type: + Yes, the basic method for this is the -rawfb scheme where the Linux + console framebuffer (usually /dev/fb0) is polled and the uinput driver + is used to inject keystrokes and mouse input. Often you will just have + to type: x11vnc -rawfb console (you may need to enable the uinput driver on the system via "modprobe @@ -8236,8 +7856,7 @@ minal #2) x11vnc -rawfb /dev/fb0@640x480x16 Also, to force usage of the uinput injection method use "-pipeinput - UINPUT". See the [693]-pipeinput description for tunable parameters, - etc. + UINPUT". See the -pipeinput description for tunable parameters, etc. One problem with the x11vnc uinput scheme is that it cannot guess the mouse motion "acceleration" used by the windowing application (e.g. @@ -8252,9 +7871,9 @@ minal #2) Even with the correct acceleration setting there is still some drift (probably because of the mouse threshold where the acceleration kicks in) and so x11vnc needs to reposition the cursor from 0,0 about 5 - times a second. See the [694]-pipeinput UINPUT option for tuning - parameters that can be set (there are some experimental thresh=N - tuning parameters as well) + times a second. See the -pipeinput UINPUT option for tuning parameters + that can be set (there are some experimental thresh=N tuning + parameters as well) Currently, one can expect mouse input to be a little flakey. All in all, the Linux framebuffer input mechanism for Qt-embedded framebuffer @@ -8287,8 +7906,8 @@ minal #2) Q-116: Now that non-X11 devices can be exported via VNC using x11vnc, can I build it with no dependencies on X11 header files and libraries? - Yes, as of Jul/2006 x11vnc enables building for [695]-rawfb only - support. Just do something like when building: + Yes, as of Jul/2006 x11vnc enables building for -rawfb only support. + Just do something like when building: ./configure --without-x (plus any other flags) make @@ -8303,13 +7922,13 @@ minal #2) Yes, since Nov/2006 in the development tree (x11vnc-0.8.4 tarball) there is support for native Mac OS X Aqua/Quartz displays using the - [696]-rawfb mechanism described above. The mouse and keyboard input is + -rawfb mechanism described above. The mouse and keyboard input is achieved via Mac OS X API's. - So you can use x11vnc as an alternative to [697]OSXvnc (aka Vine - Server), or [698]Apple Remote Desktop (ARD). Perhaps there is some - x11vnc feature you'd like to use on Mac OS X, etc. For a number of - activities (e.g. window drags) it seems to be faster than OSXvnc. + So you can use x11vnc as an alternative to OSXvnc (aka Vine Server), + or Apple Remote Desktop (ARD). Perhaps there is some x11vnc feature + you'd like to use on Mac OS X, etc. For a number of activities (e.g. + window drags) it seems to be faster than OSXvnc. Notes: @@ -8317,7 +7936,7 @@ minal #2) (XDarwin) running on Mac OS X (people often install this software to display remote X11 apps on their Mac OS X system, or use some old favorites locally such as xterm.) However in this case x11vnc will - only work reasonably in single window [699]-id windowid mode (and the + only work reasonably in single window -id windowid mode (and the window may need to have mouse focus.) If you do not have the DISPLAY env. variable set, x11vnc will assume @@ -8335,10 +7954,9 @@ minal #2) ./configure --without-x make - Win2VNC/x2vnc: One handy use is to use the [700]-nofb mode to - redirect mouse and keyboard input to a nearby Mac (i.e. one to the - side of your desk) via [701]x2vnc or Win2VNC. See [702]this FAQ for - more info. + Win2VNC/x2vnc: One handy use is to use the -nofb mode to redirect + mouse and keyboard input to a nearby Mac (i.e. one to the side of your + desk) via x2vnc or Win2VNC. See this FAQ for more info. Options: Here are the Mac OS X specific x11vnc options: -macnodim For the native Mac OS X server, disable dimming. @@ -8411,13 +8029,13 @@ rm -f $tmp performance for the case of a large number of simultaneous VNC viewers (e.g. classroom broadcasting or a large demo)? - Yes, as of Feb/2007 there is the "[703]-reflect host:N" option to - connect to the VNC server "host:N" (either another x11vnc or any other - VNC server) and re-export it. VNC viewers then connect to the - x11vnc(s) running -reflect. + Yes, as of Feb/2007 there is the "-reflect host:N" option to connect + to the VNC server "host:N" (either another x11vnc or any other VNC + server) and re-export it. VNC viewers then connect to the x11vnc(s) + running -reflect. The -reflect option is the same as: "-rawfb vnc:host:N". See the - [704]-rawfb description under "VNC HOST" for more details. + -rawfb description under "VNC HOST" for more details. You can replace "host:N" with "listen" or "listen:port" for reverse connections. @@ -8478,19 +8096,19 @@ rm -f $tmp re-exports via VNC to its clients C.) However, CopyRect and CursorShape encodings are preserved in the reflection and that helps. Dragging windows with the mouse can be a problem (especially if S is - not doing wireframing somehow, consider [705]-nodragging if the - problem is severe) For a really fast reflector/repeater it would have - to be implemented from scratch with performance in mind. See these - other projects: - [706]http://sourceforge.net/projects/vnc-reflector/, - [707]http://www.tightvnc.com/projector/ (closed source?), + not doing wireframing somehow, consider -nodragging if the problem is + severe) For a really fast reflector/repeater it would have to be + implemented from scratch with performance in mind. See these other + projects: + http://sourceforge.net/projects/vnc-reflector/, + http://www.tightvnc.com/projector/ (closed source?), Automation via Reverse Connections: Instead of having the R's connect directly to S and then the C's connect directly to the R they should use, some convenience can be achieved by using reverse - connections (the x11vnc "[708]"-connect host1,host2,..." option.) - Suppose all the clients "C" are started up in Listen mode: + connections (the x11vnc ""-connect host1,host2,..." option.) Suppose + all the clients "C" are started up in Listen mode: client1> vncviewer -listen client2> vncviewer -listen client3> vncviewer -listen @@ -8548,7 +8166,7 @@ rm -f $tmp If the Solaris install is an older X-based one, there will be a menu for you to get a terminal window. From that window you might be able to retrieve x11vnc.static via wget, scp, or ftp. Remember to do "chmod - 755 ./x11vnc.static" and then find the -auth file as in [709]this FAQ. + 755 ./x11vnc.static" and then find the -auth file as in this FAQ. If it is a Linux install that uses an X server (e.g. SuSE and probably Fedora), then you can often get a shell by pressing Ctrl-Alt-F2 or @@ -8557,8 +8175,8 @@ rm -f $tmp wget http://192.168.0.22/x11vnc.static chmod 755 ./x11vnc.static - Find the name of the auth file as in [710]this FAQ. (maybe run "ps - wwaux | grep auth".) Then run it like this: + Find the name of the auth file as in this FAQ. (maybe run "ps wwaux | + grep auth".) Then run it like this: ./x11vnc.static -forever -nopw -display :0 -auth /tmp/wherever/the/authfile then press Alt-F7 to go back to the X install. You should now be able @@ -8566,7 +8184,7 @@ rm -f $tmp the display being :1, etc. If there is a firewall blocking incoming connections during the - install, use the [711]"-connect hostname" option option for a reverse + install, use the "-connect hostname" option option for a reverse connection to the hostname running the VNC viewer in listen mode. Debian based installs are either console-text or console-framebuffer @@ -8628,7 +8246,7 @@ rm -f $tmp as 'for power users' or 'an Easter Egg'. As soon as text is highlighted it is set to the PRIMARY selection and so it is immediately ready for pasting, usually via the Middle Mouse Button or - "Shift+Insert". See [712]this jwz link for more information. + "Shift+Insert". See this jwz link for more information. x11vnc's default behavior is to watch both CLIPBOARD and PRIMARY and whenever one of them changes, it sends the new text to connected @@ -8645,18 +8263,18 @@ rm -f $tmp You may not like these defaults. Here are ways to change the behavior: * If you don't want the Clipboard/Selection exchanged at all use the - [713]-nosel option. - * If you want changes in PRIMARY to be ignored use the - [714]-noprimary option. + -nosel option. + * If you want changes in PRIMARY to be ignored use the -noprimary + option. * If you want changes in CLIPBOARD to be ignored use the - [715]-noclipboard option. + -noclipboard option. * If you don't want x11vnc to set PRIMARY to the "CutText" received - from viewers use the [716]-nosetprimary option. + from viewers use the -nosetprimary option. * If you don't want x11vnc to set CLIPBOARD to the "CutText" - received from viewers use the [717]-nosetclipboard option. + received from viewers use the -nosetclipboard option. - You can also fine-tune it a bit with the [718]-seldir dir option and - also [719]-input. + You can also fine-tune it a bit with the -seldir dir option and also + -input. You may need to watch out for desktop utilities such as KDE's "Klipper" that do odd things with the selection, clipboard, and @@ -8668,8 +8286,8 @@ rm -f $tmp Yes, it is possible with a number of tools that record VNC and transform it to swf format or others. One such popular tool is - [720]pyvnc2swf. There are a number of [721]tutorials (broken link?) on - how to do this. Another option is to use the vnc2mpg that comes in the + pyvnc2swf. There are a number of tutorials (broken link?) on how to do + this. Another option is to use the vnc2mpg that comes in the LibVNCServer package. An important thing to remember when doing this is that tuning parameters should be applied to x11vnc to speed up its polling for @@ -8683,11 +8301,11 @@ rm -f $tmp (and Windows viewers only support filetransfer it appears... but they do work to some degree under Wine on Linux.) - The [722]SSVNC Unix VNC viewer supports UltraVNC file transfer by use - of a Java helper program. + The SSVNC Unix VNC viewer supports UltraVNC file transfer by use of a + Java helper program. TightVNC file transfer is off by default, if you want to enable it use - the [723]-tightfilexfer option. + the -tightfilexfer option. UltraVNC file transfer is off by default, to enable it use something like "-rfbversion 3.6 -permitfiletransfer" @@ -8710,7 +8328,7 @@ rm -f $tmp IMPORTANT: please understand if -ultrafilexfer or -tightfilexfer is specified and you run x11vnc as root for, say, inetd or display manager (gdm, kdm, ...) access and you do not have it switch users via - the [724]-users option, then VNC Viewers that connect are able to do + the -users option, then VNC Viewers that connect are able to do filetransfer reads and writes as *root*. The UltraVNC and TightVNC settings can be toggled on and off inside @@ -8729,7 +8347,7 @@ rm -f $tmp these extensions you will need to supply this option to x11vnc: -rfbversion 3.6 - Or use [725]-ultrafilexfer which is an alias for the above option and + Or use -ultrafilexfer which is an alias for the above option and "-permitfiletransfer". UltraVNC evidently treats any other RFB version number as non-UltraVNC. @@ -8741,18 +8359,17 @@ rm -f $tmp * 1/n Server Scaling * rfbEncodingUltra compression encoding - The [726]SSVNC Unix VNC viewer supports these UltraVNC extensions. + The SSVNC Unix VNC viewer supports these UltraVNC extensions. - To disable SingleWindow and ServerInput use [727]-noultraext (the - others are managed by LibVNCServer.) See this option too: - [728]-noserverdpms. + To disable SingleWindow and ServerInput use -noultraext (the others + are managed by LibVNCServer.) See this option too: -noserverdpms. - Also, the [729]UltraVNC repeater proxy is supported for use with - reverse connections: "[730]-connect repeater://host:port+ID:NNNN". Use - it for both plaintext and SSL connections. This mode can send any - string before switching to the VNC protocol, and so could be used with - other proxy/gateway tools. Also, a perl repeater implemention is here: - [731]ultravnc_repeater.pl + Also, the UltraVNC repeater proxy is supported for use with reverse + connections: "-connect repeater://host:port+ID:NNNN". Use it for both + plaintext and SSL connections. This mode can send any string before + switching to the VNC protocol, and so could be used with other + proxy/gateway tools. Also, a perl repeater implemention is here: + ultravnc_repeater.pl Q-124: Can x11vnc emulate UltraVNC's Single Click helpdesk mode for @@ -8760,12 +8377,12 @@ rm -f $tmp reverse vnc connection from their Unix desktop to a helpdesk operator's VNC Viewer. - Yes, UltraVNC's [732]Single Click (SC) mode can be emulated fairly - well on Unix. + Yes, UltraVNC's Single Click (SC) mode can be emulated fairly well on + Unix. We use the term "helpdesk" below, but it could be any sort of remote assistance you want to set up, e.g. something for Unix-using friends - or family to use. This includes [733]Mac OS X. + or family to use. This includes Mac OS X. Assume you create a helpdesk directory "hd" on your website: http://www.mysite.com/hd (any website that you can upload files to @@ -8821,8 +8438,8 @@ chmod 755 ./x11vnc # platform, use $webhost/`uname`/x11vnc So I guess this is about 3-4 clicks (start a terminal and paste) and pressing "Enter" instead of "single click"... - See [734]this page for some variations on this method, e.g. how to add - a password, SSL Certificates, etc. + See this page for some variations on this method, e.g. how to add a + password, SSL Certificates, etc. If you don't have a website (there are many free ones) or don't want @@ -8833,22 +8450,27 @@ chmod 755 ./x11vnc # platform, use $webhost/`uname`/x11vnc A bit of obscurity security could be put in with a -passwd, -rfbauth options, etc. (note that x11vnc will require a password even for - reverse connections.) More info [735]here. + reverse connections.) More info here. Firewalls: If the helpdesk (you) with the vncviewer is behind a - NAT/Firewall/Router the [736]router will have to be configured to - redirect a port (i.e. 5500 or maybe different one if you like) to the - vncviewer machine. If the vncviewer machine also has its own - host-level firewall, you will have to open up the port there as well. + NAT/Firewall/Router the router will have to be configured to redirect + a port (i.e. 5500 or maybe different one if you like) to the vncviewer + machine. If the vncviewer machine also has its own host-level + firewall, you will have to open up the port there as well. NAT-2-NAT: There is currently no way to go "NAT-2-NAT", i.e. both User and Helpdesk workstations behind NAT'ing Firewall/Routers without configuring a router to do a port redirection (i.e. on your side, the HelpDesk.) To avoid modifying either firewall/router, one would need some public (IP address reachable on the internet) redirection/proxy - service. Perhaps such a thing exists. [737]http://sc.uvnc.com provides - this service for their UltraVNC Single Click users. + service. Perhaps such a thing exists. http://sc.uvnc.com provides this + service for their UltraVNC Single Click users. + + Update: It may be possible to do "NAT-2-NAT" with a UDP tunnel such as + http://samy.pl/pwnat/. All that is required is that both NAT firewalls + allow in UDP packets from an IP address to which a UDP packet has + recently been sent to. If you try it out let us know how it went. Very Naive Users: @@ -8883,8 +8505,8 @@ chmod 755 ./x11vnc # platform, use $webhost/`uname`/x11vnc As of Apr/2007 x11vnc supports reverse connections in SSL and so we can do this. On the Helpdesk side (Viewer) you will need STUNNEL or - better use the [738]Enhanced TightVNC Viewer (SSVNC) package we - provide that automates all of the SSL for you. + better use the Enhanced TightVNC Viewer (SSVNC) package we provide + that automates all of the SSL for you. To do this create a file named "vncs" in the website "hd" directory containing the following: @@ -8913,11 +8535,11 @@ chmod 755 ./x11vnc # platform, use $webhost/`uname`/x11vnc with the hostnames or IP addresses customized to your case. - The only change from the "vnc" above is the addition of the [739]-ssl + The only change from the "vnc" above is the addition of the -ssl option to x11vnc. This will create a temporary SSL cert: openssl(1) will need to be installed on the user's end. A fixed SSL cert file could be used to avoid this (and provide some authentication; more - info [740]here.) + info here.) The naive user will be doing this: wget -qO - http://www.mysite.com/hd/vncs | sh - @@ -8926,11 +8548,10 @@ chmod 755 ./x11vnc # platform, use $webhost/`uname`/x11vnc But before that, the helpdesk operator needs to have "vncviewer -listen" running as before, however he needs an SSL tunnel at his end. - The easiest way to do this is use [741]Enhanced TightVNC Viewer - (SSVNC). Start it, and select Options -> 'Reverse VNC Connection - (-listen)'. Then UN-select 'Verify All Certs' (this can be enabled - later if you want; you'll need the x11vnc SSL certificate), and click - 'Listen'. + The easiest way to do this is use Enhanced TightVNC Viewer (SSVNC). + Start it, and select Options -> 'Reverse VNC Connection (-listen)'. + Then UN-select 'Verify All Certs' (this can be enabled later if you + want; you'll need the x11vnc SSL certificate), and click 'Listen'. If you don't want to use SSVNC for the viewer, but rather set up STUNNEL manually instead, make a file "stunnel.cfg" containing: @@ -8956,9 +8577,9 @@ connect = localhost:5501 answer the prompts with whatever you want; you can take the default for all of them if you like. The openssl(1) package must be installed. - See [742]this link and [743]this one too for more info on SSL certs. - This creates $HOME/.vnc/certs/server-self:mystunnel.pem, then you - would change the "stunnel.cfg" to look something like: + See this link and this one too for more info on SSL certs. This + creates $HOME/.vnc/certs/server-self:mystunnel.pem, then you would + change the "stunnel.cfg" to look something like: foreground = yes pid = cert = /home/myusername/.vnc/certs/server-self:mystunnel.pem @@ -8976,8 +8597,7 @@ connect = localhost:5501 Of course if a man-in-the-middle can alter what the user downloads then all bets are off!. - More SSL variations and info about certificates can be found - [744]here. + More SSL variations and info about certificates can be found here. OpenSSL libssl.so.0.9.7 problems: @@ -8987,7 +8607,7 @@ connect = localhost:5501 distros are currently a bit of a mess regarding which version of libssl is installed. - You will find the [745]details here. + You will find the details here. Q-125: Can I (temporarily) mount my local (viewer-side) Windows/Samba @@ -8996,7 +8616,7 @@ connect = localhost:5501 You will have to use an external network redirection for this. Filesystem mounting is not part of the VNC protocol. - We show a simple [746]Samba example here. + We show a simple Samba example here. First you will need a tunnel to redirect the SMB requests from the remote machine to the one you sitting at. We use an ssh tunnel: @@ -9036,8 +8656,8 @@ d,ip=127.0.0.1,port=1139 far-away> smbumount /home/fred/smb-haystack-pub At some point we hope to fold some automation for SMB ssh redir setup - into the [747]Enhanced TightVNC Viewer (SSVNC) package we provide (as - of Sep 2006 it is there for testing.) + into the Enhanced TightVNC Viewer (SSVNC) package we provide (as of + Sep 2006 it is there for testing.) Q-126: Can I redirect CUPS print jobs from the remote desktop where @@ -9046,7 +8666,7 @@ d,ip=127.0.0.1,port=1139 You will have to use an external network redirection for this. Printing is not part of the VNC protocol. - We show a simple Unix to Unix [748]CUPS example here. Non-CUPS port + We show a simple Unix to Unix CUPS example here. Non-CUPS port redirections (e.g. LPD) should also be possible, but may be a bit more tricky. If you are viewing on Windows SMB and don't have a local cups server it may be trickier still (see below.) @@ -9128,8 +8748,8 @@ d,ip=127.0.0.1,port=1139 "localhost". At some point we hope to fold some automation for CUPS ssh redir setup - into the [749]Enhanced TightVNC Viewer (SSVNC) package we provide (as - of Sep 2006 it is there for testing.) + into the Enhanced TightVNC Viewer (SSVNC) package we provide (as of + Sep 2006 it is there for testing.) Q-127: How can I hear the sound (audio) from the remote applications @@ -9229,8 +8849,8 @@ or: the applications will fail to run because LD_PRELOAD will point to libraries of the wrong wordsize. * At some point we hope to fold some automation for esd or artsd ssh - redir setup into the [750]Enhanced TightVNC Viewer (SSVNC) package - we provide (as of Sep/2006 it is there for testing.) + redir setup into the Enhanced TightVNC Viewer (SSVNC) package we + provide (as of Sep/2006 it is there for testing.) Q-128: Why don't I hear the "Beeps" in my X session (e.g. when typing @@ -9241,28 +8861,39 @@ or: in Solaris, see Xserver(1) for how to turn it on via +kb), and so you won't hear them if the extension is not present. - If you don't want to hear the beeps use the [751]-nobell option. If - you want to hear the audio from the remote applications, consider - trying a [752]redirector such as esd. + If you don't want to hear the beeps use the -nobell option. If you + want to hear the audio from the remote applications, consider trying a + redirector such as esd. Q-129: Does x11vnc work with IPv6? - Currently the only way to do this is via a separate helper program - such as [753]inetd. You configure x11vnc to be run from inetd or - xinetd and instruct it to listen on an IPv6 address. For xinetd the - setting "flags = IPv6" will be needed. For inetd.conf, for example: + Update: as of Apr/2010 in the 0.9.10 x11vnc development tarball, there + is now some built-in support for IPv6 (128 bit internet addresses.) + See the -6 and -connect options for details. + + The remainder of this FAQ entry shows how to do with this with pre + 0.9.10 x11vnc using IPv6 helper tools. + _________________________________________________________________ + + Using an external IPv6 helper: + A way to do this is via a separate helper program such as inetd (or + for encrypted connections: ssh or stunnel.) For example, you configure + x11vnc to be run from inetd or xinetd and instruct it to listen on an + IPv6 address. For xinetd the setting "flags = IPv6" will be needed. + For inetd.conf, an example is: 5900 stream tcp6 nowait root /usr/sbin/tcpd /usr/local/bin/x11vnc_wrapper.sh - We also provide a transitional tool in "[754]x11vnc/misc/inet6to4" - that acts as a relay for any IPv4 application to allow connections - over IPv6. For example: + We also provide a transitional tool in "x11vnc/misc/inet6to4" that + acts as a relay for any IPv4 application to allow connections over + IPv6. For example: inet6to4 5900 localhost:5900 where x11vnc is listening on IPv4 port 5900. Also note that not all VNC Viewers are IPv6 enabled, so a redirector - may also be needed for them. "inet6to4 -r ..." can do this as well. + may also be needed for them. The tool "inet6to4 -r ..." can do this as + well. SSVNC (see below) supports IPv6 without need for the helper. # ./inet6to4 -help @@ -9291,6 +8922,41 @@ or: The "INET6TO4_LOOP=BG" and "INET6TO4_LOGFILE=..." env. variables make the tool run reliably as a daemon for very long periods. Read the top part of the script for more information. + _________________________________________________________________ + + Encrypted Tunnels with IPv6 Support: + For SSH tunnelled encrypted VNC connections, one can of course use the + IPv6 support in ssh(1). + + For SSL encrypted VNC connections, one possibility is to use the IPv6 + support in stunnel(1). This includes the built-in support via the + -stunnel option. For example: + x11vnc -stunnel SAVE -env STUNNEL_LISTEN=:: -env STUNNEL_DEBUG=1 ... + _________________________________________________________________ + + SSH IPv6 Tricks: + It is interesting to note that ssh(1) can do basically the same thing + as inet6to4 above by: + ssh -g -L 5900:localhost:5901 localhost "printf 'Press Enter to Exit: '; read + x" + + (where we have x11vnc running via "-rfbport 5901" in this case.) + + Note that one can also make a home-brew SOCKS5 ipv4-to-ipv6 gateway + proxy using ssh like this: + ssh -D '*:1080' localhost "printf 'Press Enter to Exit: '; read x" + + then specify a proxy like socks://hostname:1080 where hostname is the + machine running the above ssh command (add -v to ssh for connection + logging info.) + _________________________________________________________________ + + IPv6 SSVNC Viewer: + Our SSVNC VNC Viewer is basically a wrapper for ssh(1) and stunnel(1), + and so it already has good IPv6 support because these two commands do. + On Unix, MacOSX, and Windows nearly all of the the remaining parts of + SSVNC (e.g. the built-in proxying and un-encrypted connections) have + been modified to support IPv6 in SSVNC 1.0.26. @@ -9306,763 +8972,6 @@ or: you for your support! Click on the PayPal button below for more info. [x-click-but04.gif]-Submit - -References - - 1. http://www.karlrunge.com/x11vnc/ - 2. http://www.karlrunge.com/x11vnc/faq.html#faq-thanks - 3. http://www.karlrunge.com/x11vnc/faq.html#faq-xperms - 4. http://www.karlrunge.com/x11vnc/faq.html#faq-build - 5. http://www.karlrunge.com/x11vnc/faq.html#faq-missing-xtest - 6. http://www.karlrunge.com/x11vnc/faq.html#faq-solaris251build - 7. http://www.karlrunge.com/x11vnc/faq.html#faq-binaries - 8. http://www.karlrunge.com/x11vnc/faq.html#faq-viewer-download - 9. http://www.karlrunge.com/x11vnc/faq.html#faq-cmdline-opts - 10. http://www.karlrunge.com/x11vnc/faq.html#faq-config-file - 11. http://www.karlrunge.com/x11vnc/faq.html#faq-gui-tray - 12. http://www.karlrunge.com/x11vnc/faq.html#faq-change-port - 13. http://www.karlrunge.com/x11vnc/faq.html#faq-firewalls - 14. http://www.karlrunge.com/x11vnc/faq.html#faq-firewall-out - 15. http://www.karlrunge.com/x11vnc/faq.html#faq-quiet-bg - 16. http://www.karlrunge.com/x11vnc/faq.html#faq-sigpipe - 17. http://www.karlrunge.com/x11vnc/faq.html#faq-tight139 - 18. http://www.karlrunge.com/x11vnc/faq.html#faq-krdcprob - 19. http://www.karlrunge.com/x11vnc/faq.html#faq-tru64-crash - 20. http://www.karlrunge.com/x11vnc/faq.html#faq-aix-freeze - 21. http://www.karlrunge.com/x11vnc/faq.html#faq-build-customizations - 22. http://www.karlrunge.com/x11vnc/faq.html#faq-win2vnc - 23. http://www.karlrunge.com/x11vnc/faq.html#faq-win2vnc-8bpp - 24. http://www.karlrunge.com/x11vnc/faq.html#faq-macosx-nofb - 25. http://www.karlrunge.com/x11vnc/faq.html#faq-8bpp - 26. http://www.karlrunge.com/x11vnc/faq.html#faq-overlays - 27. http://www.karlrunge.com/x11vnc/faq.html#faq-directcolor - 28. http://www.karlrunge.com/x11vnc/faq.html#faq-windowid - 29. http://www.karlrunge.com/x11vnc/faq.html#faq-transients-id - 30. http://www.karlrunge.com/x11vnc/faq.html#faq-24bpp - 31. http://www.karlrunge.com/x11vnc/faq.html#faq-noshm - 32. http://www.karlrunge.com/x11vnc/faq.html#faq-xterminal-xauth - 33. http://www.karlrunge.com/x11vnc/faq.html#faq-sunrays - 34. http://www.karlrunge.com/x11vnc/faq.html#faq-stop-bg - 35. http://www.karlrunge.com/x11vnc/faq.html#faq-remote_control - 36. http://www.karlrunge.com/x11vnc/faq.html#faq-passwd - 37. http://www.karlrunge.com/x11vnc/faq.html#faq-passwd-noecho - 38. http://www.karlrunge.com/x11vnc/faq.html#faq-passwdfile - 39. http://www.karlrunge.com/x11vnc/faq.html#faq-multipasswd - 40. http://www.karlrunge.com/x11vnc/faq.html#faq-unix-passwords - 41. http://www.karlrunge.com/x11vnc/faq.html#faq-custom-passwords - 42. http://www.karlrunge.com/x11vnc/faq.html#faq-forever-shared - 43. http://www.karlrunge.com/x11vnc/faq.html#faq-allow-opt - 44. http://www.karlrunge.com/x11vnc/faq.html#faq-tcp_wrappers - 45. http://www.karlrunge.com/x11vnc/faq.html#faq-listen-interface - 46. http://www.karlrunge.com/x11vnc/faq.html#faq-listen-localhost - 47. http://www.karlrunge.com/x11vnc/faq.html#faq-input-opt - 48. http://www.karlrunge.com/x11vnc/faq.html#faq-accept-opt - 49. http://www.karlrunge.com/x11vnc/faq.html#faq-users-opt - 50. http://www.karlrunge.com/x11vnc/faq.html#faq-blockdpy - 51. http://www.karlrunge.com/x11vnc/faq.html#faq-gone-lock - 52. http://www.karlrunge.com/x11vnc/faq.html#faq-ssh-unix - 53. http://www.karlrunge.com/x11vnc/faq.html#faq-ssh-putty - 54. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-ext - 55. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-int - 56. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-viewers - 57. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-java-viewer-proxy - 58. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-portal - 59. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-ca - 60. http://www.karlrunge.com/x11vnc/faq.html#faq-service - 61. http://www.karlrunge.com/x11vnc/faq.html#faq-display-manager - 62. http://www.karlrunge.com/x11vnc/faq.html#faq-inetd - 63. http://www.karlrunge.com/x11vnc/faq.html#faq-avahi - 64. http://www.karlrunge.com/x11vnc/faq.html#faq-userlogin - 65. http://www.karlrunge.com/x11vnc/faq.html#faq-loop - 66. http://www.karlrunge.com/x11vnc/faq.html#faq-java-http - 67. http://www.karlrunge.com/x11vnc/faq.html#faq-reverse-connect - 68. http://www.karlrunge.com/x11vnc/faq.html#faq-reverse-connect-proxy - 69. http://www.karlrunge.com/x11vnc/faq.html#faq-web-login - 70. http://www.karlrunge.com/x11vnc/faq.html#faq-xvfb - 71. http://www.karlrunge.com/x11vnc/faq.html#faq-headless - 72. http://www.karlrunge.com/x11vnc/faq.html#faq-solshm - 73. http://www.karlrunge.com/x11vnc/faq.html#faq-less-resource - 74. http://www.karlrunge.com/x11vnc/faq.html#faq-more-resource - 75. http://www.karlrunge.com/x11vnc/faq.html#faq-slow-link - 76. http://www.karlrunge.com/x11vnc/faq.html#faq-xdamage - 77. http://www.karlrunge.com/x11vnc/faq.html#faq-xdamage-opengl - 78. http://www.karlrunge.com/x11vnc/faq.html#faq-pointer-mode - 79. http://www.karlrunge.com/x11vnc/faq.html#faq-wireframe - 80. http://www.karlrunge.com/x11vnc/faq.html#faq-scrollcopyrect - 81. http://www.karlrunge.com/x11vnc/faq.html#faq-client-caching - 82. http://www.karlrunge.com/x11vnc/faq.html#faq-turbovnc - 83. http://www.karlrunge.com/x11vnc/faq.html#faq-cursor-shape - 84. http://www.karlrunge.com/x11vnc/faq.html#faq-xfixes-alpha - 85. http://www.karlrunge.com/x11vnc/faq.html#faq-xfixes-alpha-hacks - 86. http://www.karlrunge.com/x11vnc/faq.html#faq-cursor-arrow - 87. http://www.karlrunge.com/x11vnc/faq.html#faq-cursor-positions - 88. http://www.karlrunge.com/x11vnc/faq.html#faq-buttonmap-opt - 89. http://www.karlrunge.com/x11vnc/faq.html#faq-altgr - 90. http://www.karlrunge.com/x11vnc/faq.html#faq-greaterless - 91. http://www.karlrunge.com/x11vnc/faq.html#faq-greaterless-sloppy - 92. http://www.karlrunge.com/x11vnc/faq.html#faq-xkbmodtweak - 93. http://www.karlrunge.com/x11vnc/faq.html#faq-repeated-keys - 94. http://www.karlrunge.com/x11vnc/faq.html#faq-repeated-keys-still - 95. http://www.karlrunge.com/x11vnc/faq.html#faq-mod-stuck-down - 96. http://www.karlrunge.com/x11vnc/faq.html#faq-remap-opt - 97. http://www.karlrunge.com/x11vnc/faq.html#faq-sun-alt-meta - 98. http://www.karlrunge.com/x11vnc/faq.html#faq-hpux-multi-key - 99. http://www.karlrunge.com/x11vnc/faq.html#faq-remap-button-click - 100. http://www.karlrunge.com/x11vnc/faq.html#faq-remap-capslock - 101. http://www.karlrunge.com/x11vnc/faq.html#faq-scrollbars - 102. http://www.karlrunge.com/x11vnc/faq.html#faq-scaling - 103. http://www.karlrunge.com/x11vnc/faq.html#faq-xinerama - 104. http://www.karlrunge.com/x11vnc/faq.html#faq-multi-screen - 105. http://www.karlrunge.com/x11vnc/faq.html#faq-clip-screen - 106. http://www.karlrunge.com/x11vnc/faq.html#faq-xrandr - 107. http://www.karlrunge.com/x11vnc/faq.html#faq-rotate - 108. http://www.karlrunge.com/x11vnc/faq.html#faq-black-screen - 109. http://www.karlrunge.com/x11vnc/faq.html#faq-linuxvc - 110. http://www.karlrunge.com/x11vnc/faq.html#faq-hidden-taskbars - 111. http://www.karlrunge.com/x11vnc/faq.html#faq-kde-screensaver - 112. http://www.karlrunge.com/x11vnc/faq.html#faq-beryl - 113. http://www.karlrunge.com/x11vnc/faq.html#faq-vmware - 114. http://www.karlrunge.com/x11vnc/faq.html#faq-rawfb - 115. http://www.karlrunge.com/x11vnc/faq.html#faq-linux-vt - 116. http://www.karlrunge.com/x11vnc/faq.html#faq-video - 117. http://www.karlrunge.com/x11vnc/faq.html#faq-qt-embedded - 118. http://www.karlrunge.com/x11vnc/faq.html#faq-no-x11 - 119. http://www.karlrunge.com/x11vnc/faq.html#faq-macosx - 120. http://www.karlrunge.com/x11vnc/faq.html#faq-reflect - 121. http://www.karlrunge.com/x11vnc/faq.html#faq-os-install - 122. http://www.karlrunge.com/x11vnc/faq.html#faq-clipboard - 123. http://www.karlrunge.com/x11vnc/faq.html#faq-record-swf - 124. http://www.karlrunge.com/x11vnc/faq.html#faq-filexfer - 125. http://www.karlrunge.com/x11vnc/faq.html#faq-ultravnc - 126. http://www.karlrunge.com/x11vnc/faq.html#faq-singleclick - 127. http://www.karlrunge.com/x11vnc/faq.html#faq-smb-shares - 128. http://www.karlrunge.com/x11vnc/faq.html#faq-cups - 129. http://www.karlrunge.com/x11vnc/faq.html#faq-sound - 130. http://www.karlrunge.com/x11vnc/faq.html#faq-beeps - 131. http://www.karlrunge.com/x11vnc/faq.html#faq-ipv6 - 132. http://www.karlrunge.com/x11vnc/faq.html#faq-thanks - 133. