Remote VNC on Windows (no SSH)
#Introduction
VNC is a remote desktop protocol used as a remote desktop solution across many different platforms. It’s sort of like SSH, which provides remote secure shell access. In this tutorial, we walk through how to set up a VNC server on Microsoft Windows, along with the Diode CLI, so that the machine can be remotely accessed via the Diode network.
Using the Diode Network brings the following advantages:
- Dodge NAT. This method works even behind NAT, making this solution particularly helpful in situations where you are behind a router that you are not able to configure, as is the case in a hotel or dorm room.
- Mobility. Using the Diode network allows for a single connection address regardless of which physical network you are connected to. This is ideal for use on devices such as laptops and smartphones that are constantly jumping from network to network.
- Friendly. Your Diode address won’t change on you like your IP address does. This means that with Diode, you don’t have to pay your ISP extra for a static IP address or deal with a dynamic DNS service. Your Diode address stays consistent out-of-the-box. Additionally, an easy-to-remember BNS address such as “mysurfacepro.diode” can be optionally registered to your Diode address; this name can then be used in place of your Diode address.
- Anonymity. Without the Diode Network, you would have to use your public IP address to connect, tying your internet traffic to your real-world identity. With the Diode Network, there is no personal information attached to your traffic by default.
- Secure. Using Diode to connect to your device provides security that your router can’t match. The Diode Network is fully decentralized and uses 256 bit public key cryptography for authentication. It’s easy to restrict access to only the devices you explicitly allow to connect.
#Stage 1: Diode CLI
- Download the Diode CLI for Windows diode_windows_arm64.zip file
- Extract diode_windows_arm64.zip and copy the resulting folder containing the extracted Diode file into the
%PROGRAMFILES%
directory. - Update the system path variable to include the Diode CLI
- Type “Edit the system environment variables” into the Windows search bar and click the result.
- Click the “Environment Variables” button at the bottom right of the popup
- Click on the “Path” variable
- With the “Path variable row highlighted, click “Edit”
- In the popup, click “New” & type the path to the parent directory of your recently-installed Diode CLI (it will be something like this:
%PROGRAMFILES%\diode_windows_amd64
) - Click “Ok” to save & close each of the 3 popup Windows
- Open up the command prompt and type “diode version” (make sure you’re not in the same directory as the installed Diode CLI). If you get a nice readout containing version info for the Diode CLI, then you’ve done the above configuration successfully. If you don’t get this nice readout, revisit the steps above.
- Take note of your servers Diode client address by running
diode config
in the command prompt - Build your connection string to publish port 5900 (see the “diode publish” section of this linked article for more information).
- To publish your port publicly on the Diode Network, the following string is used:
diode publish -public 5900:5900
- To publish a port privately to a specific Diode Client, the following string is used:
diode publish -private 5900:5900,<authorized_diode_client_address>
. The leading “0x” must be included in the Diode client address. If you don’t have a Diode client address on another device yet, use option A for now to publish the port publicly. You will get a Diode client address in Stage 3 of this tutorial that you can use to lock down the Diode connection.
- To publish your port publicly on the Diode Network, the following string is used:
- Follow the steps in this short tutorial to set up the Diode CLI to publish your port automatically every time your Windows computer boots up. Use the connection string from the previous step when following this tutorial.
#Stage 2: VNC Server
- Download & install the TightVNC Server for Windows, sticking to defaults and using the “Typical” settings option if prompted (you can use any VNC server, but we’ll use this one for this tutorial).
- Set the administrative and remote access passwords as prompted.
#Stage 3: Connecting to the Server Via Diode Network
- On a different device, download & install the Diode CLI
- Use the following string in a terminal window to connect to your VNC server over the Diode Network. Be sure to substitute <diode_address> with the Diode client address that you took note of in step 4 of Stage 1. The leading “0x” should be included in the <diode_address>.
diode -bind 5900:<diode_address>:5900
- Use a VNC client to connect to localhost:5900 (as for VNC clients, Remmina is good on Linux, and TigerVNC Viewer is good on Windows)
- You need to secure the Diode connection so that only whitelisted clients can connect to the port published on the server. Otherwise, anyone on the Diode network could connect to your VNC server. To do this, follow the steps below.
-
Get this clients Diode address by running
diode config
in the windows command prompt. Take note of the “client address” in the output of that command. -
On the device with the VNC server, edit your connection string that we set up in Stage 1 steps 5 & 6 to this format:
diode publish -private 5900:5900,0x361a8a27C3d1b939011198c69F4120CA4ea12E99
. This string publishes port 5900 to the Diode network, but only for the client who’s address is listen in the string. Make sure to swap out the made up address in the example above for your actual clients address that you took note of in the previous step.
-