*sigh*....once again I forget to change my "From:" -----Original Message----- From: Jordan Share [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 05, 2003 2:40 PM To: Jason Antonacci; [EMAIL PROTECTED] Subject: RE: Proxy and VNC traffic
> -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On > Behalf Of Jason Antonacci > Sent: Wednesday, February 05, 2003 2:21 PM > To: [EMAIL PROTECTED] > Subject: Proxy and VNC traffic > > > I am aware that VPN, PPP and SSL can all handle VNC traffic. I > am also aware that a product exists to redirect VNC traffic. > > If a incoming vncviewer connection were redirected by Squid > Caching Proxy server (http://www.squid-cache.org) to the VNC > server's port would it be able to connect? Our organization is > implementing a firewall and has not made a VPN client available. > Additionally, I feel our Dept. servers are adequately secure to > implement VNC un-tunneled. However no ports are allowed > directly, hence the proxy question. I think you'd need something like bouncer to tell the proxy to "CONNECT 5900" or whatever. You'd probably be better off using stunnel on both ends. That way you get encryption & authentication. Of course, you'd have to allow connections through the firewall to stunnel (which would in turn connect to the vnc server). I've used stunnel & VNC in these configurations: vncviewer -> stunnel on local machine -> stunnel on target -> winvnc (server) on target vncviewer -> stunnel on gateway machine -> stunnel on target -> winvnc on target Both work quite well, and you can be sure that no one sniffs your traffic, or conducts a man-in-the-middle attack (with proper use of certificates). The second one is quite nice, because you can set up one "gateway" that connects and authenticates via stunnel to multiple target machines. Then you don't have to set up stunnel on multiple machines. Jordan _______________________________________________ VNC-List mailing list [EMAIL PROTECTED] http://www.realvnc.com/mailman/listinfo/vnc-list