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-display - 134. http://www.tldp.org/HOWTO/Remote-X-Apps.html - 135. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-auth - 136. http://www.karlrunge.com/x11vnc/faq.html#faq-display-manager - 137. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find - 138. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-users - 139. http://www.karlrunge.com/x11vnc/index.html#firewalls - 140. http://www.karlrunge.com/x11vnc/miscbuild.html - 141. http://www.karlrunge.com/x11vnc/index.html#solarisbuilding - 142. http://www.karlrunge.com/x11vnc/x11vnc_sunos4.html - 143. http://www.karlrunge.com/x11vnc/index.html#building - 144. http://www.karlrunge.com/x11vnc/faq.html#faq-build - 145. http://www.linuxpackages.net/search_view.php?by=name&name=x11vnc - 146. http://software.opensuse.org/search?baseproject=openSUSE%3A11.2&p=1&q=x11vnc - 147. http://en.gentoo-wiki.com/wiki/X11VNC - 148. http://gentoo-portage.com/x11-misc/x11vnc - 149. http://www.freebsd.org/cgi/ports.cgi?query=x11vnc&stype=all - 150. http://www.freshports.org/net/x11vnc - 151. http://pkgsrc.se/x11/x11vnc - 152. http://openports.se/x11/x11vnc - 153. http://www.archlinux.org/packages/search/?q=x11vnc - 154. http://mike.saunby.googlepages.com/ - 155. http://www.focv.com/ipkg/ - 156. http://packages.debian.org/x11vnc - 157. http://packages.sw.be/x11vnc/ - 158. http://dag.wieers.com/rpm/packages/x11vnc/ - 159. http://www.sunfreeware.com/ - 160. http://www.karlrunge.com/x11vnc/bins - 161. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-httpdir - 162. http://www.tightvnc.com/download.html - 163. http://www.realvnc.com/products/free/4.1/download.html - 164. http://sourceforge.net/projects/cotvnc/ - 165. http://www.ultravnc.com/ - 166. http://www.karlrunge.com/x11vnc/ssvnc.html - 167. http://www.karlrunge.com/x11vnc/x11vnc_opts.html - 168. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-gui - 169. http://www.karlrunge.com/x11vnc/faq.html#faq-gui-tray - 170. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-gui - 171. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-gui - 172. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-N - 173. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-autoport - 174. http://www.karlrunge.com/x11vnc/index.html#firewalls - 175. http://www.karlrunge.com/x11vnc/faq.html#faq-reverse-connect - 176. http://www.karlrunge.com/x11vnc/ultravnc_repeater.pl - 177. http://www.karlrunge.com/x11vnc/index.html#ssl-tunnel - 178. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl - 179. http://www.karlrunge.com/x11vnc/vncxfer - 180. http://www.karlrunge.com/x11vnc/index.html#firewalls - 181. http://www.karlrunge.com/x11vnc/faq.html#faq-reverse-connect-proxy - 182. http://www.karlrunge.com/x11vnc/index.html#tunnelling - 183. http://www.karlrunge.com/x11vnc/index.html#ssl-tunnel - 184. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssh - 185. http://www.karlrunge.com/x11vnc/ssvnc.html - 186. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-q, - 187. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-bg - 188. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-o - 189. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=389750 - 190. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=399408 - 191. http://bugs.kde.org/show_bug.cgi?id=136924 - 192. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noxrecord - 193. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noxrecord - 194. http://www.karlrunge.com/x11vnc/index.html#solarisbuilding - 195. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nofb - 196. http://fredrik.hubbe.net/x2vnc.html - 197. http://www.hubbe.net/~hubbe/win2vnc.html - 198. http://www.deboer.gmxhome.de/ - 199. http://sourceforge.net/projects/win2vnc/ - 200. http://fredrik.hubbe.net/x2vnc.html - 201. http://freshmeat.net/projects/x2x/ - 202. http://zapek.com/?page_id=26 - 203. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-visual - 204. http://www.karlrunge.com/x11vnc/faq.html#faq-macosx - 205. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-flashcmap - 206. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-8to24 - 207. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-notruecolor - 208. http://www.karlrunge.com/x11vnc/faq.html#faq-8bpp - 209. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-overlay - 210. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-8to24 - 211. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-overlay - 212. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-8to24 - 213. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-flashcmap - 214. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-fixscreen - 215. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-8to24 - 216. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-id - 217. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-appshare - 218. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-8to24 - 219. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-overlay - 220. http://www.karlrunge.com/x11vnc/faq.html#faq-overlays - 221. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-id - 222. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sid - 223. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-appshare - 224. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-24to32 - 225. http://www.karlrunge.com/x11vnc/ssvnc.html - 226. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-display - 227. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noshm - 228. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-flipbyteorder - 229. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-auth - 230. http://www.karlrunge.com/x11vnc/faq.html#infaq_xauth_pain - 231. http://www.karlrunge.com/x11vnc/faq.html#faq-noshm - 232. http://www.sun.com/sunray/index.html - 233. http://www.karlrunge.com/x11vnc/sunray.html - 234. http://wiki.sun-rays.org/index.php/Remote_Control_Toolkit - 235. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remote - 236. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-query - 237. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-forever - 238. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-bg - 239. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-clear_mods - 240. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-clear_keys - 241. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-clear_all - 242. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remote - 243. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-query - 244. http://www.karlrunge.com/x11vnc/faq.html#faq-config-file - 245. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-gui - 246. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-storepasswd - 247. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rfbauth - 248. http://www.karlrunge.com/x11vnc/faq.html#faq-passwdfile - 249. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-usepw - 250. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-viewpasswd - 251. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-passwd - 252. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-passwdfile - 253. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rfbauth - 254. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-passwdfile - 255. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw - 256. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw_nis - 257. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-localhost - 258. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-stunnel - 259. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl - 260. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl - 261. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-localhost - 262. http://www.karlrunge.com/x11vnc/index.html#tunnelling - 263. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-ext - 264. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-accept - 265. http://www.karlrunge.com/x11vnc/faq.html#faq-accept-opt - 266. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw_cmd - 267. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-passwdfile - 268. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-passwdfile - 269. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw_cmd - 270. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw - 271. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-passwdfile - 272. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-passwdfile - 273. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-passwdfile - 274. http://www.karlrunge.com/x11vnc/faq.html#faq-accept-opt - 275. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-forever - 276. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-shared - 277. http://www.karlrunge.com/x11vnc/index.html#tunnelling - 278. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl - 279. http://www.karlrunge.com/x11vnc/faq.html#faq-passwd - 280. http://www.karlrunge.com/x11vnc/faq.html#faq-passwdfile - 281. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-allow - 282. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-localhost - 283. http://www.karlrunge.com/x11vnc/faq.html#faq-tcp_wrappers - 284. http://www.karlrunge.com/x11vnc/faq.html#faq-inetd - 285. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-listen - 286. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-allow - 287. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-localhost - 288. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-allow - 289. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-localhost - 290. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-input - 291. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-accept - 292. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-viewonly - 293. ftp://ftp.x.org/ - 294. http://www.karlrunge.com/x11vnc/dtVncPopup - 295. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-gone - 296. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-afteraccept - 297. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-users - 298. http://www.karlrunge.com/x11vnc/blockdpy.c - 299. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-accept - 300. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-gone - 301. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-forcedpms - 302. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-clientdpms - 303. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-grabkbd - 304. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-grabptr - 305. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-grabptr - 306. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-gone - 307. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-afteraccept - 308. http://www.karlrunge.com/x11vnc/index.html#tunnelling - 309. http://www.karlrunge.com/x11vnc/ssvnc.html - 310. http://www.karlrunge.com/x11vnc/index.html#tunnelling - 311. http://www.karlrunge.com/x11vnc/ssvnc.html - 312. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-localhost - 313. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rfbauth - 314. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-passwdfile - 315. http://www.karlrunge.com/x11vnc/chainingssh.html#gateway_double_ssh - 316. http://www.karlrunge.com/x11vnc/index.html#tunnelling - 317. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-connect - 318. http://stunnel.mirt.net/ - 319. http://www.stunnel.org/ - 320. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl - 321. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-stunnel - 322. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslverify - 323. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-int - 324. http://stunnel.mirt.net/ - 325. http://www.karlrunge.com/x11vnc/ssl.html - 326. http://www.karlrunge.com/x11vnc/faq.html#ss_vncviewer - 327. http://www.karlrunge.com/x11vnc/ssvnc.html - 328. http://www.karlrunge.com/x11vnc/ssl.html - 329. http://www.securityfocus.com/infocus/1677 - 330. http://www.karlrunge.com/x11vnc/ssl.html - 331. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-inetd - 332. http://sc.uvnc.com/javaviewer/index.html - 333. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl - 334. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-viewers - 335. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-httpdir - 336. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-http - 337. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl - 338. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-https - 339. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-stunnel - 340. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl - 341. http://www.karlrunge.com/x11vnc/faq.html#ss_vncviewer - 342. http://www.karlrunge.com/x11vnc/ssvnc.html - 343. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-ext - 344. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl - 345. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-viewers - 346. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl - 347. http://www.openssl.org/ - 348. http://sourceforge.net/projects/vencrypt/ - 349. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-vencrypt - 350. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-anontls - 351. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslonly - 352. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-viewers - 353. http://www.karlrunge.com/x11vnc/faq.html#infaq_ssl-vnc-viewers - 354. http://www.karlrunge.com/x11vnc/ssl.html - 355. http://www.karlrunge.com/x11vnc/faq.html#ss_vncviewer - 356. http://www.karlrunge.com/x11vnc/ssl.html - 357. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-stunnel - 358. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-stunnel - 359. http://stunnel.mirt.net/ - 360. http://www.karlrunge.com/x11vnc/faq.html#infaq_viewer-side-stunnel - 361. http://www.karlrunge.com/x11vnc/faq.html#ss_vncviewer - 362. http://www.karlrunge.com/x11vnc/ssvnc.html - 363. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-httpdir - 364. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-http - 365. http://sc.uvnc.com/javaviewer/index.html - 366. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl - 367. http://www.karlrunge.com/x11vnc/faq.html#infaq_ssl-router-redir - 368. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-https - 369. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-portal - 370. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-java-viewer-proxy - 371. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-portal - 372. http://www.karlrunge.com/x11vnc/index.html#firewalls - 373. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-httpsredir - 374. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rfbport - 375. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-httpport - 376. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-https - 377. http://www.karlrunge.com/x11vnc/ssl-output.html - 378. http://www.karlrunge.com/x11vnc/java_console_direct.html - 379. http://www.karlrunge.com/x11vnc/ssvnc.html - 380. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-ext - 381. http://www.karlrunge.com/x11vnc/ss_vncviewer - 382. http://www.karlrunge.com/x11vnc/ssl-portal.html - 383. http://www.karlrunge.com/x11vnc/ssl.html - 384. http://www.karlrunge.com/x11vnc/ssvnc.html - 385. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-httpsredir - 386. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-viewers - 387. http://www.karlrunge.com/x11vnc/java_console_proxy.html - 388. http://www.karlrunge.com/x11vnc/faq.html#ss_vncviewer - 389. http://www.karlrunge.com/x11vnc/ssvnc.html - 390. http://www.karlrunge.com/x11vnc/ssl-portal.html - 391. http://www.karlrunge.com/x11vnc/faq.html#faq-web-login - 392. http://www.karlrunge.com/x11vnc/ssl.html - 393. http://www.karlrunge.com/x11vnc/faq.html#infaq_display-manager-continuously - 394. http://www.karlrunge.com/x11vnc/faq.html#faq-inetd - 395. http://www.karlrunge.com/x11vnc/faq.html#faq-userlogin - 396. http://www.karlrunge.com/x11vnc/faq.html#infaq_x11vnc_loop - 397. http://club.mandriva.com/xwiki/bin/view/KB/XwinXset - 398. http://www.karlrunge.com/x11vnc/index.html#firewalls - 399. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-auth - 400. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-auth - 401. http://www.karlrunge.com/x11vnc/faq.html#infaq_dtlogin_solaris - 402. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-reopen - 403. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-localhost - 404. http://www.karlrunge.com/x11vnc/index.html#tunnelling - 405. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-localhost - 406. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl - 407. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-N - 408. http://www.jirka.org/gdm-documentation/x241.html - 409. http://www.karlrunge.com/x11vnc/x11vnc_loop - 410. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-loop - 411. http://www.karlrunge.com/x11vnc/faq.html#faq-xterminal-xauth - 412. http://www.karlrunge.com/x11vnc/index.html#firewalls - 413. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-inetd - 414. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-q, - 415. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-auth - 416. http://www.karlrunge.com/x11vnc/faq.html#faq-userlogin - 417. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-avahi - 418. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-mdns - 419. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-zeroconf - 420. http://www.avahi.org/ - 421. http://www.karlrunge.com/x11vnc/faq.html#faq-inetd - 422. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw - 423. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-display_WAIT - 424. http://www.karlrunge.com/x11vnc/faq.html#infaq_stunnel-inetd - 425. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-loop - 426. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find - 427. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create - 428. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-svc - 429. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xdmsvc - 430. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-display_WAIT - 431. http://www.karlrunge.com/x11vnc/find_display.html - 432. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find - 433. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find - 434. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw - 435. http://www.karlrunge.com/x11vnc/faq.html#faq-unix-passwords - 436. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find - 437. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-svc - 438. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-users - 439. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-int - 440. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-localhost - 441. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw - 442. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-users - 443. http://www.karlrunge.com/x11vnc/faq.html#faq-xvfb - 444. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-svc - 445. http://www.karlrunge.com/x11vnc/faq.html#ss_vncviewer - 446. http://www.karlrunge.com/x11vnc/ssvnc.html - 447. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create - 448. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-svc - 449. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-display_WAIT - 450. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create_xsrv - 451. http://www.karlrunge.com/x11vnc/faq.html#faq-linuxvc - 452. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xdmsvc - 453. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-loop - 454. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-loop - 455. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-svc - 456. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-httpdir - 457. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-http - 458. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-java-viewer-proxy - 459. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-connect - 460. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remote - 461. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-connect_or_exit - 462. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-vncconnect - 463. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-proxy - 464. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-proxy - 465. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-proxy - 466. http://www.karlrunge.com/x11vnc/desktop.cgi.pl - 467. http://www.karlrunge.com/x11vnc/faq.html#faq-xvfb - 468. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create - 469. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-loop - 470. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-portal - 471. http://www.karlrunge.com/x11vnc/faq.html#infaq_localaccess - 472. http://www.karlrunge.com/x11vnc/faq.html#infaq_localaccess - 473. http://www.karlrunge.com/x11vnc/faq.html#infaq_findcreatedisplay - 474. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-display_WAIT - 475. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find - 476. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create - 477. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-svc - 478. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xdmsvc - 479. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-add_keysyms - 480. http://www.karlrunge.com/x11vnc/faq.html#infaq_findcreatedisplay - 481. http://www.karlrunge.com/x11vnc/faq.html#faq-linuxvc - 482. http://www.karlrunge.com/x11vnc/Xdummy - 483. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find - 484. http://www.karlrunge.com/x11vnc/xdm_one_shot.html - 485. http://www.karlrunge.com/x11vnc/faq.html#infaq_display-manager-continuously - 486. http://www.karlrunge.com/x11vnc/faq.html#infaq_findcreatedisplay - 487. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-display_WAIT - 488. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find - 489. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create - 490. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-svc - 491. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xdmsvc - 492. http://www.karlrunge.com/x11vnc/shm_clear - 493. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-onetile - 494. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noshm - 495. http://www.karlrunge.com/x11vnc/faq.html#faq-noshm - 496. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nap - 497. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wait - 498. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sb - 499. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-onetile - 500. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-fs - 501. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-threads - 502. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-defer - 503. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-id - 504. http://www.karlrunge.com/x11vnc/index.html#fb_read_slow - 505. http://www.karlrunge.com/x11vnc/faq.html#faq-turbovnc - 506. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-solid - 507. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scrollcopyrect - 508. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wireframe - 509. http://www.tightvnc.com/ - 510. http://www.karlrunge.com/x11vnc/ssvnc.html - 511. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wireframe - 512. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scrollcopyrect - 513. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-solid - 514. http://www.karlrunge.com/x11vnc/faq.html#faq-client-caching - 515. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ncache - 516. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-speeds - 517. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nodragging - 518. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-fs - 519. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wait - 520. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-defer - 521. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-progressive - 522. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-id - 523. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-appshare - 524. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nosel - 525. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nocursor - 526. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nocursorpos - 527. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-readtimeout - 528. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-fixscreen - 529. http://www.karlrunge.com/x11vnc/index.html#fb_read_slow - 530. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xd_area - 531. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xd_mem - 532. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noxdamage - 533. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noxdamage - 534. http://minimyth.org/ - 535. http://www.karlrunge.com/x11vnc/faq.html#faq-beryl - 536. http://www.karlrunge.com/x11vnc/index.html#fb_read_slow - 537. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-pointer_mode - 538. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-pointer_mode - 539. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nodragging - 540. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-pointer_mode - 541. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-threads - 542. http://www.karlrunge.com/x11vnc/faq.html#faq-wireframe - 543. http://www.karlrunge.com/x11vnc/faq.html#faq-scrollcopyrect - 544. http://www.karlrunge.com/x11vnc/faq.html#faq-pointer-mode - 545. http://www.karlrunge.com/x11vnc/index.html#fb_read_slow - 546. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wireframe - 547. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wireframe - 548. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wireframe - 549. http://www.karlrunge.com/x11vnc/index.html#fb_read_slow - 550. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scrollcopyrect - 551. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wireframe - 552. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wirecopyrect - 553. http://www.karlrunge.com/x11vnc/faq.html#faq-wireframe - 554. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-fixscreen - 555. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scr_skip - 556. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scale - 557. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scrollcopyrect - 558. http://www.karlrunge.com/x11vnc/index.html#beta-test - 559. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ncache - 560. http://www.karlrunge.com/x11vnc/ssvnc.html - 561. http://www.karlrunge.com/x11vnc/ssvnc.html#ycrop - 562. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ncache_no_rootpixmap - 563. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ncache_cr - 564. http://www.virtualgl.org/About/TurboVNC - 565. http://www.virtualgl.org/ - 566. http://sourceforge.net/project/showfiles.php?group_id=117509&package_id=166100 - 567. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wait - 568. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-defer - 569. http://sourceforge.net/project/showfiles.php?group_id=117509&package_id=166100 - 570. http://www.karlrunge.com/x11vnc/ssvnc.html - 571. http://www.karlrunge.com/x11vnc/bins - 572. http://www.karlrunge.com/x11vnc/ssvnc.html - 573. http://www.virtualgl.org/About/Reports - 574. http://www.karlrunge.com/x11vnc/index.html#fb_read_slow - 575. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-cursor - 576. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-cursor - 577. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-overlay - 578. http://www.karlrunge.com/x11vnc/faq.html#infaq_the-overlay-mode - 579. http://www.karlrunge.com/x11vnc/index.html#solaris10-build - 580. http://www.karlrunge.com/x11vnc/faq.html#faq-xfixes-alpha-hacks - 581. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-alphacut - 582. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-alphafrac - 583. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-alpharemove - 584. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nocursorshape - 585. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noalphablend - 586. http://www.karlrunge.com/x11vnc/ssvnc.html - 587. http://www.tightvnc.com/ - 588. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nocursor - 589. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-cursorpos - 590. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nocursorpos - 591. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nocursorshape - 592. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-buttonmap - 593. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-debug_pointer - 594. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-buttonmap - 595. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-modtweak - 596. http://www.karlrunge.com/x11vnc/faq.html#faq-greaterless - 597. http://www.karlrunge.com/x11vnc/faq.html#faq-xkbmodtweak - 598. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-debug_keyboard - 599. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-modtweak - 600. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xkb - 601. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sloppy_keys - 602. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-modtweak - 603. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-modtweak - 604. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap - 605. http://www.karlrunge.com/x11vnc/faq.html#faq-xkbmodtweak - 606. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-debug_keyboard - 607. http://www.karlrunge.com/x11vnc/faq.html#faq-greaterless - 608. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xkb - 609. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sloppy_keys - 610. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-modtweak - 611. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xkb - 612. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xkb - 613. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-skip_keycodes - 614. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap - 615. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-add_keysyms - 616. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap - 617. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap - 618. