= Getting connected with VNC in GNOME Connections

The Wayland protocol is the latest graphical server software for Linux computers, and it has replaced the X11 system in most major distributions.
Old tricks like X Forwarding over SSH and logging in through `xhost` are on the way out, and remote access is now provided by the remote frame buffer protocol and VNC.
Now that it's the primary means of remote graphical login for Linux, new VNC applications are being written to integrate it with the rest of the desktop.
This also means that Linux users and admins need to learn about new configuration options so their computers can connect with one another.
There's not much to it, so this article demonstrates how to configure your system for screen sharing, and how to troubleshoot when things go wrong.

== A connection in two parts

There are two components to connecting over VNC.
As a VNC user, you may use only one or both of these components.

Computers being connected _to_ (called a "remote" host) must be configured to allow connection requests.
This includes screen sharing permissions, internal firewall rules, and possibly external firewall rules and port forwarding.

The computer you're sitting at (called the "local" host) when you want to reach out and connect to a remote screen must have an application to make and manage the VNC request.
The GNOME desktop provides the *Connections* application to help you connect to remote machines from your local host.

== Configuring GNOME

On the remote machine, you must enable screen sharing before a VNC connection request will even be considered by the computer.
To allow screen sharing, open the *Settings* application from the *Activities* menu of the computer's GNOME desktop (if you've never had access to the remote computer, you'll have to talk the user through these steps, or send them http://LINK TO OPENSOURCE.COM ARTICLE[this friendly article].)

In GNOME *Settings*, click on the *Sharing* item in the list in the left column.
In *Sharing*, click on *Screen Sharing*.
In the *Screen Sharing* window that appears, choose whether you want to require the user to accept a connection request by clicking an on-screen button, or whether you prefer to create a password for entry.

INSERT gnome-settings-sharing.jpg

== Configuring the firewall

VNC uses port 5900 by default, and that's usually blocked by a local firewall.
You can open that port using https://www.redhat.com/sysadmin/secure-linux-network-firewall-cmd[firewall-cmd]:

[source,bash]
----
$ sudo firewall-cmd --add-service vnc-server
----

Alternately, you can use the https://firewalld.org[Firewall] application.
The *firewalld* application is relatively simple.
Find the service you want to add (*vnc-server*) and then click to enable it.
After adding `vnc-server`, open the *Options* menu and select *Runtime to permanent* if you want the rule to persist after a reboot.

INSERT firewalld-vnc.png

The remote host is now configured to accept VNC requests.

== GNOME Connections

On your local computer, install the GNOME *Connections* application from GNOME *Software*, or using your package manager:

[source,bash]
----
$ sudo dnf install gnome-connections
----

Only the computer connection _to_ another computer requires this application.
The computer sharing its screen does not need *Connections*, it only needs to have been configured to accept VNC requests.

In GNOME *Connections*, click the plus (*+*) icon in the top left to add a destination host.
Select the VNC protocol, and enter the user name and host or IP address you want to connect to, and then click the *Connect* button.

If you've configuder the remote host to require a password for VNC, then you're prompted for the password before the connection is made.
Otherwise, the user on the remote machine receives an alert asking whether they want to allow you to share their screen.
As long as they accept, the connection is made and you can view and even control the mouse and keyboard of the remote host.

== Troubleshoooting

When a VNC connection fails, there are a few likely reasons.
Here's a checklist, in the order you should diagnose each problem:

=== Screen sharing

*Problem:* The remote host isn't configured to permit screen sharing.

*Solution:* Enable screen sharing in the *Sharing* section of GNOME *Settings*.

=== Access not granted

*Problem:* The remote host is configured to permit screen sharing but requires a user to let you in, and there's no user currently at the computer or the user isn't accepting your connection request.

*Solution:* Ensure that a user is at the remote host, and that they're able to find the notification for the connection request. If the notification seems to be vanishing before the user's able to accept, it can usually be found logged in the notification center, which you can access by clicking the GNOME clock in the center of the top of the screen.

=== Password

*Problem:* The remote host is configured to require a password, and you're entering the incorrect password.

*Solution:* Verify or reset the password on the remote.

=== Local firewall

*Problem:* The remote host's internal firewall is blocking port 5900. For `firewall-cmd`, rules made without the `--permanent` flag don't persist across reboots, so it's not uncommon for VNC to work one day and then fail the next because port 5900 wasn't added as a permanent exception.

*Solution:* Use the `--permanent` flag with `firewall-cmd`. In the graphical firewalld application, you must go to the *Options* menu and select *Runtime to permanent* after you add `vnc-server`.

=== Network firewall

*Problem:* If you're on a separate network than the remote host, the network firewall may be blocking you from connecting through port 5900.

*Solution:* A network admin (that might be you) must modify the gateway's firewall rules to permit port 5900.

=== Port forwarding

*Problem:* To get to a specific host on a separate network using NAT, you probably need port forwarding enabled so that the gateway to the network knows where to direct your incoming traffic.

*Solution:* Preferably, your target network has a virtual private network (VPN) for you to join, so that internal addresses are resolved.

Failing that, a network admin (if that's you, consider http://LINK-TO-ARTICLE[setting up a VPN with Wireguard]) must configure the network's router to forward incoming traffic for a specific port to be routed to the host you're trying to reach. Unless VNC is only being used for that specific host, this probably means that the port you use for VNC needs to change. For instance, instead of port 5900, you might use 59001 so that all incoming traffic to `example.com:59001` gets routed to `remotehost:5900`.

Should this be necessary, you must adapt the URI in *GNOME Connections* from, for instance, `[email protected]` to `[email protected]:59001`.
In other words, you no longer target the individual host from your computer, you target a special port on the host's gateway router.
The router targets the remote host you really want to connect with.



== The power of VNC

GNOME *Connections* isn't the only VNC application, but it's a great example of a simple dashboard for remote management.
After you make a connection with a host, the connection details are stored in *Connections* so you can quickly and easily connect again later.
VNC is an excellent, open source way to connect to hosts of any OS, and GNOME *Connections* makes it simple.

You are viewing proxied material from sdf.org. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.