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-add_keysyms - 619. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-norepeat - 620. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-norepeat - 621. http://www.karlrunge.com/x11vnc/faq.html#faq-display-manager - 622. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-clear_mods - 623. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap - 624. http://www.karlrunge.com/x11vnc/faq.html#faq-remap-capslock - 625. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-skip_lockkeys - 626. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-capslock - 627. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-clear_all - 628. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap - 629. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap - 630. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nomodtweak - 631. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap - 632. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap - 633. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-skip_lockkeys - 634. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-remap - 635. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nomodtweak - 636. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-capslock - 637. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-clear_all - 638. http://www.karlrunge.com/x11vnc/faq.html#faq-scaling - 639. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scale - 640. http://people.pwf.cam.ac.uk/ssb22/setup/vnc-magnification.html - 641. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rfbport - 642. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-gui - 643. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-connect - 644. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-scale_cursor - 645. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-blackout - 646. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xinerama - 647. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xinerama - 648. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xwarppointer - 649. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xwarppointer - 650. http://www.karlrunge.com/x11vnc/faq.html#faq-solshm - 651. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-onetile - 652. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noshm - 653. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-clip - 654. http://www.karlrunge.com/x11vnc/faq.html#faq-xinerama - 655. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-id - 656. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-id - 657. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-xrandr - 658. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-padgeom - 659. http://www.karlrunge.com/x11vnc/ssvnc.html - 660. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rotate - 661. http://www.jwz.org/xscreensaver/man1.html - 662. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nodpms - 663. http://www.beryl-project.org/ - 664. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noxdamage - 665. http://www.dslinux.org/blogs/pepsiman/?p=73 - 666. http://minimyth.org/ - 667. http://www.karlrunge.com/x11vnc/faq.html#faq-linuxvc - 668. http://www.karlrunge.com/x11vnc/faq.html#faq-rawfb - 669. http://www.karlrunge.com/x11vnc/faq.html#faq-linuxvc - 670. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-id - 671. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rawfb - 672. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-pipeinput - 673. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-pipeinput - 674. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-snapfb - 675. http://www.karlrunge.com/x11vnc/faq.html#faq-video - 676. http://www.karlrunge.com/x11vnc/faq.html#faq-xvfb - 677. http://www.karlrunge.com/x11vnc/faq.html#faq-qt-embedded - 678. http://www.karlrunge.com/x11vnc/faq.html#faq-video - 679. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rawfb - 680. http://www.karlrunge.com/x11vnc/faq.html#faq-video - 681. http://www.karlrunge.com/x11vnc/faq.html#faq-linuxvc - 682. http://www.karlrunge.com/x11vnc/faq.html#faq-qt-embedded - 683. http://www.karlrunge.com/x11vnc/faq.html#faq-vmware - 684. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rawfb - 685. http://www.karlrunge.com/x11vnc/faq.html#faq-rawfb - 686. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-snapfb - 687. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-24to32 - 688. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wait - 689. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-slow_fb - 690. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-defer - 691. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-freqtab - 692. http://www.karlrunge.com/x11vnc/faq.html#faq-rawfb - 693. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-pipeinput - 694. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-pipeinput - 695. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rawfb - 696. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rawfb - 697. http://www.testplant.com/products/vine_server/OS_X - 698. http://www.apple.com/remotedesktop/ - 699. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-id - 700. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nofb - 701. http://fredrik.hubbe.net/x2vnc.html - 702. http://www.karlrunge.com/x11vnc/faq.html#faq-win2vnc - 703. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-reflect - 704. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rawfb - 705. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nodragging - 706. http://sourceforge.net/projects/vnc-reflector/ - 707. http://www.tightvnc.com/projector/ - 708. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-connect - 709. http://www.karlrunge.com/x11vnc/faq.html#faq-display-manager - 710. http://www.karlrunge.com/x11vnc/faq.html#faq-display-manager - 711. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-connect - 712. http://www.jwz.org/doc/x-cut-and-paste.html - 713. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nosel - 714. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noprimary - 715. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noclipboard - 716. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nosetprimary - 717. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nosetclipboard - 718. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-seldir - 719. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-input - 720. http://www.unixuser.org/~euske/vnc2swf/ - 721. http://wolphination.com/linux/2006/06/30/how-to-record-videos-of-your-desktop/ - 722. http://www.karlrunge.com/x11vnc/ssvnc.html - 723. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-tightfilexfer - 724. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-users - 725. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ultrafilexfer - 726. http://www.karlrunge.com/x11vnc/ssvnc.html - 727. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noultraext - 728. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-noserverdpms - 729. http://www.uvnc.com/addons/repeater.html - 730. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-connect - 731. http://www.karlrunge.com/x11vnc/ultravnc_repeater.pl - 732. http://www.uvnc.com/addons/singleclick.html - 733. http://www.karlrunge.com/x11vnc/faq.html#faq-macosx - 734. http://www.karlrunge.com/x11vnc/single-click.html - 735. http://www.karlrunge.com/x11vnc/single-click.html - 736. http://www.karlrunge.com/x11vnc/index.html#firewalls - 737. http://sc.uvnc.com/ - 738. http://www.karlrunge.com/x11vnc/ssvnc.html - 739. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl - 740. http://www.karlrunge.com/x11vnc/single-click.html - 741. http://www.karlrunge.com/x11vnc/ssvnc.html - 742. http://www.karlrunge.com/x11vnc/single-click.html - 743. http://www.karlrunge.com/x11vnc/ssl.html - 744. http://www.karlrunge.com/x11vnc/single-click.html - 745. http://www.karlrunge.com/x11vnc/single-click.html#libssl-problems - 746. http://www.samba.org/ - 747. http://www.karlrunge.com/x11vnc/ssvnc.html - 748. http://www.cups.org/ - 749. http://www.karlrunge.com/x11vnc/ssvnc.html - 750. http://www.karlrunge.com/x11vnc/ssvnc.html - 751. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-nobell - 752. http://www.karlrunge.com/x11vnc/faq.html#faq-sound - 753. http://www.karlrunge.com/x11vnc/faq.html#faq-inetd - 754. http://www.karlrunge.com/x11vnc/inet6to4 ======================================================================= http://www.karlrunge.com/x11vnc/chainingssh.html: @@ -10112,8 +9021,8 @@ http://www.karlrunge.com/x11vnc/miscbuild.html: _________________________________________________________________ Misc. Build problems: We collect here rare build problems some users - have reported and the corresponding workarounds. See also the [1]FAQ's - on building. + have reported and the corresponding workarounds. See also the FAQ's on + building. _________________________________________________________________ ENV parameter: One user had a problem where the build script below was @@ -10187,10 +9096,6 @@ x11vnc-remote.o := CFLAGS += -O0 the command line option to disable optimization, or otherwise have the lines set CFLAGS to the empty string. _________________________________________________________________ - -References - - 1. http://www.karlrunge.com/x11vnc/faq.html#faq-build ======================================================================= http://www.karlrunge.com/x11vnc/sunray.html: @@ -10198,15 +9103,15 @@ http://www.karlrunge.com/x11vnc/sunray.html: Sun Ray Notes: - You can run x11vnc on your (connected or disconnected) [1]SunRay - session (Please remember to use settings like [2]-wait 200, [3]-sb 15, - and not running a screensaver animation (blank instead) to avoid being - a resource hog! x11vnc does induce a lot of memory I/O from polling - the X server. It also helps to have a solid background color, e.g. - [4]-solid). + You can run x11vnc on your (connected or disconnected) SunRay session + (Please remember to use settings like -wait 200, -sb 15, and not + running a screensaver animation (blank instead) to avoid being a + resource hog! x11vnc does induce a lot of memory I/O from polling the + X server. It also helps to have a solid background color, e.g. + -solid). News: Sun Ray Remote Control Toolkit: See the nice set of tools in the - [5]Sun Ray Remote Control Toolkit that launch x11vnc automatically for + Sun Ray Remote Control Toolkit that launch x11vnc automatically for you for certain usage modes. You have to know the name of the machine your SunRay session X server @@ -10232,16 +9137,16 @@ http://www.karlrunge.com/x11vnc/sunray.html: sunray-server:0 (note the :0 corresponding to port 5900, it is not :137). If it cannot get 5900, it tries for 5901, and so on. You can also try to force the port (and thereby the VNC display) using the - [6]-rfbport NNNN option. + -rfbport NNNN option. Especially on a busy Sun Ray server it is often difficult to find free ports for both VNC and the HTTP Java applet server to listen on. This - script, [7]vnc_findports may be of use for doing this automatically. - It suggests x11vnc command line options based on netstat output that + script, vnc_findports may be of use for doing this automatically. It + suggests x11vnc command line options based on netstat output that lists the occupied ports. It is even more difficult to start vncserver/Xvnc on a busy Sun Ray because then 3 ports (HTTP, VNC, and - X11), all separated by 100 are needed! This script, [8]findvncports - may be helpful as well. Both scripts start at VNC display :10 and work + X11), all separated by 100 are needed! This script, findvncports may + be helpful as well. Both scripts start at VNC display :10 and work their way up. SunRay Gotcha #2: If you get an error like: @@ -10255,9 +9160,9 @@ http://www.karlrunge.com/x11vnc/sunray.html: dies) the slot is not reclaimed. You can view the shm slots with the "ipcs -mA" command. If there are about 100 then you've probably hit this problem. They can be cleaned out (by the owner or by root) using - the ipcrm command. I wrote a script [9]shm_clear that finds the - orphans and lists or removes them. Longer term, have your SunRay - sysadmin add something like this to /etc/system: + the ipcrm command. I wrote a script shm_clear that finds the orphans + and lists or removes them. Longer term, have your SunRay sysadmin add + something like this to /etc/system: set shmsys:shminfo_shmmax = 0x2000000 set shmsys:shminfo_shmmni = 0x1000 @@ -10324,7 +9229,7 @@ exit 0 via x11vnc! Update: please see Bob Doolittle's detailed description of the this - issue at the [10]bottom of this section. + issue at the bottom of this section. Here "freeze" means "stop other X clients from inserting keyboard and mouse input and from viewing the current contents of the screen". Or @@ -10400,10 +9305,10 @@ elif [ "$RFB_MODE" = "gone" -a "$RFB_STATE" = "NORMAL" ]; then fi Then we would run x11vnc with these options: "-afteraccept xss_killer - -gone xss_killer". The [11]-afteraccept option (introduced in version - 0.8) is used to run a command after a vncviewer has successfully - logged in (note that this is a VNC login, not a Unix login, so you may - not want to do this if you are really paranoid...) + -gone xss_killer". The -afteraccept option (introduced in version 0.8) + is used to run a command after a vncviewer has successfully logged in + (note that this is a VNC login, not a Unix login, so you may not want + to do this if you are really paranoid...) Note if you use the above script and also plan to Ctrl-C (SIGINT) x11vnc you have to run the xscreensaver in a new process group to @@ -10527,20 +9432,6 @@ utaction -c $HOME/.srconnectrc -d $HOME/.srdisconnectrc & $DISPLAY specification as you describe (although it probably makes most sense to do this at login time, as opposed to every connect or disconnect event). - -References - - 1. http://www.sun.com/sunray/index.html - 2. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-wait - 3. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sb - 4. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-solid - 5. http://wiki.sun-rays.org/index.php/Remote_Control_Toolkit - 6. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rfbport - 7. http://www.karlrunge.com/x11vnc/vnc_findports - 8. http://www.karlrunge.com/x11vnc/findvncports - 9. http://www.karlrunge.com/x11vnc/shm_clear - 10. http://www.karlrunge.com/x11vnc/sunray.html#doolittle - 11. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-afteraccept ======================================================================= http://www.karlrunge.com/x11vnc/ssl.html: @@ -10580,7 +9471,7 @@ http://www.karlrunge.com/x11vnc/ssl.html: verified. This requires the VNC client side have some piece of information that can be used to verify the SSL x11vnc server. Alternatively, although rarely done, x11vnc can verify VNC Clients' - certificates, see the [1]-sslverify option that is discussed below. + certificates, see the -sslverify option that is discussed below. There are a number of ways to have the client authenticate the SSL x11vnc server. The quickest way perhaps would be to copy (safely) the @@ -10607,19 +9498,19 @@ NTIwLjQxMTE2OTEPMA0GA1UEChMGeDExdm5jMS4wLAYDVQQDEyV4MTF2bmMtU0VM changed or expired or his browser was reinstalled and/or lost the certificate, etc, etc. - As another example, if the user was using [2]stunnel with his VNC - viewer (this is mentioned [3]in this FAQ), e.g. STUNNEL.EXE on - Windows, then he would have to set the "CAfile = path-to-the-cert" and - "verify = 2" options in the stunnel.conf file before starting up the - tunnel. If a x11vnc certificate cannot be verified, stunnel will drop - the connection (and print a failure message in its log file). + As another example, if the user was using stunnel with his VNC viewer + (this is mentioned in this FAQ), e.g. STUNNEL.EXE on Windows, then he + would have to set the "CAfile = path-to-the-cert" and "verify = 2" + options in the stunnel.conf file before starting up the tunnel. If a + x11vnc certificate cannot be verified, stunnel will drop the + connection (and print a failure message in its log file). A third example, using the VNC viewer on Unix with stunnel the wrapper - script can be used this way: "[4]ss_vncviewer -verify ./x11vnc.crt + script can be used this way: "ss_vncviewer -verify ./x11vnc.crt far-away.east:0" where ./x11vnc.crt is the copied certificate x11vnc printed out. - As fourth example, our [5]SSVNC enhanced tightvnc viewer can also use + As fourth example, our SSVNC enhanced tightvnc viewer can also use these certificate files for server authentication. You can load them via the SSVNC 'Certs...' dialog and set 'ServerCert' to the certificate file you safely copied there. @@ -10657,8 +9548,8 @@ NTIwLjQxMTE2OTEPMA0GA1UEChMGeDExdm5jMS4wLAYDVQQDEyV4MTF2bmMtU0VM x11vnc server. The ".pem" file contains both the certificate and the private key and should be kept secret. (If you don't like the default location ~/.vnc/certs, e.g. it is on an NFS share and you are worried - about local network sniffing, use the [6]-ssldir dir option to point - to a different directory.) + about local network sniffing, use the -ssldir dir option to point to a + different directory.) So the next time you run "x11vnc -ssl SAVE ..." it will read the server.pem file directly instead of creating a new one. @@ -10722,7 +9613,7 @@ NTIwLjQxMTE2OTEPMA0GA1UEChMGeDExdm5jMS4wLAYDVQQDEyV4MTF2bmMtU0VM clients will run. * One or more x11vnc server certs and keys are generated. * The x11vnc server cert is signed with the CA private key. - * x11vnc is run using the server key. (e.g. "[7]-ssl SAVE") + * x11vnc is run using the server key. (e.g. "-ssl SAVE") * VNC clients (viewers) can now authenticate the x11vnc server because they have the CA certificate. @@ -10746,7 +9637,7 @@ NTIwLjQxMTE2OTEPMA0GA1UEChMGeDExdm5jMS4wLAYDVQQDEyV4MTF2bmMtU0VM * The VNC client certs+keys are safely distributed to the corresponding client machines. * x11vnc is told to verify clients by using the CA cert. (e.g. - "[8]-sslverify CA") + "-sslverify CA") * When VNC clients (viewers) connect, they must authenticate themselves to x11vnc by using their client key. @@ -10762,13 +9653,12 @@ NTIwLjQxMTE2OTEPMA0GA1UEChMGeDExdm5jMS4wLAYDVQQDEyV4MTF2bmMtU0VM How to do the above CA steps with x11vnc: Some utility commands are provided to ease the cert+key creation, - signing, and management: [9]-sslGenCA, [10]-sslGenCert, - [11]-sslDelCert, [12]-sslEncKey, [13]-sslCertInfo. They basically run - the openssl(1) command for you to manage the certs/keys. It is - required that openssl(1) is installed on the machine and available in - PATH. All commands can be pointed to an alternate toplevel certificate - directory via the [14]-ssldir option if you don't want to use the - default ~/.vnc/certs. + signing, and management: -sslGenCA, -sslGenCert, -sslDelCert, + -sslEncKey, -sslCertInfo. They basically run the openssl(1) command + for you to manage the certs/keys. It is required that openssl(1) is + installed on the machine and available in PATH. All commands can be + pointed to an alternate toplevel certificate directory via the -ssldir + option if you don't want to use the default ~/.vnc/certs. 1) To generate your Certificate Authority (CA) cert and key run this: x11vnc -sslGenCA @@ -10779,9 +9669,9 @@ NTIwLjQxMTE2OTEPMA0GA1UEChMGeDExdm5jMS4wLAYDVQQDEyV4MTF2bmMtU0VM ~/.vnc/certs/CA/cacert.pem (the CA public certificate) ~/.vnc/certs/CA/private/cakey.pem (the encrypted CA private key) - If you want to use a different directory use [15]-ssldir It must - supplied with all subsequent SSL utility options to point them to the - correct directory. + If you want to use a different directory use -ssldir It must supplied + with all subsequent SSL utility options to point them to the correct + directory. 2) To generate a signed x11vnc server cert and key run this: x11vnc -sslGenCert server @@ -10798,8 +9688,8 @@ NTIwLjQxMTE2OTEPMA0GA1UEChMGeDExdm5jMS4wLAYDVQQDEyV4MTF2bmMtU0VM 3) Start up x11vnc using this server key: x11vnc -ssl SAVE -display :0 ... - (SAVE corresponds to server.pem, see [16]-sslGenCert server somename - info on creating additional server keys, server-somename.crt ...) + (SAVE corresponds to server.pem, see -sslGenCert server somename info + on creating additional server keys, server-somename.crt ...) 4) Next, safely copy the CA certificate to the VNC viewer (client) machine(s). Perhaps: @@ -10836,14 +9726,14 @@ NTIwLjQxMTE2OTEPMA0GA1UEChMGeDExdm5jMS4wLAYDVQQDEyV4MTF2bmMtU0VM (then point the VNC viewer to localhost:1). - Here is an example for the Unix stunnel wrapper script - [17]ss_vncviewer in our SSVNC package: + Here is an example for the Unix stunnel wrapper script ss_vncviewer in + our SSVNC package: ss_vncviewer -verify ./cacert.pem far-away.east:0 - Our [18]SSVNC enhanced tightvnc viewer GUI can also use the - certificate file for server authentication. You can load it via the - SSVNC 'Certs...' dialog and set 'ServerCert' to the cacert.pem file - you safely copied there. + Our SSVNC enhanced tightvnc viewer GUI can also use the certificate + file for server authentication. You can load it via the SSVNC + 'Certs...' dialog and set 'ServerCert' to the cacert.pem file you + safely copied there. _________________________________________________________________ @@ -10960,20 +9850,20 @@ pem Where client.crt would be an individual client certificate; client-hash-dir a directory of file names based on md5 hashes of the - certs (see [19]-sslverify); and certs.txt signifies a single file full - of client certificates. + certs (see -sslverify); and certs.txt signifies a single file full of + client certificates. Finally, connect with your VNC viewer using the key. Here is an - example for the Unix stunnel wrapper script [20]ss_vncviewer: using - client authentication (and the standard server authentication with the - CA cert): + example for the Unix stunnel wrapper script ss_vncviewer: using client + authentication (and the standard server authentication with the CA + cert): ss_vncviewer -mycert ./dilbert.pem -verify ./cacert.pem far-away.east:0 - Our [21]SSVNC enhanced tightvnc viewer can also use these openssl .pem + Our SSVNC enhanced tightvnc viewer can also use these openssl .pem files (you can load them via Certs... -> MyCert dialog). - It is also possible to use [22]-sslverify on a per-client key basis, - and also using self-signed client keys (x11vnc -sslGenCert client + It is also possible to use -sslverify on a per-client key basis, and + also using self-signed client keys (x11vnc -sslGenCert client self:dilbert) Now a tricky part is to get Web browsers or Java Runtime to import and @@ -10994,29 +9884,28 @@ pem sufficient and can be read by Mozilla/Firefox and Java... If you have trouble getting your Java Runtime to import and use the - cert+key, there is a workaround for the [23]SSL-enabled Java applet. - On the Web browser URL that retrieves the VNC applet, simply add a - "/?oneTimeKey=..." applet parameter (see [24]ssl-portal for more - details on applet parameters; you don't need to do the full portal - setup though). The value of the oneTimeKey will be the very long - string that is output of the onetimekey program found in the - classes/ssl x11vnc directory. Or you can set oneTimeKey=PROMPT in - which case the applet will ask you to paste in the long string. These - scheme is pretty ugly, but it works. A nice application of it is to - make one time keys for users that have already logged into a secure - HTTPS site via password. A cgi program then makes a one time key for - the logged in user to use: it is passed back over HTTPS as the applet - parameter in the URL and so cannot be sniffed. x11vnc is run to use - that key via [25]-sslverify. + cert+key, there is a workaround for the SSL-enabled Java applet. On + the Web browser URL that retrieves the VNC applet, simply add a + "/?oneTimeKey=..." applet parameter (see ssl-portal for more details + on applet parameters; you don't need to do the full portal setup + though). The value of the oneTimeKey will be the very long string that + is output of the onetimekey program found in the classes/ssl x11vnc + directory. Or you can set oneTimeKey=PROMPT in which case the applet + will ask you to paste in the long string. These scheme is pretty ugly, + but it works. A nice application of it is to make one time keys for + users that have already logged into a secure HTTPS site via password. + A cgi program then makes a one time key for the logged in user to use: + it is passed back over HTTPS as the applet parameter in the URL and so + cannot be sniffed. x11vnc is run to use that key via -sslverify. Update: as of Apr 2007 in the 0.9.1 x11vnc tarball there is a new - option setting "[26]-users sslpeer=" that will do a switch user much - like [27]-unixpw does, but this time using the emailAddress field of - the Certificate subject of the verified Client. This mode requires - [28]-sslverify turned on to verify the clients via SSL. This mode can - be useful in situations using [29]-create or [30]-svc where a new X - server needs to be started up as the authenticated user (but unlike in - -unixpw mode, the unix username is not obviously known). + option setting "-users sslpeer=" that will do a switch user much like + -unixpw does, but this time using the emailAddress field of the + Certificate subject of the verified Client. This mode requires + -sslverify turned on to verify the clients via SSL. This mode can be + useful in situations using -create or -svc where a new X server needs + to be started up as the authenticated user (but unlike in -unixpw + mode, the unix username is not obviously known). _________________________________________________________________ @@ -11024,16 +9913,16 @@ pem A large, scaled-up installation may benefit from being able to revoke certificates (e.g. suppose a user's laptop with a vnc client or server - key is compromised.) You can use this option with x11vnc: [31]-sslCRL. - See the info at that link for a guide on what openssl(1) commands you - will need to run to revoke a certificate. + key is compromised.) You can use this option with x11vnc: -sslCRL. See + the info at that link for a guide on what openssl(1) commands you will + need to run to revoke a certificate. _________________________________________________________________ Additional utlities: - You can get information about your keys via [32]-sslCertInfo. These - lists all your keys: + You can get information about your keys via -sslCertInfo. These lists + all your keys: x11vnc -sslCertInfo list x11vnc -sslCertInfo ll @@ -11106,8 +9995,8 @@ pem Then, on the VNC viewer client side, the viewer authenticates the x11vnc server by using root_CA's certificate. Suppose that is in a file named root_CA.crt, then using the SSVNC wrapper script - [33]ss_vncviewer (which is also included in the [34]SSVNC package) as - our example, we have: + ss_vncviewer (which is also included in the SSVNC package) as our + example, we have: ss_vncviewer -verify ./root_CA.crt hostname:0 (where "hostname" is the machine where x11vnc is running.) One could @@ -11178,8 +10067,8 @@ intermediate/index.html (note since the server must always supply a cert, we use its normal self-signed, etc., one via "-ssl SAVE" and use the VeriSign root cert - for client authentication via [35]-sslverify. The viewer must now - supply the combined certificates, e.g.: + for client authentication via -sslverify. The viewer must now supply + the combined certificates, e.g.: ss_vncviewer -mycert ./V1-combined.pem hostname:0 _________________________________________________________________ @@ -11256,7 +10145,7 @@ m this entirely with openssl(1) you will have to learn the openssl commands corresponding to -genCA and -genCert. You may be able to find guides on the Internet to do this. Starting with x11vnc 0.9.10, you - can have it print out the wrapper scripts it uses via: [36]-sslScripts + can have it print out the wrapper scripts it uses via: -sslScripts (you will still need to fill in a few pieces of information; ask if it is not clear from the source code.) @@ -11264,51 +10153,10 @@ m More info: - See also this [37]article for some some general info and examples - using stunnel and openssl on Windows with VNC. Also - [38]http://www.stunnel.org/faq/certs.html is a very good source of + See also this article for some some general info and examples using + stunnel and openssl on Windows with VNC. Also + http://www.stunnel.org/faq/certs.html is a very good source of information on SSL certificate creation and management. - -References - - 1. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslverify - 2. http://stunnel.mirt.net/ - 3. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-ext - 4. http://www.karlrunge.com/x11vnc/ss_vncviewer - 5. http://www.karlrunge.com/x11vnc/ssvnc.html - 6. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssldir - 7. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssl - 8. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslverify - 9. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslGenCA - 10. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslGenCert - 11. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslDelCert - 12. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslEncKey - 13. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslCertInfo - 14. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssldir - 15. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssldir - 16. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-ssldir - 17. http://www.karlrunge.com/x11vnc/ss_vncviewer - 18. http://www.karlrunge.com/x11vnc/ssvnc.html - 19. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslverify - 20. http://www.karlrunge.com/x11vnc/ss_vncviewer - 21. http://www.karlrunge.com/x11vnc/ssvnc.html - 22. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslverify - 23. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-viewers - 24. http://www.karlrunge.com/x11vnc/ssl-portal.html - 25. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslverify - 26. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-users - 27. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw - 28. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslverify - 29. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create - 30. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-svc - 31. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslCRL - 32. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslCertInfo - 33. http://www.karlrunge.com/x11vnc/ss_vncviewer - 34. http://www.karlrunge.com/x11vnc/ssvnc.html - 35. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslverify - 36. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslScripts - 37. http://www.securityfocus.com/infocus/1677 - 38. http://www.stunnel.org/faq/certs.html ======================================================================= http://www.karlrunge.com/x11vnc/ssl-portal.html: @@ -11334,7 +10182,7 @@ http://www.karlrunge.com/x11vnc/ssl-portal.html: login technique for users connecting to machines inside their company or home firewall. For VNC access it is a bit awkward, however, because SSH needs to be installed on the Viewer machine and the user usually - has to rig up his own port redirection plumbing (however, see [1]our + has to rig up his own port redirection plumbing (however, see our other tool). Also, some users have restrictive work environments where SSH and @@ -11353,9 +10201,9 @@ http://www.karlrunge.com/x11vnc/ssl-portal.html: entire VNC connection process. No VNC or SSH specific software needs to be installed on the viewer side machine. - The stunnel VNC viewer stunnel wrapper script provided - ([2]ss_vncviewer) can also take advantage of the method described here - with its -proxy option. + The stunnel VNC viewer stunnel wrapper script provided (ss_vncviewer) + can also take advantage of the method described here with its -proxy + option. _________________________________________________________________ @@ -11363,10 +10211,10 @@ http://www.karlrunge.com/x11vnc/ssl-portal.html: for you. It is mainly intended for automatically redirecting to MULTIPLE workstations inside the firewall. If you only have one or two inside machines that you want to access, the method described here is - overly complicated! See [3]below for some simpler (and still non-SSH) + overly complicated! See below for some simpler (and still non-SSH) encrypted setups. - Also see the recent (Mar/2010) [4]desktop.cgi x11vnc desktop web login + Also see the recent (Mar/2010) desktop.cgi x11vnc desktop web login CGI script that achieves much of what the method describes here (especially if its 'port redirection' feature is enabled.) _________________________________________________________________ @@ -11379,9 +10227,8 @@ http://www.karlrunge.com/x11vnc/ssl-portal.html: Important: these sorts of schemes allow incoming connections from anywhere on the Internet to fixed ports on machines inside the firewall. Care must be taken to implement and test thoroughly. If one - is paranoid one can (and should) add [5]extra layers of protection. - (e.g. extra passwords, packet filtering, SSL certificate verification, - etc). + is paranoid one can (and should) add extra layers of protection. (e.g. + extra passwords, packet filtering, SSL certificate verification, etc). Also, it is easy to miss the point that unless precautions are taken to verify SSL Certificates, then the VNC Viewer is vulnerable to @@ -11406,7 +10253,7 @@ http://www.karlrunge.com/x11vnc/ssl-portal.html: It is the last item that makes it tricky (otherwise the method described on this page will work). If you are interested in such a solution and are willing to run a separate helper program - (connect_switch) [6]look here. Also, see [7]this apache patch. + (connect_switch) look here. Also, see this apache patch. _________________________________________________________________ Example: @@ -11423,7 +10270,7 @@ http://www.karlrunge.com/x11vnc/ssl-portal.html: In this example suppose the gateway machine running apache is named "www.gateway.east" (e.g. it may also provide normal web service). We also choose the Internet-facing port for this VNC service to be port - 563. One could choose any port, including the [8]default HTTP port 80. + 563. One could choose any port, including the default HTTP port 80. Detail: We choose 563 because it is the rarely used SNEWS port that is often allowed by Web proxies for the CONNECT method. The idea is the @@ -11448,9 +10295,8 @@ http://www.karlrunge.com/x11vnc/ssl-portal.html: i.e. we force SSL VNC connections, port 5915, serve the Java VNC viewer applet, and require a VNC password (another option would be - [9]-unixpw). The above command could also be run out of [10]inetd(8). - It can also be used to [11]autodetect the user's display and - Xauthority data. + -unixpw). The above command could also be run out of inetd(8). It can + also be used to autodetect the user's display and Xauthority data. These sections are added to the httpd.conf apache configuration file @@ -11581,7 +10427,7 @@ hostname2 15 This will involve downloading a signed java viewer applet jar file that is able to interact with the internal proxy for the VNC - connection. See [12]this FAQ for more info on how this works. Note: + connection. See this FAQ for more info on how this works. Note: sometimes with the Proxy case if you see 'Bad Gateway' error you will have to wait 10 or so seconds and then hit reload. This seems to be due to having to wait for a Connection Keepalive to terminate... @@ -11653,9 +10499,9 @@ blah,blah... of a outgoing proxy socket connection. Use it only if the Web browser is inside a separate Web proxying environment (i.e. large corporation) - The rewrites with parameter urlPrefix are described under [13]Tricks - for Better Response. The "trust" ones (also described under Tricks) - with trustAllVncCerts tell the Java VNC applet to skip a dialog asking + The rewrites with parameter urlPrefix are described under Tricks for + Better Response. The "trust" ones (also described under Tricks) with + trustAllVncCerts tell the Java VNC applet to skip a dialog asking about the VNC Certificate. They are a bit faster and more reliable than the original method. In the best situation they lead to being logged in 20 seconds or less (without them the time to login can be @@ -11682,7 +10528,7 @@ blah,blah... are not encrypted via SSL, and so in principle could be tampered with by a really bad guy. The subsequent VNC connection, however, is encrypted through a single SSL connection (it makes a CONNECT straight - to x11vnc). [14]See below for how to have these initial downloads + to x11vnc). See below for how to have these initial downloads encrypted as well (if the apache web server has SSL/mod_ssl, i.e. https, enabled and configured). @@ -11691,14 +10537,14 @@ blah,blah... certificate 'always'). This is because an applet it cannot open local files, etc. Sadly, the applet cannot even remember certificates in the same browser session because it is completely reinitialized for each - connection (see [15]below). + connection (see below). _________________________________________________________________ Too Much? If these apache rules are a little too much for you, there is a little - bit [16]simpler scheme where you have to list each of the individual + bit simpler scheme where you have to list each of the individual machines in the httpd.conf and ssl.conf files. It may be a little more typing to maintain, but perhaps being more straight forward (less RewriteRule's) is desirable. @@ -11708,19 +10554,18 @@ blah,blah... Problems? To see example x11vnc output for a successful https://host:5900/ - connection with the Java Applet see [17]This Page. + connection with the Java Applet see This Page. _________________________________________________________________ Some Ideas for adding extra authentication, etc. for the paranoid: - * VNC passwords: [18]-rfbauth, [19]-passwdfile, or [20]-usepw. Even - adding a simple company-wide VNC password helps block unwanted - access. - * Unix passwords: [21]-unixpw - * SSL Client certificates: [22]-sslverify + * VNC passwords: -rfbauth, -passwdfile, or -usepw. Even adding a + simple company-wide VNC password helps block unwanted access. + * Unix passwords: -unixpw + * SSL Client certificates: -sslverify * Apache AuthUserFile directive: .htaccess, etc. * Filter connections based on IP address or hostname. - * Use Port-knocking on your firewall as described in: [23]Enhanced + * Use Port-knocking on your firewall as described in: Enhanced TightVNC Viewer (ssvnc). * Add proxy password authentication (requires Viewer changes?) * Run a separate instance of Apache that provides this VNC service @@ -11735,16 +10580,16 @@ blah,blah... Using non-Java viewers with this scheme: - The [24]ss_vncviewer stunnel wrapper script for VNC viewers has the - -proxy option that can take advantage of this method. + The ss_vncviewer stunnel wrapper script for VNC viewers has the -proxy + option that can take advantage of this method. ss_vncviewer -proxy www.gateway.east:563 host1:15 For the case of the "double proxy" situation (see below) supply both separated by a comma. ss_vncviewer -proxy proxy1.foobar.com:8080,www.gateway.east:563 host1:15 - For the [25]Enhanced TightVNC Viewer (ssvnc) GUI (it uses ss_vncviewer - on Unix) put 'host1:15' into the 'VNC Server' entry box, and here are + For the Enhanced TightVNC Viewer (ssvnc) GUI (it uses ss_vncviewer on + Unix) put 'host1:15' into the 'VNC Server' entry box, and here are possible Proxy/Gateway entries Proxy/Gateway: www.gateway.east:563 Proxy/Gateway: proxy1.foobar.com:8080,www.gateway.east:563 @@ -11757,10 +10602,10 @@ blah,blah... To have the Java applet downloaded to the user's Web Browser via an encrypted (and evidently safer) SSL connection the Apache webserver - should be configured for SSL via [26]mod_ssl. + should be configured for SSL via mod_ssl. - It is actually possible to use the x11vnc [27]Key Management utility - "[28]-sslGenCert" to generate your Apache/SSL .crt and .key files. (In + It is actually possible to use the x11vnc Key Management utility + "-sslGenCert" to generate your Apache/SSL .crt and .key files. (In brief, run something like "x11vnc -sslGenCert server self:apache" then copy the resulting self:apache.crt file to conf/ssl.crt/server.crt and extract the private key part from self:apache.pem and paste it into @@ -11768,10 +10613,9 @@ blah,blah... before running x11vnc will bump up the expiration date (3 years in this case). - Or you can use the standard methods described in the [29]Apache - mod_ssl documentation to create your keys. Then restart Apache, - usually something like "apachectl stop" followed by "apachectl - startssl" + Or you can use the standard methods described in the Apache mod_ssl + documentation to create your keys. Then restart Apache, usually + something like "apachectl stop" followed by "apachectl startssl" In addition to the above sections in httpd.conf one should add the following to ssl.conf: @@ -11885,8 +10729,7 @@ stAllVncCerts=yes [R,NE,L] The "vncs/trust" ones are like the "trust" ones described earlier https://www.gateway.east/vncs/trust/mach2 - and similarly for the httpsPort ones. See [30]Tricks for Better - Response. + and similarly for the httpsPort ones. See Tricks for Better Response. In all of the above cases the VNC traffic from Viewer to x11vnc is encrypted end-to-end in a single SSL session, even for the "double @@ -11906,8 +10749,8 @@ stAllVncCerts=yes [R,NE,L] handling to download the applet jar via HTTPS on port 5915. The special entries "/vnc443" are only used for the special helper - program (connect_switch) for the https port 443 only mode - [31]discussed here. + program (connect_switch) for the https port 443 only mode discussed + here. _________________________________________________________________ @@ -11946,17 +10789,16 @@ stAllVncCerts=yes [R,NE,L] -ssl SAVE -http -unixpw -localhost -users unixpw= \ -find - (we have used the alias [32]-find for "-display - WAIT:cmd=FINDDISPLAY".) This way the user must supply his Unix - username and password and then his display and Xauthority data on that - machine will be located and returned to x11vnc to allow it to attach. - If he doesn't have a display running on that machine or he fails to - log in correctly, the connection will be dropped. + (we have used the alias -find for "-display WAIT:cmd=FINDDISPLAY".) + This way the user must supply his Unix username and password and then + his display and Xauthority data on that machine will be located and + returned to x11vnc to allow it to attach. If he doesn't have a display + running on that machine or he fails to log in correctly, the + connection will be dropped. - The variant "[33]-display WAIT:cmd=FINDCREATEDISPLAY" (aliased by - "[34]-create") will actually create a (virtual or real) X server - session for the user if one doesn't already exist. See [35]here for - details. + The variant "-display WAIT:cmd=FINDCREATEDISPLAY" (aliased by + "-create") will actually create a (virtual or real) X server session + for the user if one doesn't already exist. See here for details. To enable inetd operation for the non-HTTPS Java viewer download (port 5815 in the above httpd.conf example) you will need to run x11vnc in @@ -11966,11 +10808,11 @@ stAllVncCerts=yes [R,NE,L] -inetd -prog /usr/local/bin/x11vnc -oa /var/log/x11vnc-15.log \ -http_ssl -display WAIT:cmd=HTTPONCE - where the long inetd.conf line has been split. Note how the - [36]-http_ssl tries to automatically find the .../classes/ssl - subdirectory. This requires the [37]-prog option available in x11vnc - 0.8.4 (a shell script wrapper, e.g. /usr/local/bin/x11vnc_http.sh can - be used to work around this). + where the long inetd.conf line has been split. Note how the -http_ssl + tries to automatically find the .../classes/ssl subdirectory. This + requires the -prog option available in x11vnc 0.8.4 (a shell script + wrapper, e.g. /usr/local/bin/x11vnc_http.sh can be used to work around + this). Also note the use of "-ssl SAVE" above. This way a saved server.pem is used for each inetd invocation (rather generating a new one each time @@ -12027,8 +10869,8 @@ stAllVncCerts=yes [R,NE,L] - The redirection could also be done at the application level using a TCP redirect program (e.g. ip_relay or fancier ones). Evidently more careful internal hostname checking, etc., could be performed by the - special purpose application to add security. See [38]connect_switch - which is somewhat related. + special purpose application to add security. See connect_switch which + is somewhat related. - One might imagine the ProxyPass could be done for the VNC traffic as well (for the ssl.conf case) to avoid the CONNECT proxying completely @@ -12127,47 +10969,6 @@ Certs=yes [R,NE] you later get an unexpected dialog, you know something is wrong. Nearly always it is just a changed or expired certificate, but better safe than sorry... - -References - - 1. http://www.karlrunge.com/x11vnc/ssvnc.html - 2. http://www.karlrunge.com/x11vnc/faq.html#ss_vncviewer - 3. http://www.karlrunge.com/x11vnc/ssl-portal.html#no-apache - 4. http://www.karlrunge.com/x11vnc/faq.html#faq-web-login - 5. http://www.karlrunge.com/x11vnc/ssl-portal.html#precautions - 6. http://www.karlrunge.com/x11vnc/ssl-single-443.html - 7. https://issues.apache.org/bugzilla/show_bug.cgi?id=29744 - 8. http://www.karlrunge.com/x11vnc/ssl-portal.html#port-variations - 9. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw - 10. http://www.karlrunge.com/x11vnc/ssl-portal.html#inetd - 11. http://www.karlrunge.com/x11vnc/faq.html#faq-userlogin - 12. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-java-viewer-proxy - 13. http://www.karlrunge.com/x11vnc/ssl-portal.html#tricks - 14. http://www.karlrunge.com/x11vnc/ssl-portal.html#https-applet - 15. http://www.karlrunge.com/x11vnc/ssl-portal.html#https-applet" - 16. http://www.karlrunge.com/x11vnc/ssl-portal-orig.html - 17. http://www.karlrunge.com/x11vnc/ssl-output.html - 18. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rfbauth - 19. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-passwdfile - 20. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-usepw - 21. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-unixpw - 22. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslverify - 23. http://www.karlrunge.com/x11vnc/ssvnc.html - 24. http://www.karlrunge.com/x11vnc/faq.html#ss_vncviewer - 25. http://www.karlrunge.com/x11vnc/ssvnc.html - 26. http://httpd.apache.org/docs/2.0/mod/mod_ssl.html - 27. http://www.karlrunge.com/x11vnc/ssl.html - 28. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-sslGenCert - 29. http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html#selfcert - 30. http://www.karlrunge.com/x11vnc/ssl-portal.html#tricks - 31. http://www.karlrunge.com/x11vnc/ssl-single-443.html - 32. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-find - 33. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-display_WAIT - 34. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-create - 35. http://www.karlrunge.com/x11vnc/faq.html#faq-userlogin - 36. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-http_ssl - 37. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-prog - 38. http://www.karlrunge.com/x11vnc/ssl-single-443.html ======================================================================= http://www.karlrunge.com/x11vnc/enhanced_tightvnc_viewer.html: @@ -12177,9 +10978,9 @@ http://www.karlrunge.com/x11vnc/enhanced_tightvnc_viewer.html: Enhanced TightVNC Viewer (SSVNC: SSL/SSH VNC viewer) - [1](To Downloads) [2](To Quick Start) + (To Downloads) (To Quick Start) - [ssvnc.gif] [ssvnc_windows.gif] [ssvnc_macosx.gif] [3]. [4]. + [ssvnc.gif] [ssvnc_windows.gif] [ssvnc_macosx.gif] . . The Enhanced TightVNC Viewer, SSVNC, adds encryption security to VNC @@ -12187,8 +10988,8 @@ Enhanced TightVNC Viewer (SSVNC: SSL/SSH VNC viewer) The package provides a GUI for Windows, Mac OS X, and Unix that automatically starts up an STUNNEL SSL tunnel for SSL or ssh/plink for - SSH connections to any VNC server, such as [5]x11vnc, and then - launches the VNC Viewer to use the encrypted tunnel. + SSH connections to any VNC server, such as x11vnc, and then launches + the VNC Viewer to use the encrypted tunnel. The x11vnc server has built-in SSL support, however SSVNC can make SSL encrypted VNC connections to any VNC Server if they are running an SSL @@ -12205,7 +11006,7 @@ Enhanced TightVNC Viewer (SSVNC: SSL/SSH VNC viewer) GUI as an enhanced replacement for the xvncviewer, xtightvncviewer, etc., viewers. - In addition to normal SSL, SSVNC also supports the [6]VeNCrypt SSL/TLS + In addition to normal SSL, SSVNC also supports the VeNCrypt SSL/TLS and Vino/ANONTLS encryption extensions to VNC on Unix, Mac OS X, and Windows. Via the provided SSVNC VeNCrypt bridge, VeNCrypt and ANONTLS encryption also works with any third party VNC Viewer (e.g. RealVNC, @@ -12214,9 +11015,9 @@ Enhanced TightVNC Viewer (SSVNC: SSL/SSH VNC viewer) The short name for this project is "ssvnc" for SSL/SSH VNC Viewer. This is the name of the command to start it. - There is a simplified [7]SSH-Only mode (sshvnc). And an even more - simplified [8]Terminal-Services mode (tsvnc) for use with x11vnc on - the remote side. + There is a simplified SSH-Only mode (sshvnc). And an even more + simplified Terminal-Services mode (tsvnc) for use with x11vnc on the + remote side. It is also possible (although not recommended) to disable encryption: -noenc cmdline option; Ctrl-E toggle; or Vnc:// host prefix; see the @@ -12225,12 +11026,12 @@ Enhanced TightVNC Viewer (SSVNC: SSL/SSH VNC viewer) The tool has many additional features; see the descriptions below. It is a self-contained bundle, you could carry it around on, say, a - [9]USB memory stick / flash drive for secure VNC viewing from almost - any machine, Unix, Mac OS X, and Windows (and if you create a - directory named "Home" in the toplevel ssvnc directory on the drive - your VNC profiles and certs will be kept there as well). For Unix, - there is also a [10]conventional source tarball to build and install - in the normal way and not use a pre-built bundle. + USB memory stick / flash drive for secure VNC viewing from almost any + machine, Unix, Mac OS X, and Windows (and if you create a directory + named "Home" in the toplevel ssvnc directory on the drive your VNC + profiles and certs will be kept there as well). For Unix, there is + also a conventional source tarball to build and install in the normal + way and not use a pre-built bundle. _________________________________________________________________ @@ -12241,11 +11042,11 @@ Enhanced TightVNC Viewer (SSVNC: SSL/SSH VNC viewer) then those keys are likely extremely weak and can be easily cracked. The certificate files should be deleted and recreated on a non-Debian system or an updated one. See - [11]http://www.debian.org/security/2008/dsa-1571 for details. The same + http://www.debian.org/security/2008/dsa-1571 for details. The same applies to SSH keys. Please read this information on using SSVNC on workstations with - [12]Untrusted Local Users. + Untrusted Local Users. _________________________________________________________________ @@ -12261,16 +11062,16 @@ Enhanced TightVNC Viewer (SSVNC: SSL/SSH VNC viewer) with the SSVNC encryption GUI front-end if you prefer. * Create or Import SSL Certificates and Private Keys. * Reverse (viewer listening) VNC connections via SSL and SSH. - * VeNCrypt SSL/TLS VNC encryption support (used by [13]VeNCrypt, - QEMU, ggi, libvirt/virt-manager/xen, vinagre/gvncviewer/gtk-vnc) + * VeNCrypt SSL/TLS VNC encryption support (used by VeNCrypt, QEMU, + ggi, libvirt/virt-manager/xen, vinagre/gvncviewer/gtk-vnc) * ANONTLS SSL/TLS VNC encryption support (used by Vino) * VeNCrypt and ANONTLS are also enabled for any 3rd party VNC Viewer (e.g. RealVNC, TightVNC, UltraVNC ...) on Unix, MacOSX, and Windows via the provided SSVNC VeNCrypt Viewer Bridge tool (use 'Change VNC Viewer' to select the one you want.) - * Support for Web [14]Proxies, SOCKS Proxies, and the [15]UltraVNC - repeater proxy (e.g. repeater://host:port+ID:1234). Multiple - proxies may be chained together (3 max). + * Support for Web Proxies, SOCKS Proxies, and the UltraVNC repeater + proxy (e.g. repeater://host:port+ID:1234). Multiple proxies may be + chained together (3 max). * Support for SSH Gateway connections and non-standard SSH ports. * Automatic Service tunnelling via SSH for CUPS and SMB Printing, ESD/ARTSD Audio, and SMB (Windows/Samba) filesystem mounting. @@ -12285,16 +11086,18 @@ Enhanced TightVNC Viewer (SSVNC: SSL/SSH VNC viewer) * Support for native MacOS X usage with bundled Chicken of the VNC viewer (the Unix X11 viewer is also provided for MacOS X, and is better IMHO. It is now the default on MacOS X.) - * [16]Dynamic VNC Server Port determination and redirection (using - ssh's builtin SOCKS proxy, ssh -D) for servers like x11vnc that - print out PORT= at startup. + * Dynamic VNC Server Port determination and redirection (using ssh's + builtin SOCKS proxy, ssh -D) for servers like x11vnc that print + out PORT= at startup. * Unix Username and Password entry for use with "x11vnc -unixpw" type login dialogs. - * Simplified mode launched by command "[17]sshvnc" that is SSH Only. - * Simplified mode launched by command "[18]tsvnc" that provides a - VNC "Terminal Services" mode (uses x11vnc on the remote side). + * Simplified mode launched by command "sshvnc" that is SSH Only. + * Simplified mode launched by command "tsvnc" that provides a VNC + "Terminal Services" mode (uses x11vnc on the remote side). + * IPv6 support for all connection modes on Unix, MacOSX, and + Windows. - Patches to TightVNC 1.3.9 vnc_unixsrc tree were created for [19]Unix + Patches to TightVNC 1.3.9 vnc_unixsrc tree were created for Unix TightVNC Viewer improvements (these only apply to the Unix VNC viewer, including MacOSX XQuartz): * rfbNewFBSize VNC support (dynamic screen resizing) @@ -12302,12 +11105,12 @@ Enhanced TightVNC Viewer (SSVNC: SSL/SSH VNC viewer) * ZRLE VNC encoding support (RealVNC's encoding) * Support for the ZYWRLE encoding, a wavelet based extension to ZRLE to improve compression of motion video and photo regions. - * [20]TurboVNC support ([21]VirtualGL's modified TightVNC encoding; - requires TurboJPEG library) + * TurboVNC support (VirtualGL's modified TightVNC encoding; requires + TurboJPEG library) * Pipelined Updates of the framebuffer as in TurboVNC (asks for the next update before the current one has finished downloading; this gives some speedup on high latency connections.) - * Cursor [22]alphablending with x11vnc at 32bpp (-alpha option) + * Cursor alphablending with x11vnc at 32bpp (-alpha option) * Option "-unixpw ..." for use with "x11vnc -unixpw" type login dialogs. * Support for UltraVNC extensions: 1/n Server side scaling, Text @@ -12316,21 +11119,20 @@ Enhanced TightVNC Viewer (SSVNC: SSL/SSH VNC viewer) * UltraVNC File Transfer via an auxiliary Java helper program (java must be in $PATH). Note that the x11vnc server also supports UltraVNC file transfer. - * Connection support for the [23]UltraVNC repeater proxy (-repeater + * Connection support for the UltraVNC repeater proxy (-repeater option). - * Support for UltraVNC [24]Single Click operation. (both - unencrypted: SC I, and SSL encrypted: SC III) - * Support for UltraVNC [25]DSM Encryption Plugin symmetric - encryption mode. (ARC4, AESV2, MSRC4, and SecureVNC) - * Support for UltraVNC [26]MS-Logon authentication (NOTE: the - UltraVNC MS-Logon key exchange implementation is very weak; an - eavesdropper on the network can recover your Windows password - easily in a few seconds; you need to use an additional encrypted - tunnel with MS-Logon.) + * Support for UltraVNC Single Click operation. (both unencrypted: SC + I, and SSL encrypted: SC III) + * Support for UltraVNC DSM Encryption Plugin symmetric encryption + mode. (ARC4, AESV2, MSRC4, and SecureVNC) + * Support for UltraVNC MS-Logon authentication (NOTE: the UltraVNC + MS-Logon key exchange implementation is very weak; an eavesdropper + on the network can recover your Windows password easily in a few + seconds; you need to use an additional encrypted tunnel with + MS-Logon.) * Support for symmetric encryption (including blowfish and 3des ciphers) to Non-UltraVNC Servers. Any server using the same - encryption method will work, [27]e.g.: x11vnc -enc - blowfish:./my.key + encryption method will work, e.g.: x11vnc -enc blowfish:./my.key * Instead of hostname:display one can also supply "exec=command args..." to connect the viewer to the stdio of an external command (e.g. stunnel or socat) rather than using a TCP/IP socket. Unix @@ -12347,11 +11149,11 @@ Enhanced TightVNC Viewer (SSVNC: SSL/SSH VNC viewer) (-use64/-bgr222, -use8/-bgr111) * Medium color mode: 16bpp mode on a 32bpp Viewer display (-16bpp/-bgr565) - * For use with x11vnc's [28]client-side caching -ncache method use - the cropping option -ycrop n. This will "hide" the large pixel - buffer cache below the actual display. Set to the actual height or - use -1 for autodetection (also, tall screens, H > 2*W, are - autodetected by default). + * For use with x11vnc's client-side caching -ncache method use the + cropping option -ycrop n. This will "hide" the large pixel buffer + cache below the actual display. Set to the actual height or use -1 + for autodetection (also, tall screens, H > 2*W, are autodetected + by default). * Escape Keys: specify a set of modifier keys so that when they are all pressed down you can invoke Popup menu actions via keystrokes. I.e., a set of 'Hot Keys'. One can also pan (move) the desktop @@ -12362,13 +11164,12 @@ Enhanced TightVNC Viewer (SSVNC: SSL/SSH VNC viewer) -sendclipboard, -sendalways, and -recvtext options. * TightVNC compression and quality levels are automatically set based on observed network latency (n.b. not bandwidth.) - * Improvements to the [29]Popup menu, all of these can now be - changed dynamically via the menu: ViewOnly, Toggle Bell, - CursorShape updates, X11 Cursor, Cursor Alphablending, Toggle - Tight/ZRLE, Toggle JPEG, FullColor/16bpp/8bpp (256/64/8 colors), - Greyscale for low color modes, Scaling the Viewer resolution, - Escape Keys, Pipeline Updates, and others, including UltraVNC - extensions. + * Improvements to the Popup menu, all of these can now be changed + dynamically via the menu: ViewOnly, Toggle Bell, CursorShape + updates, X11 Cursor, Cursor Alphablending, Toggle Tight/ZRLE, + Toggle JPEG, FullColor/16bpp/8bpp (256/64/8 colors), Greyscale for + low color modes, Scaling the Viewer resolution, Escape Keys, + Pipeline Updates, and others, including UltraVNC extensions. * Maintains its own BackingStore if the X server does not. * The default for localhost:0 connections is not raw encoding since same-machine connections are pretty rare. Default assumes you are @@ -12389,8 +11190,7 @@ Enhanced TightVNC Viewer (SSVNC: SSL/SSH VNC viewer) These are all self-contained in the bundle directory: they will not be installed on your system. Just un-zip or un-tar the file you downloaded and run the frontend ssvnc straight from its directory. - Alternatively, on Unix you can use the [30]conventional source - tarball. + Alternatively, on Unix you can use the conventional source tarball. _________________________________________________________________ @@ -12405,7 +11205,7 @@ Unix and Mac OS X: Unpack the archive: - % gzip -dc ssvnc-1.0.26.tar.gz | tar xvf - + % gzip -dc ssvnc-1.0.27.tar.gz | tar xvf - Run the GUI: @@ -12413,7 +11213,7 @@ Unix and Mac OS X: % ./ssvnc/MacOSX/ssvnc (for Mac OS X) - The smaller file "ssvnc_no_windows-1.0.26.tar.gz" + The smaller file "ssvnc_no_windows-1.0.27.tar.gz" could have been used as well. On MacOSX you could also click on the SSVNC app icon in the Finder. @@ -12459,8 +11259,8 @@ Unix/MacOSX Install: For the conventional source tarball it will compile and install, e.g.: - gzip -dc ssvnc-1.0.26.src.tar.gz | tar xvf - - cd ssvnc-1.0.26 + gzip -dc ssvnc-1.0.27.src.tar.gz | tar xvf - + cd ssvnc-1.0.27 make config make all make PREFIX=/my/install/dir install @@ -12473,7 +11273,7 @@ Windows: Unzip, using WinZip or a similar utility, the zip file: - ssvnc-1.0.26.zip + ssvnc-1.0.27.zip Run the GUI, e.g.: @@ -12485,7 +11285,7 @@ Windows: select Open, and then OK to launch it. - The smaller file "ssvnc_windows_only-1.0.26.zip" + The smaller file "ssvnc_windows_only-1.0.27.zip" could have been used as well. You can make a Windows shortcut to this program if you want to. @@ -12512,7 +11312,7 @@ Windows: _________________________________________________________________ - You can read all of the SSVNC GUI's [31]Online Help Text here. + You can read all of the SSVNC GUI's Online Help Text here. _________________________________________________________________ The bundle unpacks a directory/folder named: ssvnc. It contains these @@ -12524,16 +11324,16 @@ Windows: (the Mac OS X and Unix launchers are simply links to the bin directory). See the README for more information. - The [32]SSH-Only mode launcher program has name sshvnc. The - [33]Terminal Services mode launcher program (assumes x11vnc 0.8.4 or - later and Xvfb installed on the server machine) has name tsvnc. + The SSH-Only mode launcher program has name sshvnc. The Terminal + Services mode launcher program (assumes x11vnc 0.8.4 or later and Xvfb + installed on the server machine) has name tsvnc. The Viewer SSL support is done via a wrapper script (bin/ssvnc_cmd that calls bin/util/ss_vncviewer) that starts up the STUNNEL tunnel first and then starts the TightVNC viewer pointed at that tunnel. The - bin/ssvnc program is a GUI front-end to that script. See [34]this FAQ - for more details on SSL tunnelling. In SSH connection mode, the - wrappers start up SSH appropriately. + bin/ssvnc program is a GUI front-end to that script. See this FAQ for + more details on SSL tunnelling. In SSH connection mode, the wrappers + start up SSH appropriately. Memory Stick Usage: If you create a directory named "Home" in that @@ -12578,7 +11378,7 @@ start \ssvnc\Windows\ssvnc.exe switch from the regular SSVNC mode, click "Terminal Services" under Options. - This mode requires [35]x11vnc (0.9.3 or later) installed on the remote + This mode requires x11vnc (0.9.3 or later) installed on the remote machine to find, create, and manage the user sessions. SSH is used to create the encrypted and authenticated tunnel. The Xvfb (virtual framebuffer X server) program must also be installed on the remote @@ -12596,10 +11396,10 @@ start \ssvnc\Windows\ssvnc.exe press "Connect"). Normally the Terminal Services sessions created are virtual (RAM-only) - ones (e.g. Xvfb, [36]Xdummy, or Xvnc), however a nice feature is if - you have a regular X session (i.e displaying on the physical hardware) - on the remote machine that you are ALREADY logged into, then the - x11vnc run from tsvnc will find it for you as well. + ones (e.g. Xvfb, Xdummy, or Xvnc), however a nice feature is if you + have a regular X session (i.e displaying on the physical hardware) on + the remote machine that you are ALREADY logged into, then the x11vnc + run from tsvnc will find it for you as well. Also, there is setting "X Login" under Advanced Options that allows you to attach to a real X server with no one logged in yet (i.e. @@ -12617,7 +11417,7 @@ start \ssvnc\Windows\ssvnc.exe Proxies: Web proxies, SOCKS proxies, and the UltraVNC repeater proxy are supported to allow the SSVNC connection to go through the proxy to the otherwise unreachable VNC Server. SSH gateway machines can be used - in the same way. Read [37]more about SSVNC proxy support here. + in the same way. Read more about SSVNC proxy support here. Dynamic VNC Server Port determination: If you are running SSVNC on @@ -12644,7 +11444,7 @@ or: PORT= vncserver :4; sleep 15 sessions if called repeatedly. If you use PORT= on Windows, a large random port is selected instead - and the [38]-rfbport option is passed to x11vnc (it does not work with + and the -rfbport option is passed to x11vnc (it does not work with vncserver). @@ -12655,7 +11455,7 @@ or: PORT= vncserver :4; sleep 15 resize when the server does (e.g. "x11vnc -R scale=3/4" remote control command). - The cursor alphablending is [39]described here. + The cursor alphablending is described here. The RealVNC ZRLE encoding is supported, in addition to some low colors modes (16bpp and 8bpp at 256, 64, and even 8 colors, for use on very @@ -12665,10 +11465,10 @@ or: PORT= vncserver :4; sleep 15 The Popup menu (F8) is enhanced with the ability to change many things on the fly. F9 is added as a shortcut to toggle FullScreen mode. - Client Side Caching: The x11vnc [40]client-side caching is handled - nicely by this viewer. The very large pixel cache below the actual - display in this caching method is distracting. Our Unix VNC viewer - will automatically try to autodetect the actual display height if the + Client Side Caching: The x11vnc client-side caching is handled nicely + by this viewer. The very large pixel cache below the actual display in + this caching method is distracting. Our Unix VNC viewer will + automatically try to autodetect the actual display height if the framebuffer is very tall (more than twice as high as it is wide). One can also set the height to the known value via -ycrop n, or use -ycrop -1 to force autodection. In fullscreen mode one is not possible to @@ -12678,11 +11478,11 @@ or: PORT= vncserver :4; sleep 15 scrollbars are set to be very thin (2 pixels) to be less distracting. Use the -sbwidth n to make them wider. - Probably nobody is interested in the [41]grabserver patch for old - window managers when the viewer is in fullscreen mode... This and some - other unfixed bugs have been fixed in our patches (fullscreen toggle - works with KDE, -x11cursor has been fixed, and the dot cursor has been - made smaller). + Probably nobody is interested in the grabserver patch for old window + managers when the viewer is in fullscreen mode... This and some other + unfixed bugs have been fixed in our patches (fullscreen toggle works + with KDE, -x11cursor has been fixed, and the dot cursor has been made + smaller). From the -help output: SSVNC Viewer (based on TightVNC viewer version 1.3.9) @@ -13107,7 +11907,7 @@ r _________________________________________________________________ Hopefully this tool will make it convenient for people to help test - and use the [42]built-in SSL support in x11vnc. Extra testing of this + and use the built-in SSL support in x11vnc. Extra testing of this feature is much appreciated!! Thanks. Please Help Test the newly added features: @@ -13120,13 +11920,12 @@ r Server machine, and to mount your local Windows or Samba shares on the remote VNC Server machine. Basically these new features try to automate the tricks described here: - [43]http://www.karlrunge.com/x11vnc/faq.html#faq-smb-shares - [44]http://www.karlrunge.com/x11vnc/faq.html#faq-cups - [45]http://www.karlrunge.com/x11vnc/faq.html#faq-sound + http://www.karlrunge.com/x11vnc/faq.html#faq-smb-shares + http://www.karlrunge.com/x11vnc/faq.html#faq-cups + http://www.karlrunge.com/x11vnc/faq.html#faq-sound _________________________________________________________________ - Downloading: Downloads for this project are hosted at - [46]Sourceforge.net. + Downloading: Downloads for this project are hosted at Sourceforge.net. Choose the archive file bundle that best suits you (e.g. no source code, windows only, unix only, zip, tar etc). @@ -13137,26 +11936,26 @@ r "ssvnc_unix_only" (or "ssvnc_no_windows" to recompile). On Mac OS X? Use "ssvnc_no_windows". On Windows? Use "ssvnc_windows_only". - [47]ssvnc_windows_only-1.0.25.zip Windows Binaries Only. No source incl -uded (6.0MB) - [48]ssvnc_no_windows-1.0.25.tar.gz Unix and Mac OS X Only. No Windows bin -aries. Source included. (9.8MB) - [49]ssvnc_unix_only-1.0.25.tar.gz Unix Binaries Only. No source incl -uded. (7.0MB) - [50]ssvnc_unix_minimal-1.0.25.tar.gz Unix Minimal. You must supply your ow -n vncviewer and stunnel. (0.2MB) - - [51]ssvnc-1.0.25.tar.gz All Unix, Mac OS X, and Windows binari -es and source TGZ. (15.5MB) - [52]ssvnc-1.0.25.zip All Unix, Mac OS X, and Windows binari -es and source ZIP. (15.5MB) - [53]ssvnc_all-1.0.25.zip All Unix, Mac OS X, and Windows binari -es and source AND full archives in the zip dir. (18.3MB) + ssvnc_windows_only-1.0.26.zip Windows Binaries Only. No source included + (6.0MB) + ssvnc_no_windows-1.0.26.tar.gz Unix and Mac OS X Only. No Windows binarie +s. Source included. (9.8MB) + ssvnc_unix_only-1.0.26.tar.gz Unix Binaries Only. No source included +. (7.0MB) + ssvnc_unix_minimal-1.0.26.tar.gz Unix Minimal. You must supply your own vn +cviewer and stunnel. (0.2MB) + + ssvnc-1.0.26.tar.gz All Unix, Mac OS X, and Windows binaries a +nd source TGZ. (15.5MB) + ssvnc-1.0.26.zip All Unix, Mac OS X, and Windows binaries a +nd source ZIP. (15.5MB) + ssvnc_all-1.0.26.zip All Unix, Mac OS X, and Windows binaries a +nd source AND full archives in the zip dir. (18.3MB) Here is a conventional source tarball: - [54]ssvnc-1.0.25.src.tar.gz Conventional Source for SSVNC GUI and -Unix VNCviewer (0.5MB) + ssvnc-1.0.26.src.tar.gz Conventional Source for SSVNC GUI and Unix + VNCviewer (0.5MB) it will be of use to those who do not want the SSVNC "one-size-fits-all" bundles. For example, package/distro maintainers @@ -13165,7 +11964,7 @@ Unix VNCviewer (0.5MB) stunnel source, and so has a dependency that the system stunnel is installed. - Read the [55]README.src file for more information on using the + Read the README.src file for more information on using the conventional source tarball. @@ -13173,24 +11972,24 @@ Unix VNCviewer (0.5MB) "ssvnc_all", you may need to run the "./build.unix" script in the top directory to recompile for your operating system. - Here are the corresponding 1.0.26 development bundles (Please help + Here are the corresponding 1.0.27 development bundles (Please help testing them): - [56]ssvnc_windows_only-1.0.26.zip - [57]ssvnc_no_windows-1.0.26.tar.gz - [58]ssvnc_unix_only-1.0.26.tar.gz - [59]ssvnc_unix_minimal-1.0.26.tar.gz + ssvnc_windows_only-1.0.27.zip + ssvnc_no_windows-1.0.27.tar.gz + ssvnc_unix_only-1.0.27.tar.gz + ssvnc_unix_minimal-1.0.27.tar.gz - [60]ssvnc-1.0.26.tar.gz - [61]ssvnc-1.0.26.zip - [62]ssvnc_all-1.0.26.zip + ssvnc-1.0.27.tar.gz + ssvnc-1.0.27.zip + ssvnc_all-1.0.27.zip - [63]ssvnc-1.0.26.src.tar.gz Conventional Source for SSVNC GUI and -Unix VNCviewer (0.5MB) + ssvnc-1.0.27.src.tar.gz Conventional Source for SSVNC GUI and Unix + VNCviewer (0.5MB) For any Unix system, a self-extracting and running file for the - "ssvnc_unix_minimal" package is here: [64]ssvnc. Save it as filename + "ssvnc_unix_minimal" package is here: ssvnc. Save it as filename "ssvnc", type "chmod 755 ./ssvnc", and then launch the GUI via typing "./ssvnc". Note that this "ssvnc_unix_minimal" mode requires you install the "stunnel" and "vncviewer" programs externally (for @@ -13199,14 +11998,15 @@ Unix VNCviewer (0.5MB) SSVNC features will be missing. Previous releases: - [65]Release 1.0.18 at Sourceforge.net - [66]Release 1.0.19 at Sourceforge.net - [67]Release 1.0.20 at Sourceforge.net - [68]Release 1.0.21 at Sourceforge.net - [69]Release 1.0.22 at Sourceforge.net - [70]Release 1.0.23 at Sourceforge.net - [71]Release 1.0.24 at Sourceforge.net - [72]Release 1.0.25 at Sourceforge.net + Release 1.0.18 at Sourceforge.net + Release 1.0.19 at Sourceforge.net + Release 1.0.20 at Sourceforge.net + Release 1.0.21 at Sourceforge.net + Release 1.0.22 at Sourceforge.net + Release 1.0.23 at Sourceforge.net + Release 1.0.24 at Sourceforge.net + Release 1.0.25 at Sourceforge.net + Release 1.0.26 at Sourceforge.net Please help test the UltraVNC File Transfer support in the native Unix @@ -13249,99 +12049,16 @@ Unix VNCviewer (0.5MB) redistribute the above because of cryptographic software they contain or for other reasons. Please check out your situation and information at the following and related sites: - [73]http://stunnel.mirt.net - [74]http://www.stunnel.org - [75]http://www.openssl.org - [76]http://www.chiark.greenend.org.uk/~sgtatham/putty/ - [77]http://www.tightvnc.com - [78]http://www.realvnc.com - [79]http://sourceforge.net/projects/cotvnc/ + http://stunnel.mirt.net + http://www.stunnel.org + http://www.openssl.org + http://www.chiark.greenend.org.uk/~sgtatham/putty/ + http://www.tightvnc.com + http://www.realvnc.com + http://sourceforge.net/projects/cotvnc/ _________________________________________________________________ - README: Here is the toplevel [80]README from the bundle. - -References - - 1. http://www.karlrunge.com/x11vnc/enhanced_tightvnc_viewer.html#download - 2. http://www.karlrunge.com/x11vnc/enhanced_tightvnc_viewer.html#quickstart - 3. http://www.karlrunge.com/x11vnc/admwtp.html - 4. http://cell.runges.net/b.w - 5. http://www.karlrunge.com/x11vnc/index.html - 6. http://sourceforge.net/projects/vencrypt/ - 7. http://www.karlrunge.com/x11vnc/enhanced_tightvnc_viewer.html#sshvnc - 8. http://www.karlrunge.com/x11vnc/enhanced_tightvnc_viewer.html#tsvnc - 9. http://www.karlrunge.com/x11vnc/enhanced_tightvnc_viewer.html#memory-stick - 10. http://www.karlrunge.com/x11vnc/enhanced_tightvnc_viewer.html#source - 11. http://www.debian.org/security/2008/dsa-1571 - 12. http://www.karlrunge.com/x11vnc/ssvnc_untrusted_local_users.html - 13. http://sourceforge.net/projects/vencrypt/ - 14. http://www.karlrunge.com/x11vnc/ssvnc-proxies.html - 15. http://www.uvnc.com/addons/repeater.html - 16. http://www.karlrunge.com/x11vnc/enhanced_tightvnc_viewer.html#dynamic-port - 17. http://www.karlrunge.com/x11vnc/enhanced_tightvnc_viewer.html#sshvnc - 18. http://www.karlrunge.com/x11vnc/enhanced_tightvnc_viewer.html#tsvnc - 19. http://www.karlrunge.com/x11vnc/enhanced_tightvnc_viewer.html#unix-patches - 20. http://www.karlrunge.com/x11vnc/faq.html#faq-turbovnc - 21. http://www.virtualgl.org/ - 22. http://www.karlrunge.com/x11vnc/faq.html#faq-xfixes-alpha-hacks - 23. http://www.uvnc.com/addons/repeater.html - 24. http://www.uvnc.com/addons/singleclick.html - 25. http://www.uvnc.com/features/encryption.html - 26. http://www.uvnc.com/features/authentication.html - 27. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-enc - 28. http://www.karlrunge.com/x11vnc/faq.html#faq-client-caching - 29. http://www.karlrunge.com/x11vnc/enhanced_tightvnc_viewer.html#popup - 30. http://www.karlrunge.com/x11vnc/enhanced_tightvnc_viewer.html#source - 31. http://www.karlrunge.com/x11vnc/ssvnc_help.html - 32. http://www.karlrunge.com/x11vnc/enhanced_tightvnc_viewer.html#sshvnc - 33. http://www.karlrunge.com/x11vnc/enhanced_tightvnc_viewer.html#tsvnc - 34. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-ext - 35. http://www.karlrunge.com/x11vnc/index.html - 36. http://www.karlrunge.com/x11vnc/faq.html#faq-xvfb - 37. http://www.karlrunge.com/x11vnc/ssvnc-proxies.html - 38. http://www.karlrunge.com/x11vnc/x11vnc_opts.html#opt-rfbport - 39. http://www.karlrunge.com/x11vnc/faq.html#faq-xfixes-alpha-hacks - 40. http://www.karlrunge.com/x11vnc/faq.html#faq-client-caching - 41. http://www.karlrunge.com/x11vnc/faq.html#faq-scrollbars - 42. http://www.karlrunge.com/x11vnc/faq.html#faq-ssl-tunnel-int - 43. http://www.karlrunge.com/x11vnc/faq.html#faq-smb-shares - 44. http://www.karlrunge.com/x11vnc/faq.html#faq-cups - 45. http://www.karlrunge.com/x11vnc/faq.html#faq-sound - 46. http://sourceforge.net/projects/ssvnc - 47. http://downloads.sourceforge.net/ssvnc/ssvnc_windows_only-1.0.25.zip?use_mirror= - 48. http://downloads.sourceforge.net/ssvnc/ssvnc_no_windows-1.0.25.tar.gz?use_mirror= - 49. http://downloads.sourceforge.net/ssvnc/ssvnc_unix_only-1.0.25.tar.gz?use_mirror= - 50. http://downloads.sourceforge.net/ssvnc/ssvnc_unix_minimal-1.0.25.tar.gz?use_mirror= - 51. http://ssvnc.sourceforge.net/dev/ssvnc-1.0.25.tar.gz - 52. http://ssvnc.sourceforge.net/dev/ssvnc-1.0.25.zip - 53. http://downloads.sourceforge.net/ssvnc/ssvnc_all-1.0.25.zip?use_mirror= - 54. http://downloads.sourceforge.net/ssvnc/ssvnc-1.0.25.src.tar.gz?use_mirror= - 55. http://www.karlrunge.com/x11vnc/etv/README.src.txt - 56. http://ssvnc.sourceforge.net/dev/ssvnc_windows_only-1.0.26.zip - 57. http://ssvnc.sourceforge.net/dev/ssvnc_no_windows-1.0.26.tar.gz - 58. http://ssvnc.sourceforge.net/dev/ssvnc_unix_only-1.0.26.tar.gz - 59. http://ssvnc.sourceforge.net/dev/ssvnc_unix_minimal-1.0.26.tar.gz - 60. http://ssvnc.sourceforge.net/dev/ssvnc-1.0.26.tar.gz - 61. http://ssvnc.sourceforge.net/dev/ssvnc-1.0.26.zip - 62. http://ssvnc.sourceforge.net/dev/ssvnc_all-1.0.26.zip - 63. http://ssvnc.sourceforge.net/dev/ssvnc-1.0.26.src.tar.gz - 64. http://www.karlrunge.com/x11vnc/etv/ssvnc - 65. http://sourceforge.net/project/showfiles.php?group_id=243486&package_id=296727&release_id=636282 - 66. http://sourceforge.net/project/showfiles.php?group_id=243486&package_id=296727&release_id=636337 - 67. http://sourceforge.net/project/showfiles.php?group_id=243486&package_id=296727&release_id=636338 - 68. http://sourceforge.net/project/showfiles.php?group_id=243486&package_id=296727&release_id=640923 - 69. http://sourceforge.net/project/showfiles.php?group_id=243486&package_id=296727&release_id=652804 - 70. http://sourceforge.net/projects/ssvnc/files/ssvnc/1.0.23/ - 71. http://sourceforge.net/projects/ssvnc/files/ssvnc/1.0.24/ - 72. http://sourceforge.net/projects/ssvnc/files/ssvnc/1.0.25/ - 73. http://stunnel.mirt.net/ - 74. http://www.stunnel.org/ - 75. http://www.openssl.org/ - 76. http://www.chiark.greenend.org.uk/~sgtatham/putty/ - 77. http://www.tightvnc.com/ - 78. http://www.realvnc.com/ - 79. http://sourceforge.net/projects/cotvnc/ - 80. http://www.karlrunge.com/x11vnc/README.ssvnc.html + README: Here is the toplevel README from the bundle. ======================================================================= http://www.karlrunge.com/x11vnc/x11vnc_opts.html: @@ -13354,11 +12071,12 @@ x11vnc: a VNC server for real X displays Here are all of x11vnc command line options: % x11vnc -opts (see below for -help long descriptions) -x11vnc: allow VNC connections to real X11 displays. 0.9.10 lastmod: 2010-03-20 +x11vnc: allow VNC connections to real X11 displays. 0.9.10 lastmod: 2010-04-08 x11vnc options: -display disp -auth file -N - -autoport n -rfbport str -reopen + -autoport n -rfbport str -6 + -noipv6 -noipv4 -reopen -reflect host:N -id windowid -sid windowid -appshare -clip WxH+X+Y -flashcmap -shiftcmap n -notruecolor -advertise_truecolor @@ -13372,83 +12090,84 @@ x11vnc options: -mdns -zeroconf -connect string -connect_or_exit str -proxy string -vncconnect -novncconnect -allow host1[,host2..] -localhost - -nolookup -input string -grabkbd - -grabptr -grabalways -viewpasswd string - -passwdfile filename -showrfbauth filename -unixpw [list] - -unixpw_nis [list] -unixpw_cmd cmd -find - -finddpy -listdpy -findauth [disp] - -create -xdummy -xvnc - -xvnc_redirect -xdummy_xvfb -create_xsrv str - -svc -svc_xdummy -svc_xvnc - -svc_xdummy_xvfb -xdmsvc -sshxdmsvc - -unixpw_system_greeter -redirect port -display WAIT:... - -vencrypt mode -anontls mode -sslonly - -dhparams file -nossl -ssl [pem] - -ssltimeout n -sslnofail -ssldir dir - -sslverify path -sslCRL path -sslGenCA [dir] - -sslGenCert type name -sslEncKey pem -sslCertInfo pem - -sslDelCert pem -sslScripts -stunnel [pem] - -stunnel3 [pem] -enc cipher:keyfile -https [port] - -httpsredir [port] -http_oneport -ssh user@host:disp - -usepw -storepasswd pass file -nopw - -accept string -afteraccept string -gone string - -users list -noshm -flipbyteorder - -onetile -solid [color] -blackout string - -xinerama -noxinerama -xtrap - -xrandr [mode] -rotate string -padgeom WxH - -o logfile -flag file -rmflag file - -rc filename -norc -env VAR=VALUE - -prog /path/to/x11vnc -h, -help -?, -opts - -V, -version -license -dbg - -q, -quiet -v, -verbose -bg - -modtweak -nomodtweak -xkb - -noxkb -capslock -skip_lockkeys - -noskip_lockkeys -skip_keycodes string -sloppy_keys - -skip_dups -noskip_dups -add_keysyms - -noadd_keysyms -clear_mods -clear_keys - -clear_all -remap string -norepeat - -repeat -nofb -nobell - -nosel -noprimary -nosetprimary - -noclipboard -nosetclipboard -seldir string - -cursor [mode] -nocursor -cursor_drag - -arrow n -noxfixes -alphacut n - -alphafrac fraction -alpharemove -noalphablend - -nocursorshape -cursorpos -nocursorpos - -xwarppointer -noxwarppointer -buttonmap string - -nodragging -ncache n -ncache_cr - -ncache_no_moveraise -ncache_no_dtchange -ncache_no_rootpixmap - -ncache_keep_anims -ncache_old_wm -ncache_pad n - -debug_ncache -wireframe [str] -nowireframe - -nowireframelocal -wirecopyrect mode -nowirecopyrect - -debug_wireframe -scrollcopyrect mode -noscrollcopyrect - -scr_area n -scr_skip list -scr_inc list - -scr_keys list -scr_term list -scr_keyrepeat lo-hi - -scr_parms string -fixscreen string -debug_scroll - -noxrecord -grab_buster -nograb_buster - -debug_grabs -debug_sel -pointer_mode n - -input_skip n -allinput -speeds rd,bw,lat - -wmdt string -debug_pointer -debug_keyboard - -defer time -wait time -extra_fbur n - -wait_ui factor -setdefer n -nowait_bog - -slow_fb time -xrefresh time -nap - -nonap -sb time -readtimeout n - -ping n -nofbpm -fbpm - -nodpms -dpms -forcedpms - -clientdpms -noserverdpms -noultraext - -chatwindow -noxdamage -xd_area A - -xd_mem f -sigpipe string -threads - -nothreads -fs f -gaps n - -grow n -fuzz n -debug_tiles - -snapfb -rawfb string -freqtab file - -pipeinput cmd -macnodim -macnosleep - -macnosaver -macnowait -macwheel n - -macnoswap -macnoresize -maciconanim n - -macmenu -macuskbd -gui [gui-opts] - -remote command -query variable -QD variable - -sync -query_retries str -remote_prefix str - -noremote -yesremote -unsafe - -safer -privremote -nocmds - -allowedcmds list -deny_all + -listen6 str -nolookup -input string + -grabkbd -grabptr -grabalways + -viewpasswd string -passwdfile filename -showrfbauth filename + -unixpw [list] -unixpw_nis [list] -unixpw_cmd cmd + -find -finddpy -listdpy + -findauth [disp] -create -xdummy + -xvnc -xvnc_redirect -xdummy_xvfb + -create_xsrv str -svc -svc_xdummy + -svc_xvnc -svc_xdummy_xvfb -xdmsvc + -sshxdmsvc -unixpw_system_greeter -redirect port + -display WAIT:... -vencrypt mode -anontls mode + -sslonly -dhparams file -nossl + -ssl [pem] -ssltimeout n -sslnofail + -ssldir dir -sslverify path -sslCRL path + -sslGenCA [dir] -sslGenCert type name -sslEncKey pem + -sslCertInfo pem -sslDelCert pem -sslScripts + -stunnel [pem] -stunnel3 [pem] -enc cipher:keyfile + -https [port] -httpsredir [port] -http_oneport + -ssh user@host:disp -usepw -storepasswd pass file + -nopw -accept string -afteraccept string + -gone string -users list -noshm + -flipbyteorder -onetile -solid [color] + -blackout string -xinerama -noxinerama + -xtrap -xrandr [mode] -rotate string + -padgeom WxH -o logfile -flag file + -rmflag file -rc filename -norc + -env VAR=VALUE -prog /path/to/x11vnc -h, -help + -?, -opts -V, -version -license + -dbg -q, -quiet -v, -verbose + -bg -modtweak -nomodtweak + -xkb -noxkb -capslock + -skip_lockkeys -noskip_lockkeys -skip_keycodes string + -sloppy_keys -skip_dups -noskip_dups + -add_keysyms -noadd_keysyms -clear_mods + -clear_keys -clear_all -remap string + -norepeat -repeat -nofb + -nobell -nosel -noprimary + -nosetprimary -noclipboard -nosetclipboard + -seldir string -cursor [mode] -nocursor + -cursor_drag -arrow n -noxfixes + -alphacut n -alphafrac fraction -alpharemove + -noalphablend -nocursorshape -cursorpos + -nocursorpos -xwarppointer -noxwarppointer + -buttonmap string -nodragging -ncache n + -ncache_cr -ncache_no_moveraise -ncache_no_dtchange + -ncache_no_rootpixmap -ncache_keep_anims -ncache_old_wm + -ncache_pad n -debug_ncache -wireframe [str] + -nowireframe -nowireframelocal -wirecopyrect mode + -nowirecopyrect -debug_wireframe -scrollcopyrect mode + -noscrollcopyrect -scr_area n -scr_skip list + -scr_inc list -scr_keys list -scr_term list + -scr_keyrepeat lo-hi -scr_parms string -fixscreen string + -debug_scroll -noxrecord -grab_buster + -nograb_buster -debug_grabs -debug_sel + -pointer_mode n -input_skip n -allinput + -input_eagerly -speeds rd,bw,lat -wmdt string + -debug_pointer -debug_keyboard -defer time + -wait time -extra_fbur n -wait_ui factor + -setdefer n -nowait_bog -slow_fb time + -xrefresh time -nap -nonap + -sb time -readtimeout n -ping n + -nofbpm -fbpm -nodpms + -dpms -forcedpms -clientdpms + -noserverdpms -noultraext -chatwindow + -noxdamage -xd_area A -xd_mem f + -sigpipe string -threads -nothreads + -fs f -gaps n -grow n + -fuzz n -debug_tiles -snapfb + -rawfb string -freqtab file -pipeinput cmd + -macnodim -macnosleep -macnosaver + -macnowait -macwheel n -macnoswap + -macnoresize -maciconanim n -macmenu + -macuskbd -gui [gui-opts] -remote command + -query variable -QD variable -sync + -query_retries str -remote_prefix str -noremote + -yesremote -unsafe -safer + -privremote -nocmds -allowedcmds list + -deny_all libvncserver options: -rfbport port TCP port for RFB protocol @@ -13482,7 +12201,7 @@ libvncserver-tight-extension options: % x11vnc -help -x11vnc: allow VNC connections to real X11 displays. 0.9.10 lastmod: 2010-03-20 +x11vnc: allow VNC connections to real X11 displays. 0.9.10 lastmod: 2010-04-08 (type "x11vnc -opts" to just list the options.) @@ -13573,6 +12292,32 @@ Options: then the x11vnc -gui is used to prompt the user to enter the port number. +-6 IPv6 listening support. In addition to IPv4, the + IPv6 address is listened on for incoming connections. + The same port as IPv4 is used to listen. If you have + trouble compiling for this mode, set -DX11VNC_IPV6=0 + in CPPFLAGS when configuring. + + Currently, the machine may need to have some IPv4 + support, at the least for the loopback interface, for + everything to work correctly. However for most usage + modes IPv4 support is not required. + + The -6 mode works for both normal connections and + -ssl encrypted ones. Nearly everything is supported + for the IPv6 case, but there are a few exceptions. + See -stunnel for its IPv6 support. + +-noipv6 Do not try to use IPv6 for any listening or connecting + sockets. This includes both the listening service + port(s) and outgoing connections from -connect, + -connect_or_exit, or -proxy. Use this if you are having + problems due to IPv6. + +-noipv4 Do not try to use IPv4 for any listening or connecting + sockets. This is mainly for exploring the behavior of + x11vnc on an IPv6-only system, but may have other uses. + -reopen If the X server connection is disconnected, try to reopen the X display (up to one time.) This is of use for display managers like GDM (KillInitClients option) @@ -14022,6 +12767,13 @@ Options: See also the -proxy option below for additional ways to plumb reverse connections. + IPv6: as of x11vnc 0.9.10 the -connect option should + connect to IPv6 hosts properly. If there are problems + you can disable IPv6 by setting -DX11VNC_IPV6=0 + in CPPFLAGS when configuring. If there problems + connecting to IPv6 hosts consider a relay like the + included inet6to4 script or the -proxy option. + -connect_or_exit str As with -connect, except if none of the reverse connections succeed, then x11vnc shuts down immediately @@ -14087,6 +12839,13 @@ Options: E.g.: http://host1:port1,socks5://host2:port2 or three like: first,second,third + IPv6: as of x11vnc 0.9.10 the -proxy option should + connect to IPv6 hosts properly. If there are problems + you can disable IPv6 by setting -DX11VNC_IPV6=0 + in CPPFLAGS when configuring. If there problems + connecting to IPv6 hosts consider a relay like the + included inet6to4 script. + -vncconnect Monitor the VNC_CONNECT X property set by the standard -novncconnect VNC program vncconnect(1). When the property is set to "host" or "host:port" establish a reverse @@ -14116,6 +12875,9 @@ Options: -allow applies in -ssl mode, but not in -stunnel mode. + IPv6: as of x11vnc 0.9.10 a host can be specified + in IPv6 numerical format, e.g. 2001:4860:b009::93. + -localhost Basically the same as "-allow 127.0.0.1". Note: if you want to restrict which network interface @@ -14135,6 +12897,14 @@ Options: or plan to use remote control: -R connect:host), use -rfbport 0 + IPv6: if IPv6 is supported, this option automatically + implies the IPv6 loopback address '::1' as well. + +-listen6 str When in IPv6 listen mode "-6", only listen on the + network interface with address "str". It currently + does not work for link scope addresses or non-numeric + hostname strings. + -nolookup Do not use gethostbyname() or gethostbyaddr() to look up host names or IP numbers. Use this if name resolution is incorrectly set up and leads to long pauses as name @@ -14681,7 +13451,7 @@ Options: This mode only allows one redirected connection. The -forever option does not apply. Use -inetd or - -loop for persistant service. + -loop for persistent service. -display_WAIT :... A special usage mode for the normal -display option. Useful with -unixpw, but can be used independently @@ -14772,6 +13542,10 @@ Options: if the viewer-side supplied value is not completely composed of alphanumeric or '_' or '-' characters. + To troubleshoot the FINDCREATEDISPLAY mechanism, + set the following env. var. to an ouput log file, + e.g -env CREATE_DISPLAY_OUTPUT=/tmp/mydebug.txt + To disable the option setting set the environment variable X11VNC_NO_UNIXPW_OPTS=1 before starting x11vnc. To set any other options, the user can use the gui @@ -15651,15 +14425,25 @@ Options: Set -env STUNNEL_DEBUG=1 for more debugging printout. + Set -env STUNNEL_PROG=xxx to the full path of stunnel + program you want to be used (e.g. /usr/bin/stunnel4). + + Set -env STUNNEL_LISTEN=xxx to the address of the + network interface to listen on (the default is to listen + on all interfaces), e.g. STUNNEL_LISTEN=192.168.1.100. + + A simple way to add IPv6 support is STUNNEL_LISTEN=:: + Your VNC viewer will also need to be able to connect via SSL. Unfortunately not too many do this. See the information about SSL viewers under the -ssl option. + The x11vnc project's SSVNC is an option. Also, in the x11vnc distribution, patched TightVNC and UltraVNC Java applet jar files are provided in the classes/ssl directory that do SSL connections. - Enable serving them with the -http, -http_ssl, -https, - or -httpdir (see the option descriptions for more info.) + Enable serving them with the -http, -http_ssl, or + -httpdir (see the option descriptions for more info.) Note that for the Java viewer applet usage the "?PORT=xxxx" in the various URLs printed at startup @@ -17230,6 +16014,9 @@ t -allinput Have x11vnc read and process all available client input before proceeding. +-input_eagerly Similar to -allinput but use the handleEventsEagerly + mechanism built into LibVNCServer. + -speeds rd,bw,lat x11vnc tries to estimate some speed parameters that are used to optimize scheduling (e.g. -pointer_mode 4, -wireframe, -scrollcopyrect) and other things. @@ -18255,6 +17042,13 @@ n localhost enable -localhost mode nolocalhost disable -localhost mode listen:str set -listen to str, empty to disable. + noipv6 enable -noipv6 mode. + ipv6 disable -noipv6 mode. + noipv4 enable -noipv4 mode. + ipv4 disable -noipv4 mode. + 6 enable -6 IPv6 listening mode. + no6 disable -6 IPv6 listening mode. + lookup disable -nolookup mode. nolookup enable -nolookup mode. lookup disable -nolookup mode. input:str set -input to "str", empty to disable. @@ -18417,6 +17211,8 @@ n input_skip:n set -input_skip to n. allinput enable use of -allinput mode. noallinput disable use of -allinput mode. + input_eagerly enable use of -input_eagerly mode. + noinput_eagerly disable use of -input_eagerly mode. ssltimeout:n set -ssltimeout to n. speeds:str set -speeds to str. wmdt:str set -wmdt to str. @@ -18675,52 +17471,54 @@ n 8to24_opts 24to32 no24to32 visual scale scale_cursor viewonly noviewonly shared noshared forever noforever once timeout tightfilexfer notightfilexfer ultrafilexfer - noultrafilexfer rfbversion deny lock nodeny unlock - avahi mdns zeroconf noavahi nomdns nozeroconf connect - proxy allowonce allow localhost nolocalhost listen - lookup nolookup accept afteraccept gone shm noshm - flipbyteorder noflipbyteorder onetile noonetile - solid_color solid nosolid blackout xinerama noxinerama - xtrap noxtrap xrandr noxrandr xrandr_mode rotate padgeom - quiet q noquiet modtweak nomodtweak xkb noxkb capslock - nocapslock skip_lockkeys noskip_lockkeys skip_keycodes - sloppy_keys nosloppy_keys skip_dups noskip_dups - add_keysyms noadd_keysyms clear_mods noclear_mods - clear_keys noclear_keys clear_all clear_locks keystate - remap repeat norepeat fb nofb bell nobell sendbell - sel nosel primary noprimary setprimary nosetprimary - clipboard noclipboard setclipboard nosetclipboard - seldir cursorshape nocursorshape cursorpos nocursorpos - cursor_drag nocursor_drag cursor show_cursor - noshow_cursor nocursor arrow xfixes noxfixes xdamage - noxdamage xd_area xd_mem alphacut alphafrac alpharemove - noalpharemove alphablend noalphablend xwarppointer - xwarp noxwarppointer noxwarp buttonmap dragging - nodragging ncache_cr noncache_cr ncache_no_moveraise - noncache_no_moveraise ncache_no_dtchange - noncache_no_dtchange ncache_no_rootpixmap - noncache_no_rootpixmap ncache_reset_rootpixmap ncrp - ncache_keep_anims noncache_keep_anims ncache_old_wm - noncache_old_wm ncache_pad ncache noncache ncache_size - debug_ncache nodebug_ncache wireframe_mode wireframe wf - nowireframe nowf wireframelocal wfl nowireframelocal - nowfl wirecopyrect wcr nowirecopyrect nowcr scr_area + noultrafilexfer rfbversion deny lock nodeny unlock avahi + mdns zeroconf noavahi nomdns nozeroconf connect proxy + allowonce allow noipv6 ipv6 noipv4 ipv4 no6 6 localhost + nolocalhost listen lookup nolookup accept afteraccept + gone shm noshm flipbyteorder noflipbyteorder onetile + noonetile solid_color solid nosolid blackout xinerama + noxinerama xtrap noxtrap xrandr noxrandr xrandr_mode + rotate padgeom quiet q noquiet modtweak nomodtweak xkb + noxkb capslock nocapslock skip_lockkeys noskip_lockkeys + skip_keycodes sloppy_keys nosloppy_keys skip_dups + noskip_dups add_keysyms noadd_keysyms clear_mods + noclear_mods clear_keys noclear_keys clear_all + clear_locks keystate remap repeat norepeat fb nofb bell + nobell sendbell sel nosel primary noprimary setprimary + nosetprimary clipboard noclipboard setclipboard + nosetclipboard seldir cursorshape nocursorshape + cursorpos nocursorpos cursor_drag nocursor_drag cursor + show_cursor noshow_cursor nocursor arrow xfixes + noxfixes xdamage noxdamage xd_area xd_mem alphacut + alphafrac alpharemove noalpharemove alphablend + noalphablend xwarppointer xwarp noxwarppointer + noxwarp buttonmap dragging nodragging ncache_cr + noncache_cr ncache_no_moveraise noncache_no_moveraise + ncache_no_dtchange noncache_no_dtchange + ncache_no_rootpixmap noncache_no_rootpixmap + ncache_reset_rootpixmap ncrp ncache_keep_anims + noncache_keep_anims ncache_old_wm noncache_old_wm + ncache_pad ncache noncache ncache_size debug_ncache + nodebug_ncache wireframe_mode wireframe wf nowireframe + nowf wireframelocal wfl nowireframelocal nowfl + wirecopyrect wcr nowirecopyrect nowcr scr_area scr_skip scr_inc scr_keys scr_term scr_keyrepeat scr_parms scrollcopyrect scr noscrollcopyrect noscr fixscreen noxrecord xrecord reset_record - pointer_mode pm input_skip allinput noallinput input - grabkbd nograbkbd grabptr nograbptr grabalways - nograbalways grablocal client_input ssltimeout - speeds wmdt debug_pointer dp nodebug_pointer nodp - debug_keyboard dk nodebug_keyboard nodk keycode keysym - ptr fakebuttonevent sleep get_xprop set_xprop wininfo - bcx_xattach deferupdate defer setdefer extra_fbur - wait_ui wait_bog nowait_bog slow_fb xrefresh wait - readtimeout nap nonap sb screen_blank fbpm nofbpm dpms - nodpms clientdpms noclientdpms forcedpms noforcedpms - noserverdpms serverdpms noultraext ultraext chatwindow - nochatwindow chaton chatoff fs gaps grow fuzz snapfb - nosnapfb rawfb uinput_accel uinput_thresh uinput_reset + pointer_mode pm input_skip allinput noallinput + input_eagerly noinput_eagerly input grabkbd nograbkbd + grabptr nograbptr grabalways nograbalways grablocal + client_input ssltimeout speeds wmdt debug_pointer dp + nodebug_pointer nodp debug_keyboard dk nodebug_keyboard + nodk keycode keysym ptr fakebuttonevent sleep get_xprop + set_xprop wininfo bcx_xattach deferupdate defer + setdefer extra_fbur wait_ui wait_bog nowait_bog + slow_fb xrefresh wait readtimeout nap nonap sb + screen_blank fbpm nofbpm dpms nodpms clientdpms + noclientdpms forcedpms noforcedpms noserverdpms + serverdpms noultraext ultraext chatwindow nochatwindow + chaton chatoff fs gaps grow fuzz snapfb nosnapfb + rawfb uinput_accel uinput_thresh uinput_reset uinput_always progressive rfbport http nohttp httpport httpdir enablehttpproxy noenablehttpproxy alwaysshared noalwaysshared nevershared noalwaysshared dontdisconnect @@ -18752,7 +17550,6 @@ n pointer_x pointer_y pointer_same pointer_root bpp depth indexed_color dpy_x dpy_y wdpy_x wdpy_y off_x off_y cdpy_x cdpy_y coff_x coff_y rfbauth passwd viewpasswd - -QD variable Just like -query variable, but returns the default value for that parameter (no running x11vnc server is consulted) @@ -18898,11 +17695,7 @@ libvncserver-tight-extension options: -disablefiletransfer disable file transfer -ftproot string set ftp root - Pretty wild huh? [1]Contact me if you have any questions or problems. + Pretty wild huh? Contact me if you have any questions or problems. Personally, I use: x11vnc -rfbauth $HOME/.vnc/passwd -solid - -References - - 1. mailto:xvml@karlrunge.com diff --git a/x11vnc/connections.c b/x11vnc/connections.c index 25eb86a..f465325 100644 --- a/x11vnc/connections.c +++ b/x11vnc/connections.c @@ -92,6 +92,7 @@ void send_client_info(char *str); void adjust_grabs(int grab, int quiet); void check_new_clients(void); int accept_client(rfbClientPtr client); +void check_ipv6_listen(long usec); int run_user_command(char *cmd, rfbClientPtr client, char *mode, char *input, int len, FILE *output); int check_access(char *addr); @@ -168,6 +169,7 @@ char *list_clients(void) { iter = rfbGetClientIterator(screen); while( (cl = rfbClientIteratorNext(iter)) ) { ClientData *cd = (ClientData *) cl->clientData; + char *tmp_host, *p; if (! cd) { continue; @@ -177,7 +179,13 @@ char *list_clients(void) { } sprintf(tmp, "0x%x:", cd->uid); strcat(list, tmp); - strcat(list, cl->host); + p = tmp_host = strdup(cl->host); + while (*p) { + if (*p == ':') *p = '#'; + p++; + } + strcat(list, tmp_host); + free(tmp_host); strcat(list, ":"); sprintf(tmp, "%d:", cd->client_port); strcat(list, tmp); @@ -197,7 +205,13 @@ char *list_clients(void) { strcat(list, cd->unixname); } strcat(list, ":"); - strcat(list, cd->hostname); + p = tmp_host = strdup(cd->hostname); + while (*p) { + if (*p == ':') *p = '#'; + p++; + } + strcat(list, tmp_host); + free(tmp_host); strcat(list, ":"); strcat(list, cd->input); strcat(list, ":"); @@ -292,7 +306,9 @@ static rfbClientPtr *client_match(char *str) { port = 5500 + port; } } - if (! dotted_ip(str)) { + if (ipv6_ip(str)) { + ; + } else if (! dotted_ip(str)) { char *orig = rstr; rstr = host2ip(rstr); free(orig); @@ -891,13 +907,16 @@ void client_gone(rfbClientPtr client) { client->state == RFB_AUTHENTICATION || client->state == RFB_INITIALISATION) && accepted_client) { rfbLog("connect_once: invalid password or early " - "disconnect.\n"); + "disconnect. %d\n", client->state); rfbLog("connect_once: waiting for next connection.\n"); accepted_client--; if (accepted_client < 0) { accepted_client = 0; } CLIENT_UNLOCK; + if (connect_or_exit) { + clean_up_exit(1); + } return; } if (shared && client_count > 0) { @@ -913,7 +932,11 @@ void client_gone(rfbClientPtr client) { kill(gui_pid, SIGTERM); } CLIENT_UNLOCK; - clean_up_exit(0); + if (connect_or_exit) { + clean_up_exit(1); + } else { + clean_up_exit(0); + } } #ifdef MACOSX if (macosx_console && client_count == 0) { @@ -1042,7 +1065,9 @@ int check_access(char *addr) { p = strtok(NULL, ", \t\n\r"); continue; } - if (! dotted_ip(p)) { + if (ipv6_ip(p)) { + chk = p; + } else if (! dotted_ip(p)) { r = host2ip(p); if (r == NULL || *r == '\0') { rfbLog("check_access: bad lookup \"%s\"\n", p); @@ -1054,26 +1079,37 @@ int check_access(char *addr) { } else { chk = p; } + if (getenv("X11VNC_DEBUG_ACCESS")) fprintf(stderr, "chk: %s part: %s addr: %s\n", chk, p, addr); q = strstr(addr, chk); - if (chk[strlen(chk)-1] != '.') { + if (ipv6_ip(addr)) { + if (!strcmp(chk, "localhost") && !strcmp(addr, "::1")) { + rfbLog("check_access: client addr %s is local.\n", addr); + allowed = 1; + } else if (!strcmp(chk, "::1") && !strcmp(addr, "::1")) { + rfbLog("check_access: client addr %s is local.\n", addr); + allowed = 1; + } else if (!strcmp(chk, "127.0.0.1") && !strcmp(addr, "::1")) { + /* this if for host2ip("localhost") */ + rfbLog("check_access: client addr %s is local.\n", addr); + allowed = 1; + } else if (q == addr) { + rfbLog("check_access: client %s matches pattern %s\n", addr, chk); + allowed = 1; + } + } else if (chk[strlen(chk)-1] != '.') { if (!strcmp(addr, chk)) { if (chk != p) { - rfbLog("check_access: client %s " - "matches host %s=%s\n", addr, - chk, p); + rfbLog("check_access: client %s " "matches host %s=%s\n", addr, chk, p); } else { - rfbLog("check_access: client %s " - "matches host %s\n", addr, chk); + rfbLog("check_access: client %s " "matches host %s\n", addr, chk); } allowed = 1; - } else if(!strcmp(chk, "localhost") && - !strcmp(addr, "127.0.0.1")) { + } else if(!strcmp(chk, "localhost") && !strcmp(addr, "127.0.0.1")) { allowed = 1; } } else if (q == addr) { - rfbLog("check_access: client %s matches pattern %s\n", - addr, chk); + rfbLog("check_access: client %s matches pattern %s\n", addr, chk); allowed = 1; } p = strtok(NULL, ", \t\n\r"); @@ -1691,6 +1727,121 @@ int accept_client(rfbClientPtr client) { /* return 0; NOTREACHED */ } +void check_ipv6_listen(long usec) { +#if X11VNC_IPV6 + fd_set fds; + struct timeval tv; + int nfds, csock = -1, one = 1; + struct sockaddr_in6 addr; + socklen_t addrlen = sizeof(addr); + rfbClientPtr cl; + int nmax = 0; + char *name; + + if (!ipv6_listen || noipv6) { + return; + } + if (ipv6_listen_fd < 0 && ipv6_http_fd < 0) { + return; + } + + FD_ZERO(&fds); + if (ipv6_listen_fd >= 0) { + FD_SET(ipv6_listen_fd, &fds); + nmax = ipv6_listen_fd; + } + if (ipv6_http_fd >= 0 && screen->httpSock < 0) { + FD_SET(ipv6_http_fd, &fds); + if (ipv6_http_fd > nmax) { + nmax = ipv6_http_fd; + } + } + + tv.tv_sec = 0; + tv.tv_usec = 0; + + nfds = select(nmax+1, &fds, NULL, NULL, &tv); + + if (nfds <= 0) { + return; + } + + if (ipv6_listen_fd >= 0 && FD_ISSET(ipv6_listen_fd, &fds)) { + + csock = accept(ipv6_listen_fd, (struct sockaddr *)&addr, &addrlen); + if (csock < 0) { + rfbLogPerror("check_ipv6_listen: accept"); + goto err1; + } + if (fcntl(csock, F_SETFL, O_NONBLOCK) < 0) { + rfbLogPerror("check_ipv6_listen: fcntl"); + close(csock); + goto err1; + } + if (setsockopt(csock, IPPROTO_TCP, TCP_NODELAY, + (char *)&one, sizeof(one)) < 0) { + rfbLogPerror("check_ipv6_listen: setsockopt"); + close(csock); + goto err1; + } + + name = ipv6_getipaddr((struct sockaddr *) &addr, addrlen); + + ipv6_client_ip_str = name; + cl = rfbNewClient(screen, csock); + ipv6_client_ip_str = NULL; + if (cl == NULL) { + close(csock); + goto err1; + } + + if (name) { + if (cl->host) { + free(cl->host); + } + cl->host = name; + rfbLog("ipv6 client: %s\n", name); + } + } + + err1: + + if (ipv6_http_fd >= 0 && FD_ISSET(ipv6_http_fd, &fds)) { + + csock = accept(ipv6_http_fd, (struct sockaddr *)&addr, &addrlen); + if (csock < 0) { + rfbLogPerror("check_ipv6_listen: accept"); + return; + } + if (fcntl(csock, F_SETFL, O_NONBLOCK) < 0) { + rfbLogPerror("check_ipv6_listen: fcntl"); + close(csock); + return; + } + if (setsockopt(csock, IPPROTO_TCP, TCP_NODELAY, + (char *)&one, sizeof(one)) < 0) { + rfbLogPerror("check_ipv6_listen: setsockopt"); + close(csock); + return; + } + + rfbLog("check_ipv6_listen: setting httpSock to %d\n", csock); + screen->httpSock = csock; + + if (screen->httpListenSock < 0) { + /* this may not always work... */ + int save = screen->httpListenSock; + screen->httpListenSock = ipv6_http_fd; + rfbLog("check_ipv6_listen: no httpListenSock, calling rfbHttpCheckFds()\n"); + rfbHttpCheckFds(screen); + screen->httpListenSock = save; + } + } +#else + if (usec) {} +#endif +} + /* * For the -connect <file> option: periodically read the file looking for * a connect string. If one is found set client_connect to it. @@ -2093,7 +2244,7 @@ static int pconnect(int psock, char *host, int port, int type, char *http_path, } if (newhost && newport > 0) { rfbLog("proxy GET reconnect to: %s:%d\n", newhost, newport); - pxy_get_sock = rfbConnectToTcpAddr(newhost, newport); + pxy_get_sock = connect_tcp(newhost, newport); } } free(req); @@ -2263,10 +2414,10 @@ static int proxy_connect(char *host, int port) { psock = -1; goto pxy_clean; } - psock = rfbConnectToTcpAddr("localhost", sport); + psock = connect_tcp("localhost", sport); } else { - psock = rfbConnectToTcpAddr(pxy_h[0], pxy_p[0]); + psock = connect_tcp(pxy_h[0], pxy_p[0]); } if (psock < 0) { @@ -2462,7 +2613,7 @@ static int do_reverse_connect(char *str_in) { host[len] = '\0'; /* extract port, if any */ - if ((p = strchr(host, ':')) != NULL) { + if ((p = strrchr(host, ':')) != NULL) { rport = atoi(p+1); if (rport < 0) { rport = -rport; @@ -2472,12 +2623,17 @@ static int do_reverse_connect(char *str_in) { *p = '\0'; } + if (ipv6_client_ip_str) { + free(ipv6_client_ip_str); + ipv6_client_ip_str = NULL; + } + if (use_openssl) { int vncsock; if (connect_proxy) { vncsock = proxy_connect(host, rport); } else { - vncsock = rfbConnectToTcpAddr(host, rport); + vncsock = connect_tcp(host, rport); } if (vncsock < 0) { rfbLog("reverse_connect: failed to connect to: %s\n", str); @@ -2488,7 +2644,7 @@ static int do_reverse_connect(char *str_in) { free(prestring); } /* XXX use header */ -#define OPENSSL_REVERSE 4 +#define OPENSSL_REVERSE 6 openssl_init(1); if (first_conn_timeout > 0) { @@ -2560,7 +2716,7 @@ static int do_reverse_connect(char *str_in) { return 0; } } else if (prestring != NULL) { - int sock = rfbConnectToTcpAddr(host, rport); + int sock = connect_tcp(host, rport); if (set_alarm) {alarm(0); signal(SIGALRM, SIG_DFL);} if (sock >= 0) { write(sock, prestring, prestring_len); @@ -2571,6 +2727,12 @@ static int do_reverse_connect(char *str_in) { } } else { cl = rfbReverseConnection(screen, host, rport); + if (cl == NULL) { + int sock = connect_tcp(host, rport); + if (sock >= 0) { + cl = create_new_client(sock, 1); + } + } if (set_alarm) {alarm(0); signal(SIGALRM, SIG_DFL);} if (cl != NULL && use_threads) { cl->onHold = FALSE; @@ -2580,6 +2742,12 @@ static int do_reverse_connect(char *str_in) { free(host); + if (ipv6_client_ip_str) { + free(ipv6_client_ip_str); + ipv6_client_ip_str = NULL; + } + + if (cl == NULL) { if (quiet && connect_or_exit) { rfbLogEnable(1); @@ -2699,7 +2867,7 @@ void reverse_connect(char *str) { rfbLog("killing gui_pid %d\n", gui_pid); kill(gui_pid, SIGTERM); } - clean_up_exit(0); + clean_up_exit(1); } if (xrandr || xrandr_maybe) { check_xrandr_event("reverse_connect1"); @@ -2768,7 +2936,7 @@ void reverse_connect(char *str) { rfbLog("killing gui_pid %d\n", gui_pid); kill(gui_pid, SIGTERM); } - clean_up_exit(0); + clean_up_exit(1); } } if (xrandr || xrandr_maybe) { @@ -2924,6 +3092,8 @@ void read_x11vnc_remote_prop(int nomsg) { #endif /* NO_X11 */ } +extern int rc_npieces; + void grab_state(int *ptr_grabbed, int *kbd_grabbed) { int rcp, rck; double t0, t1; @@ -2965,8 +3135,10 @@ void grab_state(int *ptr_grabbed, int *kbd_grabbed) { if (rck == AlreadyGrabbed || rck == GrabFrozen) { *kbd_grabbed = 1; } - rfbLog("grab_state: checked %d,%d in %.6f sec (%.6f %.6f)\n", - *ptr_grabbed, *kbd_grabbed, t1-t0, tb-ta, tc-tb); + if (rc_npieces < 10) { + rfbLog("grab_state: checked %d,%d in %.6f sec (%.6f %.6f)\n", + *ptr_grabbed, *kbd_grabbed, t1-t0, tb-ta, tc-tb); + } #endif } @@ -3715,6 +3887,15 @@ enum rfbNewClientAction new_client(rfbClientPtr client) { } } + if (ipv6_client_ip_str != NULL) { + rfbLog("renaming client->host from '%s' to '%s'\n", + client->host ? client->host : "", ipv6_client_ip_str); + if (client->host) { + free(client->host); + } + client->host = strdup(ipv6_client_ip_str); + } + if (! check_access(client->host)) { rfbLog("denying client: %s does not match %s\n", client->host, allow_list ? allow_list : "(null)" ); @@ -3945,10 +4126,10 @@ void start_client_info_sock(char *host_port_cookie) { free(host); host = strdup("localhost"); } - sock = rfbConnectToTcpAddr(host, port); + sock = connect_tcp(host, port); if (sock < 0) { usleep(200 * 1000); - sock = rfbConnectToTcpAddr(host, port); + sock = connect_tcp(host, port); } if (sock >= 0) { char *lst = list_clients(); diff --git a/x11vnc/connections.h b/x11vnc/connections.h index 2edfab0..a646bc5 100644 --- a/x11vnc/connections.h +++ b/x11vnc/connections.h @@ -68,6 +68,7 @@ extern void send_client_info(char *str); extern void adjust_grabs(int grab, int quiet); extern void check_new_clients(void); extern int accept_client(rfbClientPtr client); +extern void check_ipv6_listen(long usec); extern int run_user_command(char *cmd, rfbClientPtr client, char *mode, char *input, int len, FILE *output); extern int check_access(char *addr); diff --git a/x11vnc/enc.h b/x11vnc/enc.h index 37877df..4dca954 100644 --- a/x11vnc/enc.h +++ b/x11vnc/enc.h @@ -66,7 +66,7 @@ so, delete this exception statement from your version. * without using SSH or SSL. * * ----------------------------------------------------------------------- - * Copyright (C) 2008-2009 Karl J. Runge <runge@karlrunge.com> + * Copyright (C) 2008-2010 Karl J. Runge <runge@karlrunge.com> * All rights reserved. * * This is free software; you can redistribute it and/or modify diff --git a/x11vnc/help.c b/x11vnc/help.c index 7a89a32..55ad36a 100644 --- a/x11vnc/help.c +++ b/x11vnc/help.c @@ -141,6 +141,34 @@ void print_help(int mode) { " then the x11vnc -gui is used to prompt the user to\n" " enter the port number.\n" "\n" +#if X11VNC_IPV6 +"-6 IPv6 listening support. In addition to IPv4, the\n" +" IPv6 address is listened on for incoming connections.\n" +" The same port as IPv4 is used to listen. If you have\n" +" trouble compiling for this mode, set -DX11VNC_IPV6=0\n" +" in CPPFLAGS when configuring.\n" +"\n" +" Currently, the machine may need to have some IPv4\n" +" support, at the least for the loopback interface, for\n" +" everything to work correctly. However for most usage\n" +" modes IPv4 support is not required.\n" +"\n" +" The -6 mode works for both normal connections and\n" +" -ssl encrypted ones. Nearly everything is supported\n" +" for the IPv6 case, but there are a few exceptions.\n" +" See -stunnel for its IPv6 support.\n" +"\n" +"-noipv6 Do not try to use IPv6 for any listening or connecting\n" +" sockets. This includes both the listening service\n" +" port(s) and outgoing connections from -connect,\n" +" -connect_or_exit, or -proxy. Use this if you are having\n" +" problems due to IPv6.\n" +"\n" +"-noipv4 Do not try to use IPv4 for any listening or connecting\n" +" sockets. This is mainly for exploring the behavior of\n" +" x11vnc on an IPv6-only system, but may have other uses.\n" +"\n" +#endif "-reopen If the X server connection is disconnected, try to\n" " reopen the X display (up to one time.) This is of use\n" " for display managers like GDM (KillInitClients option)\n" @@ -597,6 +625,13 @@ void print_help(int mode) { " See also the -proxy option below for additional ways\n" " to plumb reverse connections.\n" "\n" +" IPv6: as of x11vnc 0.9.10 the -connect option should\n" +" connect to IPv6 hosts properly. If there are problems\n" +" you can disable IPv6 by setting -DX11VNC_IPV6=0\n" +" in CPPFLAGS when configuring. If there problems\n" +" connecting to IPv6 hosts consider a relay like the\n" +" included inet6to4 script or the -proxy option.\n" +"\n" "-connect_or_exit str As with -connect, except if none of the reverse\n" " connections succeed, then x11vnc shuts down immediately\n" "\n" @@ -662,6 +697,13 @@ void print_help(int mode) { " E.g.: http://host1:port1,socks5://host2:port2 or three\n" " like: first,second,third\n" "\n" +" IPv6: as of x11vnc 0.9.10 the -proxy option should\n" +" connect to IPv6 hosts properly. If there are problems\n" +" you can disable IPv6 by setting -DX11VNC_IPV6=0\n" +" in CPPFLAGS when configuring. If there problems\n" +" connecting to IPv6 hosts consider a relay like the\n" +" included inet6to4 script.\n" +"\n" "-vncconnect Monitor the VNC_CONNECT X property set by the standard\n" "-novncconnect VNC program vncconnect(1). When the property is\n" " set to \"host\" or \"host:port\" establish a reverse\n" @@ -691,6 +733,9 @@ void print_help(int mode) { "\n" " -allow applies in -ssl mode, but not in -stunnel mode.\n" "\n" +" IPv6: as of x11vnc 0.9.10 a host can be specified\n" +" in IPv6 numerical format, e.g. 2001:4860:b009::93.\n" +"\n" "-localhost Basically the same as \"-allow 127.0.0.1\".\n" "\n" " Note: if you want to restrict which network interface\n" @@ -710,6 +755,16 @@ void print_help(int mode) { " or plan to use remote control: -R connect:host), use\n" " -rfbport 0\n" "\n" +" IPv6: if IPv6 is supported, this option automatically\n" +" implies the IPv6 loopback address '::1' as well.\n" +"\n" +#if X11VNC_IPV6 +"-listen6 str When in IPv6 listen mode \"-6\", only listen on the\n" +" network interface with address \"str\". It currently\n" +" does not work for link scope addresses or non-numeric\n" +" hostname strings.\n" +"\n" +#endif "-nolookup Do not use gethostbyname() or gethostbyaddr() to look up\n" " host names or IP numbers. Use this if name resolution\n" " is incorrectly set up and leads to long pauses as name\n" @@ -1266,7 +1321,7 @@ void print_help(int mode) { "\n" " This mode only allows one redirected connection.\n" " The -forever option does not apply. Use -inetd or\n" -" -loop for persistant service.\n" +" -loop for persistent service.\n" "\n" "-display WAIT:... A special usage mode for the normal -display option.\n" " Useful with -unixpw, but can be used independently\n" @@ -1357,6 +1412,10 @@ void print_help(int mode) { " if the viewer-side supplied value is not completely\n" " composed of alphanumeric or '_' or '-' characters.\n" "\n" +" To troubleshoot the FINDCREATEDISPLAY mechanism,\n" +" set the following env. var. to an ouput log file,\n" +" e.g -env CREATE_DISPLAY_OUTPUT=/tmp/mydebug.txt\n" +"\n" " To disable the option setting set the environment\n" " variable X11VNC_NO_UNIXPW_OPTS=1 before starting x11vnc.\n" " To set any other options, the user can use the gui\n" @@ -2236,15 +2295,25 @@ void print_help(int mode) { "\n" " Set -env STUNNEL_DEBUG=1 for more debugging printout.\n" "\n" +" Set -env STUNNEL_PROG=xxx to the full path of stunnel\n" +" program you want to be used (e.g. /usr/bin/stunnel4).\n" +"\n" +" Set -env STUNNEL_LISTEN=xxx to the address of the\n" +" network interface to listen on (the default is to listen\n" +" on all interfaces), e.g. STUNNEL_LISTEN=192.168.1.100.\n" +"\n" +" A simple way to add IPv6 support is STUNNEL_LISTEN=::\n" +"\n" " Your VNC viewer will also need to be able to connect\n" " via SSL. Unfortunately not too many do this. See the\n" " information about SSL viewers under the -ssl option.\n" +" The x11vnc project's SSVNC is an option.\n" "\n" " Also, in the x11vnc distribution, patched TightVNC\n" " and UltraVNC Java applet jar files are provided in\n" " the classes/ssl directory that do SSL connections.\n" -" Enable serving them with the -http, -http_ssl, -https,\n" -" or -httpdir (see the option descriptions for more info.)\n" +" Enable serving them with the -http, -http_ssl, or\n" +" -httpdir (see the option descriptions for more info.)\n" "\n" " Note that for the Java viewer applet usage the\n" " \"?PORT=xxxx\" in the various URLs printed at startup\n" @@ -3815,6 +3884,9 @@ void print_help(int mode) { "-allinput Have x11vnc read and process all available client input\n" " before proceeding.\n" "\n" +"-input_eagerly Similar to -allinput but use the handleEventsEagerly\n" +" mechanism built into LibVNCServer.\n" +"\n" "-speeds rd,bw,lat x11vnc tries to estimate some speed parameters that\n" " are used to optimize scheduling (e.g. -pointer_mode\n" " 4, -wireframe, -scrollcopyrect) and other things.\n" @@ -4842,6 +4914,13 @@ void print_help(int mode) { " localhost enable -localhost mode\n" " nolocalhost disable -localhost mode\n" " listen:str set -listen to str, empty to disable.\n" +" noipv6 enable -noipv6 mode.\n" +" ipv6 disable -noipv6 mode.\n" +" noipv4 enable -noipv4 mode.\n" +" ipv4 disable -noipv4 mode.\n" +" 6 enable -6 IPv6 listening mode.\n" +" no6 disable -6 IPv6 listening mode.\n" +" lookup disable -nolookup mode.\n" " nolookup enable -nolookup mode.\n" " lookup disable -nolookup mode.\n" " input:str set -input to \"str\", empty to disable.\n" @@ -5005,6 +5084,8 @@ void print_help(int mode) { " input_skip:n set -input_skip to n.\n" " allinput enable use of -allinput mode.\n" " noallinput disable use of -allinput mode.\n" +" input_eagerly enable use of -input_eagerly mode.\n" +" noinput_eagerly disable use of -input_eagerly mode.\n" " ssltimeout:n set -ssltimeout to n.\n" " speeds:str set -speeds to str.\n" " wmdt:str set -wmdt to str.\n" @@ -5263,52 +5344,54 @@ void print_help(int mode) { " 8to24_opts 24to32 no24to32 visual scale scale_cursor\n" " viewonly noviewonly shared noshared forever noforever\n" " once timeout tightfilexfer notightfilexfer ultrafilexfer\n" -" noultrafilexfer rfbversion deny lock nodeny unlock\n" -" avahi mdns zeroconf noavahi nomdns nozeroconf connect\n" -" proxy allowonce allow localhost nolocalhost listen\n" -" lookup nolookup accept afteraccept gone shm noshm\n" -" flipbyteorder noflipbyteorder onetile noonetile\n" -" solid_color solid nosolid blackout xinerama noxinerama\n" -" xtrap noxtrap xrandr noxrandr xrandr_mode rotate padgeom\n" -" quiet q noquiet modtweak nomodtweak xkb noxkb capslock\n" -" nocapslock skip_lockkeys noskip_lockkeys skip_keycodes\n" -" sloppy_keys nosloppy_keys skip_dups noskip_dups\n" -" add_keysyms noadd_keysyms clear_mods noclear_mods\n" -" clear_keys noclear_keys clear_all clear_locks keystate\n" -" remap repeat norepeat fb nofb bell nobell sendbell\n" -" sel nosel primary noprimary setprimary nosetprimary\n" -" clipboard noclipboard setclipboard nosetclipboard\n" -" seldir cursorshape nocursorshape cursorpos nocursorpos\n" -" cursor_drag nocursor_drag cursor show_cursor\n" -" noshow_cursor nocursor arrow xfixes noxfixes xdamage\n" -" noxdamage xd_area xd_mem alphacut alphafrac alpharemove\n" -" noalpharemove alphablend noalphablend xwarppointer\n" -" xwarp noxwarppointer noxwarp buttonmap dragging\n" -" nodragging ncache_cr noncache_cr ncache_no_moveraise\n" -" noncache_no_moveraise ncache_no_dtchange\n" -" noncache_no_dtchange ncache_no_rootpixmap\n" -" noncache_no_rootpixmap ncache_reset_rootpixmap ncrp\n" -" ncache_keep_anims noncache_keep_anims ncache_old_wm\n" -" noncache_old_wm ncache_pad ncache noncache ncache_size\n" -" debug_ncache nodebug_ncache wireframe_mode wireframe wf\n" -" nowireframe nowf wireframelocal wfl nowireframelocal\n" -" nowfl wirecopyrect wcr nowirecopyrect nowcr scr_area\n" +" noultrafilexfer rfbversion deny lock nodeny unlock avahi\n" +" mdns zeroconf noavahi nomdns nozeroconf connect proxy\n" +" allowonce allow noipv6 ipv6 noipv4 ipv4 no6 6 localhost\n" +" nolocalhost listen lookup nolookup accept afteraccept\n" +" gone shm noshm flipbyteorder noflipbyteorder onetile\n" +" noonetile solid_color solid nosolid blackout xinerama\n" +" noxinerama xtrap noxtrap xrandr noxrandr xrandr_mode\n" +" rotate padgeom quiet q noquiet modtweak nomodtweak xkb\n" +" noxkb capslock nocapslock skip_lockkeys noskip_lockkeys\n" +" skip_keycodes sloppy_keys nosloppy_keys skip_dups\n" +" noskip_dups add_keysyms noadd_keysyms clear_mods\n" +" noclear_mods clear_keys noclear_keys clear_all\n" +" clear_locks keystate remap repeat norepeat fb nofb bell\n" +" nobell sendbell sel nosel primary noprimary setprimary\n" +" nosetprimary clipboard noclipboard setclipboard\n" +" nosetclipboard seldir cursorshape nocursorshape\n" +" cursorpos nocursorpos cursor_drag nocursor_drag cursor\n" +" show_cursor noshow_cursor nocursor arrow xfixes\n" +" noxfixes xdamage noxdamage xd_area xd_mem alphacut\n" +" alphafrac alpharemove noalpharemove alphablend\n" +" noalphablend xwarppointer xwarp noxwarppointer\n" +" noxwarp buttonmap dragging nodragging ncache_cr\n" +" noncache_cr ncache_no_moveraise noncache_no_moveraise\n" +" ncache_no_dtchange noncache_no_dtchange\n" +" ncache_no_rootpixmap noncache_no_rootpixmap\n" +" ncache_reset_rootpixmap ncrp ncache_keep_anims\n" +" noncache_keep_anims ncache_old_wm noncache_old_wm\n" +" ncache_pad ncache noncache ncache_size debug_ncache\n" +" nodebug_ncache wireframe_mode wireframe wf nowireframe\n" +" nowf wireframelocal wfl nowireframelocal nowfl\n" +" wirecopyrect wcr nowirecopyrect nowcr scr_area\n" " scr_skip scr_inc scr_keys scr_term scr_keyrepeat\n" " scr_parms scrollcopyrect scr noscrollcopyrect\n" " noscr fixscreen noxrecord xrecord reset_record\n" -" pointer_mode pm input_skip allinput noallinput input\n" -" grabkbd nograbkbd grabptr nograbptr grabalways\n" -" nograbalways grablocal client_input ssltimeout\n" -" speeds wmdt debug_pointer dp nodebug_pointer nodp\n" -" debug_keyboard dk nodebug_keyboard nodk keycode keysym\n" -" ptr fakebuttonevent sleep get_xprop set_xprop wininfo\n" -" bcx_xattach deferupdate defer setdefer extra_fbur\n" -" wait_ui wait_bog nowait_bog slow_fb xrefresh wait\n" -" readtimeout nap nonap sb screen_blank fbpm nofbpm dpms\n" -" nodpms clientdpms noclientdpms forcedpms noforcedpms\n" -" noserverdpms serverdpms noultraext ultraext chatwindow\n" -" nochatwindow chaton chatoff fs gaps grow fuzz snapfb\n" -" nosnapfb rawfb uinput_accel uinput_thresh uinput_reset\n" +" pointer_mode pm input_skip allinput noallinput\n" +" input_eagerly noinput_eagerly input grabkbd nograbkbd\n" +" grabptr nograbptr grabalways nograbalways grablocal\n" +" client_input ssltimeout speeds wmdt debug_pointer dp\n" +" nodebug_pointer nodp debug_keyboard dk nodebug_keyboard\n" +" nodk keycode keysym ptr fakebuttonevent sleep get_xprop\n" +" set_xprop wininfo bcx_xattach deferupdate defer\n" +" setdefer extra_fbur wait_ui wait_bog nowait_bog\n" +" slow_fb xrefresh wait readtimeout nap nonap sb\n" +" screen_blank fbpm nofbpm dpms nodpms clientdpms\n" +" noclientdpms forcedpms noforcedpms noserverdpms\n" +" serverdpms noultraext ultraext chatwindow nochatwindow\n" +" chaton chatoff fs gaps grow fuzz snapfb nosnapfb\n" +" rawfb uinput_accel uinput_thresh uinput_reset\n" " uinput_always progressive rfbport http nohttp httpport\n" " httpdir enablehttpproxy noenablehttpproxy alwaysshared\n" " noalwaysshared nevershared noalwaysshared dontdisconnect\n" @@ -5340,7 +5423,6 @@ void print_help(int mode) { " pointer_x pointer_y pointer_same pointer_root bpp depth\n" " indexed_color dpy_x dpy_y wdpy_x wdpy_y off_x off_y\n" " cdpy_x cdpy_y coff_x coff_y rfbauth passwd viewpasswd\n" -"\n" "-QD variable Just like -query variable, but returns the default\n" " value for that parameter (no running x11vnc server\n" " is consulted)\n" @@ -6087,7 +6169,7 @@ void print_license(void) { "\n" "x11vnc: a VNC server for X displays. %s\n" "\n" -"Copyright (C) 2002-2009 Karl J. Runge <runge@karlrunge.com>\n" +"Copyright (C) 2002-2010 Karl J. Runge <runge@karlrunge.com>\n" "All rights reserved.\n" "\n" ; diff --git a/x11vnc/inet.c b/x11vnc/inet.c index d63aef4..60e26f5 100644 --- a/x11vnc/inet.c +++ b/x11vnc/inet.c @@ -44,6 +44,7 @@ char *host2ip(char *host); char *raw2host(char *raw, int len); char *raw2ip(char *raw); char *ip2host(char *ip); +int ipv6_ip(char *host); int dotted_ip(char *host); int get_remote_port(int sock); int get_local_port(int sock); @@ -51,7 +52,13 @@ char *get_remote_host(int sock); char *get_local_host(int sock); char *ident_username(rfbClientPtr client); int find_free_port(int start, int end); +int find_free_port6(int start, int end); int have_ssh_env(void); +char *ipv6_getnameinfo(struct sockaddr *paddr, int addrlen); +char *ipv6_getipaddr(struct sockaddr *paddr, int addrlen); +int listen6(int port); +int connect_tcp(char *host, int port); +int listen_tcp(int port, in_addr_t iface, int try6); static int get_port(int sock, int remote); static char *get_host(int sock, int remote); @@ -126,6 +133,43 @@ char *ip2host(char *ip) { return str; } +int ipv6_ip(char *host_in) { + char *p, *host, a[2]; + int ncol = 0, nhex = 0; + + if (host_in[0] == '[') { + host = host_in + 1; + } else { + host = host_in; + } + + if (strstr(host, "::ffff:") == host) { + return dotted_ip(host + strlen("::ffff:")); + } + + a[1] = '\0'; + + p = host; + while (*p != '\0' && *p != '%' && *p != ']') { + if (*p == ':') { + ncol++; + } else { + nhex++; + } + a[0] = *p; + if (strpbrk(a, ":abcdef0123456789") == a) { + p++; + continue; + } + return 0; + } + if (ncol < 2 || ncol > 8 || nhex == 0) { + return 0; + } else { + return 1; + } +} + int dotted_ip(char *host) { char *p = host; while (*p != '\0') { @@ -251,7 +295,7 @@ char *ident_username(rfbClientPtr client) { signal(SIGQUIT, SIG_DFL); signal(SIGTERM, SIG_DFL); - if ((sock = rfbConnectToTcpAddr(client->host, 113)) < 0) { + if ((sock = connect_tcp(client->host, 113)) < 0) { exit(1); } else { close(sock); @@ -262,7 +306,7 @@ char *ident_username(rfbClientPtr client) { #endif if (block || refused) { ; - } else if ((sock = rfbConnectToTcpAddr(client->host, 113)) < 0) { + } else if ((sock = connect_tcp(client->host, 113)) < 0) { rfbLog("ident_username: could not connect to ident: %s:%d\n", client->host, 113); } else { @@ -356,7 +400,25 @@ int find_free_port(int start, int end) { end = 65530; } for (port = start; port <= end; port++) { - int sock = rfbListenOnTCPPort(port, htonl(INADDR_ANY)); + int sock = listen_tcp(port, htonl(INADDR_ANY), 0); + if (sock >= 0) { + close(sock); + return port; + } + } + return 0; +} + +int find_free_port6(int start, int end) { + int port; + if (start <= 0) { + start = 1024; + } + if (end <= 0) { + end = 65530; + } + for (port = start; port <= end; port++) { + int sock = listen6(port); if (sock >= 0) { close(sock); return port; @@ -428,3 +490,262 @@ if (0) fprintf(stderr, "%d/%d - '%s' '%s'\n", atoi(rport), atoi(lport), rhost, l return 0; } +char *ipv6_getnameinfo(struct sockaddr *paddr, int addrlen) { +#if X11VNC_IPV6 + char name[200]; + if (noipv6) { + return strdup("unknown"); + } + if (getnameinfo(paddr, addrlen, name, sizeof(name), NULL, 0, 0) == 0) { + return strdup(name); + } +#endif + return strdup("unknown"); +} + +char *ipv6_getipaddr(struct sockaddr *paddr, int addrlen) { +#if X11VNC_IPV6 + char name[200]; + if (noipv6) { + return strdup("unknown"); + } + if (getnameinfo(paddr, addrlen, name, sizeof(name), NULL, 0, NI_NUMERICHOST) == 0) { + return strdup(name); + } +#endif + return strdup("unknown"); +} + +int listen6(int port) { +#if X11VNC_IPV6 + struct sockaddr_in6 sin; + int fd = -1, one = 1; + + if (noipv6) { + return -1; + } + + fd = socket(AF_INET6, SOCK_STREAM, 0); + if (fd < 0) { + rfbLogPerror("listen6: socket"); + return -1; + } + + if (setsockopt(fd, SOL_SOCKET, SO_REUSEADDR, (char *)&one, sizeof(one)) < 0) { + rfbLogPerror("listen6: setsockopt1"); + close(fd); + return -1; + } + +#if defined(SOL_IPV6) && defined(IPV6_V6ONLY) + if (setsockopt(fd, SOL_IPV6, IPV6_V6ONLY, (char *)&one, sizeof(one)) < 0) { + rfbLogPerror("listen6: setsockopt2"); + close(fd); + return -1; + } +#endif + + memset((char *)&sin, 0, sizeof(sin)); + sin.sin6_family = AF_INET6; + sin.sin6_port = htons(port); + sin.sin6_addr = in6addr_any; + + if (listen_str6) { + if (!strcmp(listen_str6, "localhost")) { + sin.sin6_addr = in6addr_loopback; + } else if (ipv6_ip(listen_str6)) { + int err = inet_pton(AF_INET6, listen_str6, &(sin.sin6_addr)); + if (err <= 0) { + rfbLog("inet_pton[%d] failed -listen6 %s\n", err, listen_str6); + close(fd); + return -1; + } + } else { + rfbLog("Unsupported -listen6 string: %s\n", listen_str6); + close(fd); + return -1; + } + } else if (allow_list && !strcmp(allow_list, "127.0.0.1")) { + sin.sin6_addr = in6addr_loopback; + } else if (listen_str) { + if (!strcmp(listen_str, "localhost")) { + sin.sin6_addr = in6addr_loopback; + } + } + + if (bind(fd, (struct sockaddr *) &sin, sizeof(sin)) < 0) { + rfbLogPerror("listen6: bind"); + close(fd); + return -1; + } + if (listen(fd, 32) < 0) { + rfbLogPerror("listen6: listen"); + close(fd); + return -1; + } + return fd; +#else + if (port) {} + return -1; +#endif +} + +int connect_tcp(char *host, int port) { + double t0 = dnow(); + int fd = -1; + int fail4 = noipv4; + if (getenv("IPV4_FAILS")) { + fail4 = 2; + } + + rfbLog("connect_tcp: trying: %s %d\n", host, port); + + if (fail4) { + if (fail4 > 1) { + rfbLog("TESTING: IPV4_FAILS for connect_tcp.\n"); + } + } else { + fd = rfbConnectToTcpAddr(host, port); + } + + if (fd >= 0) { + return fd; + } + rfbLogPerror("connect_tcp: connection failed"); + + if (dnow() - t0 < 4.0) { + rfbLog("connect_tcp: re-trying %s %d\n", host, port); + usleep (100 * 1000); + if (!fail4) { + fd = rfbConnectToTcpAddr(host, port); + } + if (fd < 0) { + rfbLogPerror("connect_tcp: connection failed"); + } + } + + if (fd < 0 && !noipv6) { +#if X11VNC_IPV6 && defined(AI_ADDRCONFIG) + int err; + struct addrinfo *ai; + struct addrinfo hints; + char service[32], *host2, *q; + + rfbLog("connect_tcp: trying IPv6 %s %d\n", host, port); + + memset(&hints, 0, sizeof(hints)); + sprintf(service, "%d", port); + + hints.ai_family = AF_UNSPEC; + hints.ai_socktype = SOCK_STREAM; + hints.ai_flags = AI_ADDRCONFIG; + if(ipv6_ip(host)) { +#ifdef AI_NUMERICHOST + rfbLog("connect_tcp[ipv6]: setting AI_NUMERICHOST for %s\n", host); + hints.ai_flags |= AI_NUMERICHOST; +#else + rfbLog("connect_tcp[ipv6]: no AI_NUMERICHOST for %s\n", host); +#endif + } +#ifdef AI_NUMERICSERV + hints.ai_flags |= AI_NUMERICSERV; +#endif + + if (!strcmp(host, "127.0.0.1")) { + host2 = strdup("::1"); + } else if (host[0] == '[') { + host2 = strdup(host+1); + } else { + host2 = strdup(host); + } + q = strrchr(host2, ']'); + if (q) { + *q = '\0'; + } + + + err = getaddrinfo(host2, service, &hints, &ai); + if (err != 0) { + rfbLog("connect_tcp[ipv6]: getaddrinfo[%d]: %s\n", err, gai_strerror(err)); + usleep(100 * 1000); + err = getaddrinfo(host2, service, &hints, &ai); + } + free(host2); + + if (err != 0) { + rfbLog("connect_tcp[ipv6]: getaddrinfo[%d]: %s\n", err, gai_strerror(err)); + } else { + struct addrinfo *ap = ai; + while (ap != NULL) { + int sock = socket(ap->ai_family, ap->ai_socktype, ap->ai_protocol); + if (sock == -1) { + rfbLogPerror("connect_tcp[ipv6]: socket"); + } else { + char *s = ipv6_getipaddr(ap->ai_addr, ap->ai_addrlen); + if (!s) s = strdup("unknown"); + rfbLog("connect_tcp[ipv6]: trying sock=%d using %s\n", sock, s); + if (connect(sock, ap->ai_addr, ap->ai_addrlen) == 0) { + rfbLog("connect_tcp[ipv6]: connect OK\n"); + fd = sock; + if (!ipv6_client_ip_str) { + ipv6_client_ip_str = strdup(s); + } + free(s); + break; + } else { + close(sock); + rfbLogPerror("connect_tcp[ipv6]: connect"); + } + free(s); + } + ap = ap->ai_next; + } + freeaddrinfo(ai); + } +#endif + } + return fd; +} + +int listen_tcp(int port, in_addr_t iface, int try6) { + int fd = -1; + int fail4 = noipv4; + if (getenv("IPV4_FAILS")) { + fail4 = 2; + } + + if (fail4) { + if (fail4 > 1) { + rfbLog("TESTING: IPV4_FAILS for listen_tcp: port=%d try6=%d\n", port, try6); + } + } else { + fd = rfbListenOnTCPPort(port, iface); + } + + if (fd >= 0) { + return fd; + } + if (fail4 > 1) { + rfbLogPerror("listen_tcp: listen failed"); + } + + if (fd < 0 && try6 && ipv6_listen && !noipv6) { +#if X11VNC_IPV6 + char *save = listen_str6; + if (iface == htonl(INADDR_LOOPBACK)) { + listen_str6 = "localhost"; + rfbLog("listen_tcp: retrying on IPv6 in6addr_loopback ...\n"); + fd = listen6(port); + } else if (iface == htonl(INADDR_ANY)) { + listen_str6 = NULL; + rfbLog("listen_tcp: retrying on IPv6 in6addr_any ...\n"); + fd = listen6(port); + } + listen_str6 = save; +#else + if (try6) {} +#endif + } + return fd; +} + diff --git a/x11vnc/inet.h b/x11vnc/inet.h index 4ac7597..ae1c830 100644 --- a/x11vnc/inet.h +++ b/x11vnc/inet.h @@ -39,6 +39,7 @@ extern char *host2ip(char *host); extern char *raw2host(char *raw, int len); extern char *raw2ip(char *raw); extern char *ip2host(char *ip); +extern int ipv6_ip(char *host); extern int dotted_ip(char *host); extern int get_remote_port(int sock); extern int get_local_port(int sock); @@ -46,6 +47,12 @@ extern char *get_remote_host(int sock); extern char *get_local_host(int sock); extern char *ident_username(rfbClientPtr client); extern int find_free_port(int start, int end); +extern int find_free_port6(int start, int end); extern int have_ssh_env(void); +extern char *ipv6_getnameinfo(struct sockaddr *paddr, int addrlen); +extern char *ipv6_getipaddr(struct sockaddr *paddr, int addrlen); +extern int listen6(int port); +extern int connect_tcp(char *host, int port); +extern int listen_tcp(int port, in_addr_t iface, int try6); #endif /* _X11VNC_INET_H */ diff --git a/x11vnc/options.c b/x11vnc/options.c index 9a8c958..05f7538 100644 --- a/x11vnc/options.c +++ b/x11vnc/options.c @@ -134,10 +134,21 @@ int no_external_cmds = 1; /* cannot be turned back on. */ char *allowed_external_cmds = NULL; int started_as_root = 0; int host_lookup = 1; +#ifndef X11VNC_LISTEN6 +int ipv6_listen = 0; /* -6 */ +#else +int ipv6_listen = 1; +#endif +int ipv6_listen_fd = -1; +int ipv6_http_fd = -1; +int noipv6 = 0; +int noipv4 = 0; +char *ipv6_client_ip_str = NULL; char *users_list = NULL; /* -users */ char **user2group = NULL; char *allow_list = NULL; /* for -allow and -localhost */ char *listen_str = NULL; +char *listen_str6 = NULL; char *allow_once = NULL; /* one time -allow */ char *accept_cmd = NULL; /* for -accept */ char *afteraccept_cmd = NULL; /* for -afteraccept */ @@ -426,6 +437,7 @@ int napfac = 4; /* time = napfac*waitms, cut load with extra waits */ int napmax = 1500; /* longest nap in ms. */ int ui_skip = 10; /* see watchloop. negative means ignore input */ int all_input = 0; +int handle_events_eagerly = 0; #if LIBVNCSERVER_HAVE_FBPM diff --git a/x11vnc/options.h b/x11vnc/options.h index 110e4b8..566e1d7 100644 --- a/x11vnc/options.h +++ b/x11vnc/options.h @@ -115,10 +115,17 @@ extern int no_external_cmds; extern char *allowed_external_cmds; extern int started_as_root; extern int host_lookup; +extern int ipv6_listen; +extern int ipv6_listen_fd; +extern int ipv6_http_fd; +extern int noipv6; +extern int noipv4; +extern char *ipv6_client_ip_str; extern char *users_list; extern char **user2group; extern char *allow_list; extern char *listen_str; +extern char *listen_str6; extern char *allow_once; extern char *accept_cmd; extern char *afteraccept_cmd; @@ -331,6 +338,7 @@ extern int napfac; extern int napmax; extern int ui_skip; extern int all_input; +extern int handle_events_eagerly; extern int watch_fbpm; extern int watch_dpms; diff --git a/x11vnc/remote.c b/x11vnc/remote.c index 953f963..6c9ae42 100644 --- a/x11vnc/remote.c +++ b/x11vnc/remote.c @@ -59,6 +59,7 @@ so, delete this exception statement from your version. #include "uinput.h" #include "userinput.h" #include "avahi.h" +#include "sslhelper.h" int send_remote_cmd(char *cmd, int query, int wait); int do_remote_query(char *remote_cmd, char *query_cmd, int remote_sync, @@ -480,6 +481,15 @@ static void rfb_http_init_sockets(void) { screen->listenInterface = htonl(INADDR_LOOPBACK); } rfbHttpInitSockets(screen); + if (noipv4 || getenv("IPV4_FAILS")) { + if (getenv("IPV4_FAILS")) { + rfbLog("TESTING: IPV4_FAILS for rfb_http_init_sockets()\n"); + } + if (screen->httpListenSock > -1) { + close(screen->httpListenSock); + screen->httpListenSock = -1; + } + } screen->listenInterface = iface; } @@ -505,95 +515,169 @@ void http_connections(int on) { } screen->httpInitDone = FALSE; if (check_httpdir()) { + int fd6 = -1; screen->httpDir = http_dir; rfb_http_init_sockets(); if (screen->httpPort != 0 && screen->httpListenSock < 0) { rfbLog("http_connections: failed to listen on http port: %d\n", screen->httpPort); - clean_up_exit(1); + if (ipv6_listen) { + fd6 = listen6(screen->httpPort); + } + if (fd6 < 0) { + clean_up_exit(1); + } + rfbLog("http_connections: trying IPv6 only mode.\n"); + } + if (ipv6_listen && screen->httpPort > 0) { + if (fd6 < 0) { + fd6 = listen6(screen->httpPort); + } + ipv6_http_fd = fd6; + if (ipv6_http_fd >= 0) { + rfbLog("http_connections: %s listening on IPv6 port=%d sock=%d\n", + screen->httpListenSock < 0 ? "Only" : "Also", + screen->httpPort, ipv6_http_fd); + } } } } else { rfbLog("http_connections: turning off http service.\n"); if (screen->httpListenSock > -1) { close(screen->httpListenSock); + screen->httpListenSock = -1; } - screen->httpListenSock = -1; screen->httpDir = NULL; + if (ipv6_http_fd >= 0) { + close(ipv6_http_fd); + ipv6_http_fd = -1; + } } } static void reset_httpport(int old, int new) { int hp = new; - if (hp < 0) { + + if (! screen->httpDir) { + return; + } else if (inetd) { + rfbLog("reset_httpport: cannot set httpport: %d in inetd.\n", hp); + return; + } else if (!screen) { + rfbLog("reset_httpport: no screen.\n"); + return; + } else if (hp < 0) { rfbLog("reset_httpport: invalid httpport: %d\n", hp); + return; } else if (hp == old) { rfbLog("reset_httpport: unchanged httpport: %d\n", hp); - } else if (inetd) { - rfbLog("reset_httpport: cannot set httpport: %d" - " in inetd.\n", hp); - } else if (screen) { - /* mutex */ - screen->httpPort = hp; - screen->httpInitDone = FALSE; - if (screen->httpListenSock > -1) { - close(screen->httpListenSock); + return; + } + + if (screen->httpListenSock > -1) { + close(screen->httpListenSock); + screen->httpListenSock = -1; + } + + screen->httpPort = hp; + screen->httpInitDone = FALSE; + + rfbLog("reset_httpport: setting httpport %d -> %d.\n", + old == -1 ? hp : old, hp); + + if (noipv4 || getenv("IPV4_FAILS")) { + if (getenv("IPV4_FAILS")) { + rfbLog("TESTING: IPV4_FAILS for reset_httpport()\n"); } - rfbLog("reset_httpport: setting httpport %d -> %d.\n", - old == -1 ? hp : old, hp); + } else if (screen->httpPort == 0) { + ; + } else { rfb_http_init_sockets(); - if (screen->httpPort != 0 && screen->httpListenSock < 0) { - rfbLog("reset_httpport: failed to listen on http port: %d\n", screen->httpPort); - } + } + + if (screen->httpPort != 0 && screen->httpListenSock < 0) { + rfbLog("reset_httpport: failed to listen on http port: %d\n", + screen->httpPort); + } + + if (ipv6_http_fd >= 0) { + close(ipv6_http_fd); + ipv6_http_fd = -1; + } + if (ipv6_listen && screen->httpPort > 0) { + ipv6_http_fd = listen6(screen->httpPort); + rfbLog("reset_httpport: ipv6_http_fd: %d port: %d\n", + ipv6_http_fd, screen->httpPort); } } static void reset_rfbport(int old, int new) { int rp = new; - if (rp < 0) { + + if (inetd) { + rfbLog("reset_rfbport: cannot set rfbport: %d in inetd.\n", rp); + return; + } else if (!screen) { + rfbLog("reset_rfbport: no screen.\n"); + return; + } else if (rp < 0) { rfbLog("reset_rfbport: invalid rfbport: %d\n", rp); + return; } else if (rp == old) { rfbLog("reset_rfbport: unchanged rfbport: %d\n", rp); - } else if (inetd) { - rfbLog("reset_rfbport: cannot set rfbport: %d" - " in inetd.\n", rp); - } else if (screen) { - rfbClientIteratorPtr iter; - rfbClientPtr cl; - int maxfd; - /* mutex */ - if (rp == 0) { - screen->autoPort = TRUE; + return; + } + + rfbLog("reset_rfbport: setting rfbport %d -> %d.\n", old == -1 ? rp : old, rp); + + screen->port = rp; + + if (use_openssl) { + openssl_port(1); + if (openssl_sock < 0 && openssl_sock6 < 0) { + rfbLog("reset_rfbport: warning could not listen on port: %d\n", + screen->port); } else { - screen->autoPort = FALSE; + set_vnc_desktop_name(); } - screen->port = rp; - screen->socketState = RFB_SOCKET_INIT; - - if (screen->listenSock > -1) { - close(screen->listenSock); + if (https_port_num >= 0) { + https_port(1); } + return; + } - rfbLog("reset_rfbport: setting rfbport %d -> %d.\n", - old == -1 ? rp : old, rp); - rfbInitSockets(screen); + if (screen->listenSock >= 0) { + FD_CLR(screen->listenSock, &(screen->allFds)); + close(screen->listenSock); + screen->listenSock = -1; + } - maxfd = screen->maxFd; - if (screen->udpSock > 0 && screen->udpSock > maxfd) { - maxfd = screen->udpSock; + if (noipv4 || getenv("IPV4_FAILS")) { + if (getenv("IPV4_FAILS")) { + rfbLog("TESTING: IPV4_FAILS for reset_rfbport()\n"); } - iter = rfbGetClientIterator(screen); - while( (cl = rfbClientIteratorNext(iter)) ) { - if (cl->sock > -1) { - FD_SET(cl->sock, &(screen->allFds)); - if (cl->sock > maxfd) { - maxfd = cl->sock; - } + } else { + screen->listenSock = listen_tcp(screen->port, screen->listenInterface, 0); + if (screen->listenSock >= 0) { + if (screen->listenSock > screen->maxFd) { + screen->maxFd = screen->listenSock; } + FD_SET(screen->listenSock, &(screen->allFds)); } - rfbReleaseClientIterator(iter); + } - screen->maxFd = maxfd; + if (ipv6_listen_fd >= 0) { + close(ipv6_listen_fd); + ipv6_listen_fd = -1; + } + if (ipv6_listen && screen->port > 0) { + ipv6_listen_fd = listen6(screen->port); + rfbLog("reset_rfbport: ipv6_listen_fd: %d port: %d\n", + ipv6_listen_fd, screen->port); + } + if (screen->listenSock < 0 && ipv6_listen_fd < 0) { + rfbLog("reset_rfbport: warning could not listen on port: %d\n", screen->port); + } else { set_vnc_desktop_name(); } } @@ -741,6 +825,8 @@ int remote_control_access_ok(void) { void macosxCG_keycode_inject(int down, int keycode); #endif +int rc_npieces = 0; + /* * Huge, ugly switch to handle all remote commands and queries * -remote/-R and -query/-Q. @@ -876,6 +962,7 @@ char *process_remote_cmd(char *cmd, int stringonly) { } free(s); + rc_npieces = n; strcpy(buf, ""); for (k=0; k < n; k++) { res = process_remote_cmd(pieces[k], 1); @@ -898,6 +985,7 @@ char *process_remote_cmd(char *cmd, int stringonly) { free(pieces[k]); } free(pieces); + rc_npieces = 0; goto qry; } p += strlen("qry="); @@ -1779,6 +1867,74 @@ char *process_remote_cmd(char *cmd, int stringonly) { free(before); goto done; } + if (!strcmp(p, "noipv6")) { + if (query) { + snprintf(buf, bufn, "ans=%s:%d", p, noipv6); + goto qry; + } + rfbLog("remote_cmd: enabling -noipv6 mode for future sockets.\n"); + noipv6 = 1; + goto done; + } + if (!strcmp(p, "ipv6")) { + if (query) { + snprintf(buf, bufn, "ans=%s:%d", p, !noipv6); + goto qry; + } + rfbLog("remote_cmd: disabling -noipv6 mode for future sockets.\n"); + noipv6 = 0; + goto done; + } + if (!strcmp(p, "noipv4")) { + if (query) { + snprintf(buf, bufn, "ans=%s:%d", p, noipv4); + goto qry; + } + rfbLog("remote_cmd: enabling -noipv4 mode for future sockets.\n"); + noipv4 = 1; + goto done; + } + if (!strcmp(p, "ipv4")) { + if (query) { + snprintf(buf, bufn, "ans=%s:%d", p, !noipv4); + goto qry; + } + rfbLog("remote_cmd: disabling -noipv4 mode for future sockets.\n"); + noipv4 = 0; + goto done; + } + if (!strcmp(p, "no6")) { + if (query) { + snprintf(buf, bufn, "ans=%s:%d", p, !ipv6_listen); + goto qry; + } + if (ipv6_listen) { + ipv6_listen = 0; + rfbLog("disabling -6 IPv6 listening mode.\n"); + reset_rfbport(-1, screen->port); + reset_httpport(-1, screen->httpPort); + if (https_port_num > 0) { + https_port(1); + } + } + goto done; + } + if (!strcmp(p, "6")) { + if (query) { + snprintf(buf, bufn, "ans=%s:%d", p, ipv6_listen); + goto qry; + } + if (!ipv6_listen) { + ipv6_listen = 1; + rfbLog("enabling -6 IPv6 listening mode.\n"); + reset_rfbport(-1, screen->port); + reset_httpport(-1, screen->httpPort); + if (https_port_num > 0) { + https_port(1); + } + } + goto done; + } if (!strcmp(p, "localhost")) { char *before, *old; if (query) { @@ -1818,9 +1974,7 @@ char *process_remote_cmd(char *cmd, int stringonly) { rfbLog("listening on loopback network only.\n"); rfbLog("allow list is: '%s'\n", NONUL(allow_list)); reset_rfbport(-1, screen->port); - if (screen->httpListenSock > -1) { - reset_httpport(-1, screen->httpPort); - } + reset_httpport(-1, screen->httpPort); goto done; } if (!strcmp(p, "nolocalhost")) { @@ -1866,9 +2020,7 @@ char *process_remote_cmd(char *cmd, int stringonly) { rfbLog("listening on ALL network interfaces.\n"); rfbLog("allow list is: '%s'\n", NONUL(allow_list)); reset_rfbport(-1, screen->port); - if (screen->httpListenSock > -1) { - reset_httpport(-1, screen->httpPort); - } + reset_httpport(-1, screen->httpPort); goto done; } if (strstr(p, "listen") == p) { @@ -1957,9 +2109,7 @@ char *process_remote_cmd(char *cmd, int stringonly) { if (ok) { rfbLog("allow list is: '%s'\n", NONUL(allow_list)); reset_rfbport(-1, screen->port); - if (screen->httpListenSock > -1) { - reset_httpport(-1, screen->httpPort); - } + reset_httpport(-1, screen->httpPort); free(before); } else { rfbLog("invalid listen string: %s\n", listen_str); @@ -3933,6 +4083,10 @@ char *process_remote_cmd(char *cmd, int stringonly) { } all_input = 1; rfbLog("enabled allinput\n"); + if (handle_events_eagerly) { + rfbLog("disabled input_eagerly\n"); + handle_events_eagerly = 0; + } goto done; } if (!strcmp(p, "noallinput")) { @@ -3944,6 +4098,28 @@ char *process_remote_cmd(char *cmd, int stringonly) { rfbLog("disabled allinput\n"); goto done; } + if (!strcmp(p, "input_eagerly")) { + if (query) { + snprintf(buf, bufn, "ans=%s:%d", p, handle_events_eagerly); + goto qry; + } + handle_events_eagerly = 1; + rfbLog("enabled input_eagerly\n"); + if (all_input) { + rfbLog("disabled allinput\n"); + all_input = 0; + } + goto done; + } + if (!strcmp(p, "noinput_eagerly")) { + if (query) { + snprintf(buf, bufn, "ans=%s:%d", p, !handle_events_eagerly); + goto qry; + } + handle_events_eagerly = 0; + rfbLog("disabled input_eagerly\n"); + goto done; + } if (strstr(p, "input") == p) { int doit = 1; COLON_CHECK("input:") @@ -4941,24 +5117,24 @@ char *process_remote_cmd(char *cmd, int stringonly) { } if (strstr(p, "uinput_reset") == p) { COLON_CHECK("uinput_reset:") - p += strlen("uinput_reset:"); if (query) { snprintf(buf, bufn, "ans=%s%s%d", p, co, get_uinput_reset()); goto qry; } + p += strlen("uinput_reset:"); rfbLog("set_uinput_reset: %s\n", p); set_uinput_reset(atoi(p)); goto done; } if (strstr(p, "uinput_always") == p) { COLON_CHECK("uinput_always:") - p += strlen("uinput_always:"); if (query) { snprintf(buf, bufn, "ans=%s%s%d", p, co, get_uinput_always()); goto qry; } + p += strlen("uinput_always:"); rfbLog("set_uinput_always: %s\n", p); set_uinput_always(atoi(p)); goto done; @@ -5002,7 +5178,7 @@ char *process_remote_cmd(char *cmd, int stringonly) { snprintf(buf, bufn, "ans=%s:%d", p, (ls > -1)); goto qry; } - if (screen->httpListenSock > -1) { + if (screen->httpListenSock > -1 || ipv6_http_fd > -1) { rfbLog("already listening for http connections.\n"); } else { rfbLog("turning on listening for http connections.\n"); @@ -5018,7 +5194,7 @@ char *process_remote_cmd(char *cmd, int stringonly) { snprintf(buf, bufn, "ans=%s:%d", p, !(ls > -1)); goto qry; } - if (screen->httpListenSock < 0) { + if (screen->httpListenSock < 0 && ipv6_http_fd < 0) { rfbLog("already not listening for http connections.\n"); } else { rfbLog("turning off listening for http connections.\n"); @@ -5936,7 +6112,7 @@ char *process_remote_cmd(char *cmd, int stringonly) { grab_state(&ptr_grabbed, &kbd_grabbed); snprintf(buf, bufn, "aro=%s:%d,%d", p, ptr_grabbed, kbd_grabbed); - if (dpy) { + if (dpy && rc_npieces < 10) { rfbLog("remote_cmd: ptr,kbd: %s\n", buf); } goto qry; @@ -5982,7 +6158,9 @@ char *process_remote_cmd(char *cmd, int stringonly) { } else if (!strcmp(p, "pointer_root")) { /* skip-cmd-list */ snprintf(buf, bufn, "aro=%s:0x%x", p, (unsigned int) r); } - rfbLog("remote_cmd: %s: %s\n", p, buf); + if (rc_npieces < 10) { + rfbLog("remote_cmd: %s: %s\n", p, buf); + } goto qry; } if (!strcmp(p, "bpp")) { diff --git a/x11vnc/screen.c b/x11vnc/screen.c index 4595f56..127267d 100644 --- a/x11vnc/screen.c +++ b/x11vnc/screen.c @@ -1421,7 +1421,7 @@ char *vnc_reflect_guess(char *str, char **raw_fb_addr) { if (first) { argv[argc++] = "x11vnc_rawfb_vnc"; if (strstr(hp, "listen") == hp) { - char *q = strchr(hp, ':'); + char *q = strrchr(hp, ':'); argv[argc++] = strdup("-listen"); if (q) { client->listenPort = atoi(q+1); @@ -3589,12 +3589,54 @@ void initialize_screen(int *argc, char **argv, XImage *fb) { defer_update = screen->deferUpdateTime; } - rfbInitServer(screen); + if (noipv4 || getenv("IPV4_FAILS")) { + rfbBool ap = screen->autoPort; + int port = screen->port; + + if (getenv("IPV4_FAILS")) { + rfbLog("TESTING: IPV4_FAILS for rfbInitServer()\n"); + } + + screen->autoPort = FALSE; + screen->port = 0; + + rfbInitServer(screen); + + screen->autoPort = ap; + screen->port = port; + + } else { + rfbInitServer(screen); + } if (use_openssl) { - openssl_port(); + openssl_port(0); if (https_port_num >= 0) { - https_port(); + https_port(0); + } + } else { + if (ipv6_listen) { + int fd = -1; + if (screen->port <= 0) { + if (got_rfbport) { + screen->port = got_rfbport_val; + } else { + int ap = 5900; + if (auto_port > 0) { + ap = auto_port; + } + screen->port = find_free_port6(ap, ap+200); + } + } + fd = listen6(screen->port); + if (fd < 0) { + ipv6_listen = 0; + } else { + rfbLog("%slistening on IPv6 port=%d sock=%d\n", + screen->listenSock < 0 ? "Only " : "Also ", + screen->port, fd); + ipv6_listen_fd = fd; + } } } @@ -3717,7 +3759,8 @@ void do_announce_http(void) { return; } - if (screen->httpListenSock > -1 && screen->httpPort) { + /* XXX ipv6? */ + if ((screen->httpListenSock > -1 || ipv6_http_fd > -1) && screen->httpPort) { int enc_none = (enc_str && !strcmp(enc_str, "none")); char *SPORT = " (single port)"; if (use_openssl && ! enc_none) { @@ -3752,6 +3795,7 @@ void do_announce_http(void) { void do_mention_java_urls(void) { if (! quiet && screen) { + /* XXX ipv6? */ if (screen->httpListenSock > -1 && screen->httpPort) { rfbLog("\n"); rfbLog("The URLs printed out below ('Java ... viewer URL') can\n"); diff --git a/x11vnc/sslcmds.c b/x11vnc/sslcmds.c index 0abe9c7..7c4bdc1 100644 --- a/x11vnc/sslcmds.c +++ b/x11vnc/sslcmds.c @@ -114,7 +114,7 @@ int start_stunnel(int stunnel_port, int x11vnc_port, int hport, int x11vnc_hport strcat(path, extra); } - exe = (char *) malloc(strlen(path) + 1 + strlen("stunnel") + 1); + exe = (char *) malloc(strlen(path) + 1 + strlen("stunnel4") + 1); p = strtok(path, ":"); @@ -123,6 +123,14 @@ int start_stunnel(int stunnel_port, int x11vnc_port, int hport, int x11vnc_hport while (p) { struct stat sbuf; + sprintf(exe, "%s/%s", p, "stunnel4"); + if (! stunnel_path && stat(exe, &sbuf) == 0) { + if (! S_ISDIR(sbuf.st_mode)) { + stunnel_path = exe; + break; + } + } + sprintf(exe, "%s/%s", p, "stunnel"); if (! stunnel_path && stat(exe, &sbuf) == 0) { if (! S_ISDIR(sbuf.st_mode)) { @@ -137,6 +145,12 @@ int start_stunnel(int stunnel_port, int x11vnc_port, int hport, int x11vnc_hport free(path); } + if (getenv("STUNNEL_PROG")) { + free(exe); + exe = strdup(getenv("STUNNEL_PROG")); + stunnel_path = exe; + } + if (! stunnel_path) { free(exe); return 0; @@ -219,6 +233,15 @@ int start_stunnel(int stunnel_port, int x11vnc_port, int hport, int x11vnc_hport FILE *in; char fd[20]; int i; + char *st_if = getenv("STUNNEL_LISTEN"); + + if (st_if == NULL) { + st_if = ""; + } else { + st_if = (char *) malloc(strlen(st_if) + 2); + sprintf(st_if, "%s:", getenv("STUNNEL_LISTEN")); + } + for (i=3; i<256; i++) { close(i); @@ -293,12 +316,12 @@ int start_stunnel(int stunnel_port, int x11vnc_port, int hport, int x11vnc_hport } fprintf(in, ";debug = 7\n\n"); fprintf(in, "[x11vnc_stunnel]\n"); - fprintf(in, "accept = %d\n", stunnel_port); + fprintf(in, "accept = %s%d\n", st_if, stunnel_port); fprintf(in, "connect = %d\n", x11vnc_port); if (hport > 0 && x11vnc_hport > 0) { fprintf(in, "\n[x11vnc_http]\n"); - fprintf(in, "accept = %d\n", hport); + fprintf(in, "accept = %s%d\n", st_if, hport); fprintf(in, "connect = %d\n", x11vnc_hport); } diff --git a/x11vnc/sslhelper.c b/x11vnc/sslhelper.c index ab2a43f..ae33520 100644 --- a/x11vnc/sslhelper.c +++ b/x11vnc/sslhelper.c @@ -42,10 +42,12 @@ so, delete this exception statement from your version. #include "unixpw.h" #include "user.h" -#define OPENSSL_INETD 1 -#define OPENSSL_VNC 2 -#define OPENSSL_HTTPS 3 -#define OPENSSL_REVERSE 4 +#define OPENSSL_INETD 1 +#define OPENSSL_VNC 2 +#define OPENSSL_VNC6 3 +#define OPENSSL_HTTPS 4 +#define OPENSSL_HTTPS6 5 +#define OPENSSL_REVERSE 6 #define DO_DH 0 @@ -56,8 +58,10 @@ so, delete this exception statement from your version. #endif int openssl_sock = -1; +int openssl_sock6 = -1; int openssl_port_num = 0; int https_sock = -1; +int https_sock6 = -1; pid_t openssl_last_helper_pid = 0; char *openssl_last_ip = NULL; @@ -658,8 +662,8 @@ char *get_ssl_verify_file(char *str_in) { int openssl_present(void); void openssl_init(int isclient); -void openssl_port(void); -void https_port(void); +void openssl_port(int restart); +void https_port(int restart); void check_openssl(void); void check_https(void); void ssl_helper_pid(pid_t pid, int sock); @@ -1989,6 +1993,10 @@ static int ssl_init(int s_in, int s_out, int skip_vnc_tls, double last_https) { name = get_remote_host(ssock); peerport = get_remote_port(ssock); + if (!strcmp(name, "0.0.0.0") && openssl_last_ip != NULL) { + name = strdup(openssl_last_ip); + } + if (db > 1) fprintf(stderr, "ssl_init: 4\n"); while (1) { @@ -2593,7 +2601,7 @@ static void init_prng(void) { void check_openssl(void) { fd_set fds; struct timeval tv; - int nfds; + int nfds, nmax = openssl_sock; static time_t last_waitall = 0; static double last_check = 0.0; double now; @@ -2607,7 +2615,7 @@ void check_openssl(void) { ssl_helper_pid(0, -2); /* waitall */ } - if (openssl_sock < 0) { + if (openssl_sock < 0 && openssl_sock6 < 0) { return; } @@ -2618,29 +2626,43 @@ void check_openssl(void) { last_check = now; FD_ZERO(&fds); - FD_SET(openssl_sock, &fds); + if (openssl_sock >= 0) { + FD_SET(openssl_sock, &fds); + } + if (openssl_sock6 >= 0) { + FD_SET(openssl_sock6, &fds); + if (openssl_sock6 > openssl_sock) { + nmax = openssl_sock6; + } + } tv.tv_sec = 0; tv.tv_usec = 0; - nfds = select(openssl_sock+1, &fds, NULL, NULL, &tv); + nfds = select(nmax+1, &fds, NULL, NULL, &tv); if (nfds <= 0) { return; } - - rfbLog("SSL: accept_openssl(OPENSSL_VNC)\n"); - accept_openssl(OPENSSL_VNC, -1); + + if (openssl_sock >= 0 && FD_ISSET(openssl_sock, &fds)) { + rfbLog("SSL: accept_openssl(OPENSSL_VNC)\n"); + accept_openssl(OPENSSL_VNC, -1); + } + if (openssl_sock6 >= 0 && FD_ISSET(openssl_sock6, &fds)) { + rfbLog("SSL: accept_openssl(OPENSSL_VNC6)\n"); + accept_openssl(OPENSSL_VNC6, -1); + } } void check_https(void) { fd_set fds; struct timeval tv; - int nfds; + int nfds, nmax = https_sock; static double last_check = 0.0; double now; - if (! use_openssl || https_sock < 0) { + if (! use_openssl || (https_sock < 0 && https_sock6 < 0)) { return; } @@ -2651,25 +2673,40 @@ void check_https(void) { last_check = now; FD_ZERO(&fds); - FD_SET(https_sock, &fds); + if (https_sock >= 0) { + FD_SET(https_sock, &fds); + } + if (https_sock6 >= 0) { + FD_SET(https_sock6, &fds); + if (https_sock6 > https_sock) { + nmax = https_sock6; + } + } tv.tv_sec = 0; tv.tv_usec = 0; - nfds = select(https_sock+1, &fds, NULL, NULL, &tv); + nfds = select(nmax+1, &fds, NULL, NULL, &tv); if (nfds <= 0) { return; } - rfbLog("SSL: accept_openssl(OPENSSL_HTTPS)\n"); - accept_openssl(OPENSSL_HTTPS, -1); + + if (https_sock >= 0 && FD_ISSET(https_sock, &fds)) { + rfbLog("SSL: accept_openssl(OPENSSL_HTTPS)\n"); + accept_openssl(OPENSSL_HTTPS, -1); + } + if (https_sock6 >= 0 && FD_ISSET(https_sock6, &fds)) { + rfbLog("SSL: accept_openssl(OPENSSL_HTTPS6)\n"); + accept_openssl(OPENSSL_HTTPS6, -1); + } } -void openssl_port(void) { +void openssl_port(int restart) { int sock = -1, shutdown = 0; static int port = -1; static in_addr_t iface = INADDR_ANY; - int db = 0; + int db = 0, fd6 = -1; if (! screen) { rfbLog("openssl_port: no screen!\n"); @@ -2680,15 +2717,18 @@ void openssl_port(void) { return; } - if (screen->listenSock > -1 && screen->port > 0) { + if (restart) { + port = screen->port; + } else if (screen->listenSock > -1 && screen->port > 0) { port = screen->port; shutdown = 1; + } else if (ipv6_listen && screen->port > 0) { + port = screen->port; } else if (screen->port == 0) { port = screen->port; } - if (screen->listenInterface) { - iface = screen->listenInterface; - } + + iface = screen->listenInterface; if (shutdown) { if (db) fprintf(stderr, "shutting down %d/%d\n", @@ -2698,21 +2738,56 @@ void openssl_port(void) { #endif } + if (openssl_sock >= 0) { + close(openssl_sock); + openssl_sock = -1; + } + if (openssl_sock6 >= 0) { + close(openssl_sock6); + openssl_sock6 = -1; + } + if (port < 0) { rfbLog("openssl_port: could not obtain listening port %d\n", port); + if (!got_rfbport && !ipv6_listen) { + rfbLog("openssl_port: if this system is IPv6-only, use the -6 option\n"); + } clean_up_exit(1); } else if (port == 0) { /* no listen case, i.e. -connect */ sock = -1; } else { - sock = rfbListenOnTCPPort(port, iface); + sock = listen_tcp(port, iface, 0); + if (ipv6_listen) { + fd6 = listen6(port); + } else if (!got_rfbport) { + rfbLog("openssl_port: if this system is IPv6-only, use the -6 option\n"); + } if (sock < 0) { - rfbLog("openssl_port: could not reopen port %d\n", port); - clean_up_exit(1); + if (fd6 < 0) { + rfbLog("openssl_port: could not reopen port %d\n", port); + if (!restart) { + clean_up_exit(1); + } + } else { + rfbLog("openssl_port: Info: only listening on IPv6\n"); + } } } rfbLog("openssl_port: listen on port/sock %d/%d\n", port, sock); - if (!quiet) { + if (ipv6_listen && port > 0) { + if (fd6 < 0) { + fd6 = listen6(port); + } + if (fd6 < 0) { + ipv6_listen = 0; + } else { + rfbLog("openssl_port: listen on port/sock %d/%d (ipv6)\n", + port, fd6); + openssl_sock6 = fd6; + } + } + if (!quiet && sock >=0) { announce(port, 1, NULL); } openssl_sock = sock; @@ -2721,11 +2796,10 @@ void openssl_port(void) { ssl_initialized = 1; } -void https_port(void) { - int sock; +void https_port(int restart) { + int sock, fd6 = -1; static int port = 0; static in_addr_t iface = INADDR_ANY; - int db = 0; /* as openssl_port above: open a listening socket for pure https: */ if (https_port_num < 0) { @@ -2735,6 +2809,9 @@ void https_port(void) { rfbLog("https_port: no screen!\n"); clean_up_exit(1); } + if (! screen->httpDir) { + return; + } if (screen->listenInterface) { iface = screen->listenInterface; } @@ -2742,6 +2819,9 @@ void https_port(void) { if (https_port_num == 0) { https_port_num = find_free_port(5801, 5851); } + if (ipv6_listen && https_port_num <= 0) { + https_port_num = find_free_port6(5801, 5851); + } if (https_port_num <= 0) { rfbLog("https_port: could not find port %d\n", https_port_num); clean_up_exit(1); @@ -2750,17 +2830,54 @@ void https_port(void) { if (port <= 0) { rfbLog("https_port: could not obtain listening port %d\n", port); - clean_up_exit(1); + if (!restart) { + clean_up_exit(1); + } else { + return; + } + } + if (https_sock >= 0) { + close(https_sock); + https_sock = -1; } - sock = rfbListenOnTCPPort(port, iface); + if (https_sock6 >= 0) { + close(https_sock6); + https_sock6 = -1; + } + sock = listen_tcp(port, iface, 0); if (sock < 0) { rfbLog("https_port: could not open port %d\n", port); - clean_up_exit(1); + if (ipv6_listen) { + fd6 = listen6(port); + } + if (fd6 < 0) { + if (!restart) { + clean_up_exit(1); + } + } + rfbLog("https_port: trying IPv6 only mode.\n"); } - if (db) fprintf(stderr, "https_port: listen on port/sock %d/%d\n", - port, sock); - + rfbLog("https_port: listen on port/sock %d/%d\n", port, sock); https_sock = sock; + + if (ipv6_listen) { + if (fd6 < 0) { + fd6 = listen6(port); + } + if (fd6 < 0) { + ; + } else { + rfbLog("https_port: listen on port/sock %d/%d (ipv6)\n", + port, fd6); + https_sock6 = fd6; + } + if (fd6 < 0 && https_sock < 0) { + rfbLog("https_port: could not listen on either IPv4 or IPv6.\n"); + if (!restart) { + clean_up_exit(1); + } + } + } } static void lose_ram(void) { @@ -3095,6 +3212,7 @@ void accept_openssl(int mode, int presock) { char cookie[256], rcookie[256], *name = NULL; int vencrypt_sel = 0; int anontls_sel = 0; + char *ipv6_name = NULL; static double last_https = 0.0; static char last_get[256]; static int first = 1; @@ -3138,6 +3256,25 @@ void accept_openssl(int mode, int presock) { } listen = openssl_sock; + } else if (mode == OPENSSL_VNC6 || mode == OPENSSL_HTTPS6) { +#if X11VNC_IPV6 + struct sockaddr_in6 a6; + socklen_t a6len = sizeof(a6); + int fd = (mode == OPENSSL_VNC6 ? openssl_sock6 : https_sock6); + + sock = accept(fd, (struct sockaddr *)&a6, &a6len); + if (sock < 0) { + rfbLog("SSL: accept_openssl: accept connection failed\n"); + rfbLogPerror("accept"); + if (ssl_no_fail) { + clean_up_exit(1); + } + return; + } + ipv6_name = ipv6_getipaddr((struct sockaddr *)&a6, a6len); + if (!ipv6_name) ipv6_name = strdup("unknown"); + listen = fd; +#endif } else if (mode == OPENSSL_REVERSE) { sock = presock; if (sock < 0) { @@ -3147,6 +3284,10 @@ void accept_openssl(int mode, int presock) { } return; } + if (getenv("OPENSSL_REVERSE_DEBUG")) fprintf(stderr, "OPENSSL_REVERSE: ipv6_client_ip_str: %s\n", ipv6_client_ip_str); + if (ipv6_client_ip_str != NULL) { + ipv6_name = strdup(ipv6_client_ip_str); + } listen = -1; } else if (mode == OPENSSL_HTTPS) { @@ -3169,13 +3310,17 @@ void accept_openssl(int mode, int presock) { } if (mode == OPENSSL_INETD) { openssl_last_ip = get_remote_host(fileno(stdin)); + } else if (mode == OPENSSL_VNC6 || mode == OPENSSL_HTTPS6) { + openssl_last_ip = ipv6_name; + } else if (mode == OPENSSL_REVERSE && ipv6_name != NULL) { + openssl_last_ip = ipv6_name; } else { openssl_last_ip = get_remote_host(sock); } if (!check_ssl_access(openssl_last_ip)) { rfbLog("SSL: accept_openssl: denying client %s\n", openssl_last_ip); - rfbLog("SSL: accept_openssl: does not match -allow (or other reason).\n"); + rfbLog("SSL: accept_openssl: does not match -allow or other reason.\n"); close(sock); sock = -1; if (ssl_no_fail) { @@ -3186,7 +3331,12 @@ void accept_openssl(int mode, int presock) { /* now make a listening socket for child to connect back to us by: */ - cport = find_free_port(20000, 0); + cport = find_free_port(20000, 22000); + if (! cport && ipv6_listen) { + rfbLog("SSL: accept_openssl: seeking IPv6 port.\n"); + cport = find_free_port6(20000, 22000); + rfbLog("SSL: accept_openssl: IPv6 port: %d\n", cport); + } if (! cport) { rfbLog("SSL: accept_openssl: could not find open port.\n"); close(sock); @@ -3197,7 +3347,7 @@ void accept_openssl(int mode, int presock) { } if (db) fprintf(stderr, "accept_openssl: cport: %d\n", cport); - csock = rfbListenOnTCPPort(cport, htonl(INADDR_LOOPBACK)); + csock = listen_tcp(cport, htonl(INADDR_LOOPBACK), 1); if (csock < 0) { rfbLog("SSL: accept_openssl: could not listen on port %d.\n", @@ -3225,7 +3375,13 @@ void accept_openssl(int mode, int presock) { rb[0], rb[1], rb[2], rb[3], rb[4], rb[5], dnow() - x11vnc_start, x11vnc_start, (void *)rb); - if (mode != OPENSSL_INETD) { + if (mode == OPENSSL_VNC6) { + name = strdup(ipv6_name); + peerport = get_remote_port(sock); + } else if (mode == OPENSSL_REVERSE && ipv6_name != NULL) { + name = strdup(ipv6_name); + peerport = get_remote_port(sock); + } else if (mode != OPENSSL_INETD) { name = get_remote_host(sock); peerport = get_remote_port(sock); } else { @@ -3338,7 +3494,7 @@ void accept_openssl(int mode, int presock) { lose_ram(); /* now connect back to parent socket: */ - vncsock = rfbConnectToTcpAddr("127.0.0.1", cport); + vncsock = connect_tcp("127.0.0.1", cport); if (vncsock < 0) { rfbLog("SSL: ssl_helper[%d]: could not connect" " back to: %d\n", getpid(), cport); @@ -3388,8 +3544,9 @@ void accept_openssl(int mode, int presock) { } if (screen->httpListenSock >= 0 && screen->httpPort > 0) { have_httpd = 1; - } - if (screen->httpListenSock == -2) { + } else if (ipv6_http_fd >= 0) { + have_httpd = 1; + } else if (screen->httpListenSock == -2) { have_httpd = 1; } if (mode == OPENSSL_HTTPS && ! have_httpd) { @@ -3614,7 +3771,7 @@ void accept_openssl(int mode, int presock) { if (db) fprintf(stderr, "iface: %s:%d\n", iface, hport); usleep(150*1000); - httpsock = rfbConnectToTcpAddr(iface, hport); + httpsock = connect_tcp(iface, hport); if (httpsock < 0) { /* UGH, after all of that! */ @@ -3962,6 +4119,18 @@ void accept_openssl(int mode, int presock) { openssl_last_helper_pid = 0; if (client) { + int swt = 0; + if (mode == OPENSSL_VNC6 && openssl_last_ip != NULL) { + swt = 1; + } else if (mode == OPENSSL_REVERSE && ipv6_name != NULL && openssl_last_ip != NULL) { + swt = 1; + } + if (swt) { + if (client->host) { + free(client->host); + } + client->host = strdup(openssl_last_ip); + } if (db) fprintf(stderr, "accept_openssl: client %p\n", (void *) client); if (db) fprintf(stderr, "accept_openssl: new_client %p\n", (void *) screen->newClientHook); if (db) fprintf(stderr, "accept_openssl: new_client %p\n", (void *) new_client); diff --git a/x11vnc/sslhelper.h b/x11vnc/sslhelper.h index 2cf82d3..236db73 100644 --- a/x11vnc/sslhelper.h +++ b/x11vnc/sslhelper.h @@ -38,12 +38,16 @@ so, delete this exception statement from your version. #define OPENSSL_INETD 1 #define OPENSSL_VNC 2 -#define OPENSSL_HTTPS 3 -#define OPENSSL_REVERSE 4 +#define OPENSSL_VNC6 3 +#define OPENSSL_HTTPS 4 +#define OPENSSL_HTTPS6 5 +#define OPENSSL_REVERSE 6 extern int openssl_sock; +extern int openssl_sock6; extern int openssl_port_num; extern int https_sock; +extern int https_sock6; extern pid_t openssl_last_helper_pid; extern char *openssl_last_ip; extern char *certret_str; @@ -54,8 +58,8 @@ extern void raw_xfer(int csock, int s_in, int s_out); extern int openssl_present(void); extern void openssl_init(int); -extern void openssl_port(void); -extern void https_port(void); +extern void openssl_port(int); +extern void https_port(int); extern void check_openssl(void); extern void check_https(void); extern void ssl_helper_pid(pid_t pid, int sock); diff --git a/x11vnc/ssltools.h b/x11vnc/ssltools.h index 534dbdd..c402ded 100644 --- a/x11vnc/ssltools.h +++ b/x11vnc/ssltools.h @@ -789,6 +789,7 @@ char find_display[] = " exit 1\n" "fi\n" "\n" +"# Set PATH to pick up utilities we use below.\n" "PATH=$PATH:/bin:/usr/bin:/usr/X11R6/bin:/usr/bin/X11:/usr/openwin/bin:/usr/ucb\n" "export PATH\n" "\n" @@ -1823,6 +1824,10 @@ char create_display[] = " chmod 755 $stmp || exit 1\n" " echo \"#!/bin/sh\" > $stmp\n" " #echo \"(id; env; env | grep XAUTHORITY | sed -e 's/XAUTHORITY=//' | xargs ls -l) > /tmp/ENV.OUT.$$\" >> $stmp\n" +" if [ \"X$SAVE_PATH\" != \"X\" ]; then\n" +" echo \"PATH=\\\"$SAVE_PATH\\\"\" >> $stmp\n" +" echo \"export PATH\" >> $stmp\n" +" fi\n" " if [ \"X$noxauth\" = \"X1\" ]; then\n" " echo \"unset XAUTHORITY\" >> $stmp\n" " fi\n" @@ -1971,25 +1976,6 @@ char create_display[] = " fi\n" " done\n" "\n" -"# if [ \"X$result\" = \"X1\" ]; then\n" -"# if [ \"X$use_xdmcp_query\" = \"X0\" -a \"X$have_xdpyinfo\" != \"X\" ]; then\n" -"# ok=0\n" -"# for t in 1 2 3 4\n" -"# do\n" -"# $have_xdpyinfo >/dev/null 2>&1\n" -"# if [ $? != 0 ]; then\n" -"# sleep 1\n" -"# else\n" -"# ok=1\n" -"# break;\n" -"# fi\n" -"# done\n" -"# if [ \"X$ok\" = \"X0\" ]; then\n" -"# result=0\n" -"# fi\n" -"# fi\n" -"# fi\n" -"\n" " if [ \"X$redir_daemon\" != \"X\" -a \"X$result\" = \"X1\" ]; then\n" " redir_daemon=`echo \"$redir_daemon\" | sed -e 's/[~!$&*()|;?<>\"]//g' -e \"s/'//g\"`\n" " xprog=$X11VNC_PROG\n" @@ -2276,6 +2262,8 @@ char create_display[] = " USER=`whoami`\n" "fi\n" "\n" +"# Set PATH to have a better chance of finding things:\n" +"SAVE_PATH=$PATH\n" "PATH=$PATH:/usr/X11R6/bin:/usr/bin/X11:/usr/openwin/bin:/usr/dt/bin:/opt/kde4/bin:/opt/kde3/bin:/opt/gnome/bin:/usr/bin:/bin:/usr/sfw/bin:/usr/local/bin\n" "\n" "have_root=\"\"\n" diff --git a/x11vnc/tkx11vnc b/x11vnc/tkx11vnc index 1350304..afff89c 100755 --- a/x11vnc/tkx11vnc +++ b/x11vnc/tkx11vnc @@ -268,6 +268,10 @@ Misc macmenu =GAL LOFF -- + 6 + noipv6 + noipv4 + -- nofb =D nobell nolookup @@ -2754,6 +2758,7 @@ proc update_menu_vars {{query ""}} { set x11vnc_icon_mode 1 #puts stderr "x11vnc_icon_mode: $x11vnc_icon_mode" } + # XXX ipv6 if {[regexp {^([^:][^:]*):(.*)$} $piece m0 item val]} { if {[info exists menu_var($item)]} { set old $menu_var($item) diff --git a/x11vnc/tkx11vnc.h b/x11vnc/tkx11vnc.h index 432920d..c38e600 100644 --- a/x11vnc/tkx11vnc.h +++ b/x11vnc/tkx11vnc.h @@ -279,6 +279,10 @@ char gui_code[] = ""; " macmenu\n" " =GAL LOFF\n" " --\n" +" 6\n" +" noipv6\n" +" noipv4\n" +" --\n" " nofb\n" " =D nobell\n" " nolookup\n" @@ -2765,6 +2769,7 @@ char gui_code[] = ""; " set x11vnc_icon_mode 1\n" " #puts stderr \"x11vnc_icon_mode: $x11vnc_icon_mode\"\n" " }\n" +" # XXX ipv6\n" " if {[regexp {^([^:][^:]*):(.*)$} $piece m0 item val]} {\n" " if {[info exists menu_var($item)]} {\n" " set old $menu_var($item)\n" diff --git a/x11vnc/user.c b/x11vnc/user.c index be2370e..8678b0f 100644 --- a/x11vnc/user.c +++ b/x11vnc/user.c @@ -1180,9 +1180,11 @@ static void handle_one_http_request(void) { screen->port = 0; http_connections(1); + rfbInitServer(screen); if (!inetd) { + /* XXX ipv6 */ int conn = 0; while (1) { if (0) fprintf(stderr, "%d %d %d %d\n", conn, screen->listenSock, screen->httpSock, screen->httpListenSock); @@ -1234,8 +1236,7 @@ static void handle_one_http_request(void) { rfbLog("handle_one_http_request: finished.\n"); return; } else { - int sock = rfbConnectToTcpAddr("127.0.0.1", - screen->httpPort); + int sock = connect_tcp("127.0.0.1", screen->httpPort); if (sock < 0) { exit(1); } @@ -1703,6 +1704,7 @@ static void vnc_redirect_loop(char *vnc_redirect_test, int *vnc_redirect_cnt) { } } else { pid_t pid = 0; + /* XXX ipv6 */ if (screen->httpListenSock >= 0) { #if LIBVNCSERVER_HAVE_FORK if ((pid = fork()) > 0) { @@ -1817,7 +1819,7 @@ static void vnc_redirect_loop(char *vnc_redirect_test, int *vnc_redirect_cnt) { static void do_vnc_redirect(int created_disp, char *vnc_redirect_host, int vnc_redirect_port, int vnc_redirect_cnt, char *vnc_redirect_test) { - char *q = strchr(use_dpy, ':'); + char *q = strrchr(use_dpy, ':'); int vdpy = -1, sock = -1; int s_in, s_out, i; if (vnc_redirect == 2) { @@ -1850,7 +1852,7 @@ static void do_vnc_redirect(int created_disp, char *vnc_redirect_host, int vnc_r usleep(1000*1000); } for (i=0; i < 20; i++) { - sock = rfbConnectToTcpAddr(vnc_redirect_host, vdpy); + sock = connect_tcp(vnc_redirect_host, vdpy); if (sock >= 0) { break; } @@ -2993,9 +2995,14 @@ int wait_for_client(int *argc, char** argv, int http) { if (! screen->port || screen->listenSock < 0) { if (got_rfbport && got_rfbport_val == 0) { ; + } else if (ipv6_listen && ipv6_listen_fd >= 0) { + rfbLog("Info: listening only on IPv6 interface.\n"); } else { rfbLogEnable(1); rfbLog("Error: could not obtain listening port.\n"); + if (!got_rfbport) { + rfbLog("If this system is IPv6-only, use the -6 option.\n"); + } clean_up_exit(1); } } diff --git a/x11vnc/util.c b/x11vnc/util.c index e6c77d6..4e7d80d 100644 --- a/x11vnc/util.c +++ b/x11vnc/util.c @@ -495,7 +495,7 @@ void check_allinput_rate(void) { if (verb) rfbLog("check_allinput_rate:\n"); if (verb) rfbLog("Client is sending %.1f extra requests per second for the\n", rate); if (verb) rfbLog("past %d seconds! (queued: %d)\n", dt, nq); - if (strstr(getenv("CHECK_RATE"), "allinput") && !all_input) { + if (strstr(getenv("CHECK_RATE"), "allinput") && !all_input && !handle_events_eagerly) { rfbLog("Switching to -allpinput mode.\n"); all_input = 1; } @@ -590,6 +590,9 @@ int rfbPE(long usec) { } } + if (ipv6_listen) { + check_ipv6_listen(usec); + } if (check_rate != 0) { if (check_rate < 0) { if (getenv("CHECK_RATE")) { @@ -643,8 +646,7 @@ void rfbCFD(long usec) { if (all_input) { do_allinput(usec); } else { - /* XXX how for cmdline? */ - if (all_input) { + if (handle_events_eagerly) { screen->handleEventsEagerly = TRUE; } else { screen->handleEventsEagerly = FALSE; diff --git a/x11vnc/x11vnc.1 b/x11vnc/x11vnc.1 index 41e41ad..dc62645 100644 --- a/x11vnc/x11vnc.1 +++ b/x11vnc/x11vnc.1 @@ -1,8 +1,8 @@ .\" This file was automatically generated from x11vnc -help output. -.TH X11VNC "1" "March 2010" "x11vnc " "User Commands" +.TH X11VNC "1" "April 2010" "x11vnc " "User Commands" .SH NAME x11vnc - allow VNC connections to real X11 displays - version: 0.9.10, lastmod: 2010-03-20 + version: 0.9.10, lastmod: 2010-04-08 .SH SYNOPSIS .B x11vnc [OPTION]... @@ -110,6 +110,38 @@ The VNC port to listen on (a libvncserver option), e.g. then the x11vnc \fB-gui\fR is used to prompt the user to enter the port number. .PP +\fB-6\fR +.IP +IPv6 listening support. In addition to IPv4, the +IPv6 address is listened on for incoming connections. +The same port as IPv4 is used to listen. If you have +trouble compiling for this mode, set \fB-DX11VNC_IPV6=0\fR +in CPPFLAGS when configuring. +.IP +Currently, the machine may need to have some IPv4 +support, at the least for the loopback interface, for +everything to work correctly. However for most usage +modes IPv4 support is not required. +.IP +The -6 mode works for both normal connections and +\fB-ssl\fR encrypted ones. Nearly everything is supported +for the IPv6 case, but there are a few exceptions. +See \fB-stunnel\fR for its IPv6 support. +.PP +\fB-noipv6\fR +.IP +Do not try to use IPv6 for any listening or connecting +sockets. This includes both the listening service +port(s) and outgoing connections from \fB-connect,\fR +\fB-connect_or_exit,\fR or \fB-proxy.\fR Use this if you are having +problems due to IPv6. +.PP +\fB-noipv4\fR +.IP +Do not try to use IPv4 for any listening or connecting +sockets. This is mainly for exploring the behavior of +x11vnc on an IPv6-only system, but may have other uses. +.PP \fB-reopen\fR .IP If the X server connection is disconnected, try to @@ -651,6 +683,13 @@ newline and carriage return. "\\c" is expanded to .IP See also the \fB-proxy\fR option below for additional ways to plumb reverse connections. +.IP +IPv6: as of x11vnc 0.9.10 the \fB-connect\fR option should +connect to IPv6 hosts properly. If there are problems +you can disable IPv6 by setting \fB-DX11VNC_IPV6=0\fR +in CPPFLAGS when configuring. If there problems +connecting to IPv6 hosts consider a relay like the +included inet6to4 script or the \fB-proxy\fR option. .PP \fB-connect_or_exit\fR \fIstr\fR .IP @@ -720,6 +759,13 @@ reach the VNC viewer. Up to 3 may be chained, separate them by commas in the order they are to be connected to. E.g.: http://host1:port1,socks5://host2:port2 or three like: first,second,third +.IP +IPv6: as of x11vnc 0.9.10 the \fB-proxy\fR option should +connect to IPv6 hosts properly. If there are problems +you can disable IPv6 by setting \fB-DX11VNC_IPV6=0\fR +in CPPFLAGS when configuring. If there problems +connecting to IPv6 hosts consider a relay like the +included inet6to4 script. .PP \fB-vncconnect,\fR \fB-novncconnect\fR .IP @@ -757,6 +803,9 @@ re-read each time a new client connects. Lines can be commented out with the "#" character in the usual way. .IP \fB-allow\fR applies in \fB-ssl\fR mode, but not in \fB-stunnel\fR mode. +.IP +IPv6: as of x11vnc 0.9.10 a host can be specified +in IPv6 numerical format, e.g. 2001:4860:b009::93. .PP \fB-localhost\fR .IP @@ -778,6 +827,16 @@ If you do not want x11vnc to listen on ANY interface (evidently you are using \fB-connect\fR or \fB-connect_or_exit,\fR or plan to use remote control: \fB-R\fR connect:host), use \fB-rfbport\fR 0 +.IP +IPv6: if IPv6 is supported, this option automatically +implies the IPv6 loopback address '::1' as well. +.PP +\fB-listen6\fR \fIstr\fR +.IP +When in IPv6 listen mode "-6", only listen on the +network interface with address \fIstr\fR. It currently +does not work for link scope addresses or non-numeric +hostname strings. .PP \fB-nolookup\fR .IP @@ -1419,7 +1478,7 @@ can act as a replacement for .IP This mode only allows one redirected connection. The \fB-forever\fR option does not apply. Use \fB-inetd\fR or -\fB-loop\fR for persistant service. +\fB-loop\fR for persistent service. .PP \fB-display\fR \fIWAIT:...\fR .IP @@ -1514,6 +1573,10 @@ be ignored if the FD_TAG env. var. is already set or if the viewer-side supplied value is not completely composed of alphanumeric or '_' or '-' characters. .IP +To troubleshoot the FINDCREATEDISPLAY mechanism, +set the following env. var. to an ouput log file, +e.g \fB-env\fR CREATE_DISPLAY_OUTPUT=/tmp/mydebug.txt +.IP To disable the option setting set the environment variable X11VNC_NO_UNIXPW_OPTS=1 before starting x11vnc. To set any other options, the user can use the gui @@ -2459,15 +2522,25 @@ requirement. .IP Set \fB-env\fR STUNNEL_DEBUG=1 for more debugging printout. .IP +Set \fB-env\fR STUNNEL_PROG=xxx to the full path of stunnel +program you want to be used (e.g. /usr/bin/stunnel4). +.IP +Set \fB-env\fR STUNNEL_LISTEN=xxx to the address of the +network interface to listen on (the default is to listen +on all interfaces), e.g. STUNNEL_LISTEN=192.168.1.100. +.IP +A simple way to add IPv6 support is STUNNEL_LISTEN=:: +.IP Your VNC viewer will also need to be able to connect via SSL. Unfortunately not too many do this. See the information about SSL viewers under the \fB-ssl\fR option. +The x11vnc project's SSVNC is an option. .IP Also, in the x11vnc distribution, patched TightVNC and UltraVNC Java applet jar files are provided in the classes/ssl directory that do SSL connections. -Enable serving them with the \fB-http,\fR \fB-http_ssl,\fR \fB-https,\fR -or \fB-httpdir\fR (see the option descriptions for more info.) +Enable serving them with the \fB-http,\fR \fB-http_ssl,\fR or +\fB-httpdir\fR (see the option descriptions for more info.) .IP Note that for the Java viewer applet usage the "?PORT=xxxx" in the various URLs printed at startup @@ -4310,6 +4383,11 @@ Default: 10 Have x11vnc read and process all available client input before proceeding. .PP +\fB-input_eagerly\fR +.IP +Similar to \fB-allinput\fR but use the handleEventsEagerly +mechanism built into LibVNCServer. +.PP \fB-speeds\fR \fIrd,bw,lat\fR .IP x11vnc tries to estimate some speed parameters that @@ -5541,6 +5619,20 @@ nolocalhost disable \fB-localhost\fR mode .IP listen:str set \fB-listen\fR to str, empty to disable. .IP +noipv6 enable \fB-noipv6\fR mode. +.IP +ipv6 disable \fB-noipv6\fR mode. +.IP +noipv4 enable \fB-noipv4\fR mode. +.IP +ipv4 disable \fB-noipv4\fR mode. +.IP +6 enable -6 IPv6 listening mode. +.IP +no6 disable -6 IPv6 listening mode. +.IP +lookup disable \fB-nolookup\fR mode. +.IP nolookup enable \fB-nolookup\fR mode. .IP lookup disable \fB-nolookup\fR mode. @@ -5844,6 +5936,10 @@ allinput enable use of \fB-allinput\fR mode. .IP noallinput disable use of \fB-allinput\fR mode. .IP +input_eagerly enable use of \fB-input_eagerly\fR mode. +.IP +noinput_eagerly disable use of \fB-input_eagerly\fR mode. +.IP ssltimeout:n set \fB-ssltimeout\fR to n. .IP speeds:str set \fB-speeds\fR to str. @@ -6223,52 +6319,54 @@ nooverlay_yescursor overlay_nocursor 8to24 no8to24 8to24_opts 24to32 no24to32 visual scale scale_cursor viewonly noviewonly shared noshared forever noforever once timeout tightfilexfer notightfilexfer ultrafilexfer -noultrafilexfer rfbversion deny lock nodeny unlock -avahi mdns zeroconf noavahi nomdns nozeroconf connect -proxy allowonce allow localhost nolocalhost listen -lookup nolookup accept afteraccept gone shm noshm -flipbyteorder noflipbyteorder onetile noonetile -solid_color solid nosolid blackout xinerama noxinerama -xtrap noxtrap xrandr noxrandr xrandr_mode rotate padgeom -quiet q noquiet modtweak nomodtweak xkb noxkb capslock -nocapslock skip_lockkeys noskip_lockkeys skip_keycodes -sloppy_keys nosloppy_keys skip_dups noskip_dups -add_keysyms noadd_keysyms clear_mods noclear_mods -clear_keys noclear_keys clear_all clear_locks keystate -remap repeat norepeat fb nofb bell nobell sendbell -sel nosel primary noprimary setprimary nosetprimary -clipboard noclipboard setclipboard nosetclipboard -seldir cursorshape nocursorshape cursorpos nocursorpos -cursor_drag nocursor_drag cursor show_cursor -noshow_cursor nocursor arrow xfixes noxfixes xdamage -noxdamage xd_area xd_mem alphacut alphafrac alpharemove -noalpharemove alphablend noalphablend xwarppointer -xwarp noxwarppointer noxwarp buttonmap dragging -nodragging ncache_cr noncache_cr ncache_no_moveraise -noncache_no_moveraise ncache_no_dtchange -noncache_no_dtchange ncache_no_rootpixmap -noncache_no_rootpixmap ncache_reset_rootpixmap ncrp -ncache_keep_anims noncache_keep_anims ncache_old_wm -noncache_old_wm ncache_pad ncache noncache ncache_size -debug_ncache nodebug_ncache wireframe_mode wireframe wf -nowireframe nowf wireframelocal wfl nowireframelocal -nowfl wirecopyrect wcr nowirecopyrect nowcr scr_area +noultrafilexfer rfbversion deny lock nodeny unlock avahi +mdns zeroconf noavahi nomdns nozeroconf connect proxy +allowonce allow noipv6 ipv6 noipv4 ipv4 no6 6 localhost +nolocalhost listen lookup nolookup accept afteraccept +gone shm noshm flipbyteorder noflipbyteorder onetile +noonetile solid_color solid nosolid blackout xinerama +noxinerama xtrap noxtrap xrandr noxrandr xrandr_mode +rotate padgeom quiet q noquiet modtweak nomodtweak xkb +noxkb capslock nocapslock skip_lockkeys noskip_lockkeys +skip_keycodes sloppy_keys nosloppy_keys skip_dups +noskip_dups add_keysyms noadd_keysyms clear_mods +noclear_mods clear_keys noclear_keys clear_all +clear_locks keystate remap repeat norepeat fb nofb bell +nobell sendbell sel nosel primary noprimary setprimary +nosetprimary clipboard noclipboard setclipboard +nosetclipboard seldir cursorshape nocursorshape +cursorpos nocursorpos cursor_drag nocursor_drag cursor +show_cursor noshow_cursor nocursor arrow xfixes +noxfixes xdamage noxdamage xd_area xd_mem alphacut +alphafrac alpharemove noalpharemove alphablend +noalphablend xwarppointer xwarp noxwarppointer +noxwarp buttonmap dragging nodragging ncache_cr +noncache_cr ncache_no_moveraise noncache_no_moveraise +ncache_no_dtchange noncache_no_dtchange +ncache_no_rootpixmap noncache_no_rootpixmap +ncache_reset_rootpixmap ncrp ncache_keep_anims +noncache_keep_anims ncache_old_wm noncache_old_wm +ncache_pad ncache noncache ncache_size debug_ncache +nodebug_ncache wireframe_mode wireframe wf nowireframe +nowf wireframelocal wfl nowireframelocal nowfl +wirecopyrect wcr nowirecopyrect nowcr scr_area scr_skip scr_inc scr_keys scr_term scr_keyrepeat scr_parms scrollcopyrect scr noscrollcopyrect noscr fixscreen noxrecord xrecord reset_record -pointer_mode pm input_skip allinput noallinput input -grabkbd nograbkbd grabptr nograbptr grabalways -nograbalways grablocal client_input ssltimeout -speeds wmdt debug_pointer dp nodebug_pointer nodp -debug_keyboard dk nodebug_keyboard nodk keycode keysym -ptr fakebuttonevent sleep get_xprop set_xprop wininfo -bcx_xattach deferupdate defer setdefer extra_fbur -wait_ui wait_bog nowait_bog slow_fb xrefresh wait -readtimeout nap nonap sb screen_blank fbpm nofbpm dpms -nodpms clientdpms noclientdpms forcedpms noforcedpms -noserverdpms serverdpms noultraext ultraext chatwindow -nochatwindow chaton chatoff fs gaps grow fuzz snapfb -nosnapfb rawfb uinput_accel uinput_thresh uinput_reset +pointer_mode pm input_skip allinput noallinput +input_eagerly noinput_eagerly input grabkbd nograbkbd +grabptr nograbptr grabalways nograbalways grablocal +client_input ssltimeout speeds wmdt debug_pointer dp +nodebug_pointer nodp debug_keyboard dk nodebug_keyboard +nodk keycode keysym ptr fakebuttonevent sleep get_xprop +set_xprop wininfo bcx_xattach deferupdate defer +setdefer extra_fbur wait_ui wait_bog nowait_bog +slow_fb xrefresh wait readtimeout nap nonap sb +screen_blank fbpm nofbpm dpms nodpms clientdpms +noclientdpms forcedpms noforcedpms noserverdpms +serverdpms noultraext ultraext chatwindow nochatwindow +chaton chatoff fs gaps grow fuzz snapfb nosnapfb +rawfb uinput_accel uinput_thresh uinput_reset uinput_always progressive rfbport http nohttp httpport httpdir enablehttpproxy noenablehttpproxy alwaysshared noalwaysshared nevershared noalwaysshared dontdisconnect diff --git a/x11vnc/x11vnc.c b/x11vnc/x11vnc.c index d659651..3d91918 100644 --- a/x11vnc/x11vnc.c +++ b/x11vnc/x11vnc.c @@ -1,7 +1,7 @@ /* * x11vnc: a VNC server for X displays. * - * Copyright (C) 2002-2009 Karl J. Runge <runge@karlrunge.com> + * Copyright (C) 2002-2010 Karl J. Runge <runge@karlrunge.com> * All rights reserved. * * This file is part of x11vnc. @@ -216,9 +216,9 @@ int tsdo(int port, int lsock, int *conn) { if (db) rfbLog("tsdo: using existing csock: %d, port: %d\n", csock, port); } - rsock = rfbConnectToTcpAddr("127.0.0.1", port); + rsock = connect_tcp("127.0.0.1", port); if (rsock < 0) { - if (db) rfbLog("tsdo: rfbConnectToTcpAddr(port=%d) failed.\n", port); + if (db) rfbLog("tsdo: connect_tcp(port=%d) failed.\n", port); close(csock); return 2; } @@ -391,7 +391,8 @@ void terminal_services(char *list) { XSync(dpy, False); for (k=1; k <= 5; k++) { - socks[i] = rfbListenOnTCPPort(listen[i], htonl(INADDR_LOOPBACK)); + /* XXX ::1 fallback? */ + socks[i] = listen_tcp(listen[i], htonl(INADDR_LOOPBACK), 1); if (socks[i] >= 0) { if (db) fprintf(stderr, " listen succeeded: %d\n", listen[i]); break; @@ -601,7 +602,7 @@ if (tstk[j] != 0) fprintf(stderr, "B redir[%d][%d] = %d %s\n", i, j, tstk[j], t redir[i][j] = 0; continue; } - s = rfbConnectToTcpAddr("127.0.0.1", p); + s = connect_tcp("127.0.0.1", p); if (s < 0) { redir[i][j] = 0; if (db) fprintf(stderr, "tsdo[%d][%d] clean: connect failed: %d\n", i, j, p); @@ -646,6 +647,7 @@ void do_tsd(void) { char *cmd; int n, sz = 0; char *disp = DisplayString(dpy); + char *logfile = getenv("TS_REDIR_LOGFILE"); int db = 0; if (getenv("TS_REDIR_DEBUG")) { @@ -675,6 +677,12 @@ void do_tsd(void) { sz += strlen("-env TSD_RESTART=1") + 1; sz += strlen("</dev/null 1>/dev/null 2>&1") + 1; sz += strlen(" &") + 1; + if (logfile) { + sz += strlen(logfile); + } + if (ipv6_listen) { + sz += strlen("-6") + 1; + } cmd = (char *) malloc(sz); @@ -684,7 +692,9 @@ void do_tsd(void) { *(xauth-2) = '_'; /* yow */ } } - sprintf(cmd, "%s -display %s -tsd '%s' -env TSD_RESTART=1 </dev/null 1>/dev/null 2>&1 &", program_name, disp, prop); + sprintf(cmd, "%s -display %s -tsd '%s' -env TSD_RESTART=1 %s </dev/null 1>%s 2>&1 &", + program_name, disp, prop, ipv6_listen ? "-6" : "", + logfile ? logfile : "/dev/null" ); rfbLog("running: %s\n", cmd); #if LIBVNCSERVER_HAVE_FORK && LIBVNCSERVER_HAVE_SETSID @@ -2511,10 +2521,32 @@ int main(int argc, char* argv[]) { got_localhost = 1; continue; } + if (!strcmp(arg, "-listen6")) { + listen_str6 = strdup(argv[++i]); + continue; + } if (!strcmp(arg, "-nolookup")) { host_lookup = 0; continue; } +#if X11VNC_IPV6 + if (!strcmp(arg, "-6")) { + ipv6_listen = 1; + continue; + } + if (!strcmp(arg, "-no6")) { + ipv6_listen = 0; + continue; + } + if (!strcmp(arg, "-noipv6")) { + noipv6 = 1; + continue; + } + if (!strcmp(arg, "-noipv4")) { + noipv4 = 1; + continue; + } +#endif if (!strcmp(arg, "-input")) { CHECK_ARGC allowed_input_str = strdup(argv[++i]); @@ -3558,6 +3590,14 @@ int main(int argc, char* argv[]) { all_input = 0; continue; } + if (!strcmp(arg, "-input_eagerly")) { + handle_events_eagerly = 1; + continue; + } + if (!strcmp(arg, "-noinput_eagerly")) { + handle_events_eagerly = 0; + continue; + } if (!strcmp(arg, "-speeds")) { CHECK_ARGC speeds_str = strdup(argv[++i]); @@ -4311,6 +4351,11 @@ int main(int argc, char* argv[]) { close(n); } } + if (ipv6_listen) { + if (inetd) { + ipv6_listen = 0; + } + } if (inetd && quiet && !logfile) { int n; /* @@ -5735,9 +5780,14 @@ int main(int argc, char* argv[]) { if (! screen->port || screen->listenSock < 0) { if (got_rfbport && got_rfbport_val == 0) { ; + } else if (ipv6_listen && ipv6_listen_fd >= 0) { + rfbLog("Info: listening only on IPv6 interface.\n"); } else { rfbLogEnable(1); rfbLog("Error: could not obtain listening port.\n"); + if (!got_rfbport) { + rfbLog("If this system is IPv6-only, use the -6 option.\n"); + } clean_up_exit(1); } } @@ -5776,7 +5826,6 @@ int main(int argc, char* argv[]) { } if (screen && screen->httpListenSock >= 0) { close(screen->httpListenSock); - FD_CLR(screen->httpListenSock,&screen->allFds); screen->httpListenSock = -1; } if (openssl_sock >= 0) { @@ -5787,6 +5836,22 @@ int main(int argc, char* argv[]) { close(https_sock); https_sock = -1; } + if (openssl_sock6 >= 0) { + close(openssl_sock6); + openssl_sock6 = -1; + } + if (https_sock6 >= 0) { + close(https_sock6); + https_sock6 = -1; + } + if (ipv6_listen_fd >= 0) { + close(ipv6_listen_fd); + ipv6_listen_fd = -1; + } + if (ipv6_http_fd >= 0) { + close(ipv6_http_fd); + ipv6_http_fd = -1; + } } /* fork into the background now */ if ((p = fork()) > 0) { diff --git a/x11vnc/x11vnc.h b/x11vnc/x11vnc.h index 9363cc2..f77cccd 100644 --- a/x11vnc/x11vnc.h +++ b/x11vnc/x11vnc.h @@ -316,6 +316,14 @@ extern int h_errno; #include <arpa/inet.h> #endif +#ifndef X11VNC_IPV6 +#if defined(AF_INET6) || defined(PF_INET6) +#define X11VNC_IPV6 1 +#else +#define X11VNC_IPV6 0 +#endif +#endif + #if LIBVNCSERVER_HAVE_PWD_H #include <pwd.h> #include <grp.h> diff --git a/x11vnc/x11vnc_defs.c b/x11vnc/x11vnc_defs.c index 740b4a3..0e5f0d7 100644 --- a/x11vnc/x11vnc_defs.c +++ b/x11vnc/x11vnc_defs.c @@ -47,7 +47,7 @@ int xtrap_base_event_type = 0; int xdamage_base_event_type = 0; /* date +'lastmod: %Y-%m-%d' */ -char lastmod[] = "0.9.10 lastmod: 2010-03-20"; +char lastmod[] = "0.9.10 lastmod: 2010-04-08"; /* X display info */ diff --git a/x11vnc/xevents.c b/x11vnc/xevents.c index de6db8a..4221090 100644 --- a/x11vnc/xevents.c +++ b/x11vnc/xevents.c @@ -50,6 +50,7 @@ so, delete this exception statement from your version. #include "pm.h" #include "pointer.h" #include "remote.h" +#include "inet.h" /* XXX CHECK BEFORE RELEASE */ int grab_buster = 0; @@ -1962,7 +1963,8 @@ static void try_local_chat_window(void) { for (i = 0; i < 90; i++) { /* find an open port */ port = 7300 + i; - lsock = rfbListenOnTCPPort(port, htonl(INADDR_LOOPBACK)); + /* XXX ::1 fallback */ + lsock = listen_tcp(port, htonl(INADDR_LOOPBACK), 0); if (lsock >= 0) { break; } diff --git a/x11vnc/xinerama.c b/x11vnc/xinerama.c index 3f8ed84..70445c9 100644 --- a/x11vnc/xinerama.c +++ b/x11vnc/xinerama.c @@ -331,9 +331,11 @@ void check_xinerama_clip(void) { static void initialize_xinerama (void) { #if !LIBVNCSERVER_HAVE_LIBXINERAMA - rfbLog("Xinerama: Library libXinerama is not available to determine\n"); - rfbLog("Xinerama: the head geometries, consider using -blackout\n"); - rfbLog("Xinerama: if the screen is non-rectangular.\n"); + if (!raw_fb_str) { + rfbLog("Xinerama: Library libXinerama is not available to determine\n"); + rfbLog("Xinerama: the head geometries, consider using -blackout\n"); + rfbLog("Xinerama: if the screen is non-rectangular.\n"); + } #else XineramaScreenInfo *sc, *xineramas; sraRegionPtr black_region, tmp_region; |