Advice for rdp/vnc to lan pcs and while still using vpn for inet

Hello Garuda users.
i must use vpns for work. i would like to access/rdp/vnc my linux and mac into windows on my main windows10 pc mainly so i can use the same mouse,kybd, big monitor etc etc.

my first question is there a way to have fast rdp/vnc on the lan
(since they are all behind the same router and get a 192.168.1.* )
while at the same time they are all running their own VPN connections for internet (nordvpn in my case) ???

when they are on vpn it seems like my windows can see my garuda laptop via lan ip.
i did arp 192.168.1.3 to confirm this. pings get timed out but prob bc of ufw or other reason.

i read rdp/vnc/networking is fundementally blocked over lan when you have each device on its own vpn connection, is that true or not?

i read read nordvpn has meshnet but its slow. i know another option could be buy a vpn router but i prefer these pcs to use different vpns so a single vpn by a vpn router would not be perfect for me.

anyone have any advice on tigervnc(encryptable) vs realvnc(not-encryptable?) bc i saw both are in arch aur in octopi.

is one better than the other for multi monitor? (bc i have my garuda hdmi to my big 4k monitor too but as i said , i want to use the same keybd mouse as my win pc and flipping hdmi inputs sux. garuda in a rdp/vnc window on my win10 would be my pref)

thanks in advance for your experiences and advice

Moved from #issues-assistance:newbies to #issues-assistance:aur-snaps-flatpaks-other

1 Like

To expose LAN access for a NordVPN-connected device, add a whitelist argument to each device for the LAN subnet.

nordvpn whitelist add subnet 192.168.1.0/24

See a related discussion here: Allow internal network on Linux - r/nordvpn

TigerVNC (which, to my understanding, is a derivative of RealVNC) seems to be more commonly used. Granted that is not always an indication that a piece of software is better than other options, but another compelling factor is TigerVNC has it's own ArchWiki page to help you get it set up: TigerVNC - ArchWiki

4 Likes

thanks that helps , you rock! hope it works.

one more question to drill down:
-is it like i would run that command on each of those 3 machines so their nordvpn unblocks all lan devices?
-or do i have to set a fixed lan ip for the pc, mac, and garuda machines and run that cmd multiple times for each of those 3 machine's lan_ips?

thanks in advance!

Yes, you would run the command on each machine that will connect to NordVPN and it will whitelist all IPs on the subnet (192.168.1.0/24 includes all IPs from 192.168.1.0 to 192.168.1.255).

Some NordVPN settings have persistence between sessions. If you enable the killswitch for example, it will stay on until you turn it off--even if you shut down the VPN, or reboot the entire computer. I am not sure if your whitelist will persist between sessions or not--you will have to test and find out.

1 Like

i tried to follow the arch wiki instructions to setup tigervnc service on garuda and nordvpn whitelist. ( its a bit confusing bc it mixes in so many options and other things instead of a quickstart sequence of steps :confused: )

on the windows pc the nordvpn desktop app didnt have a whitelist . it has a split tunneling to choose apps to not be in the vpn. tried that for both windows comamnd processor & tigervpn client for win64.
Now I can ssh log in to garuda from window cmd prompt. thats good.

i have ALLOW IN 5901/tcp in ufw and its showing via : sudo ufw staus numbered
BUT i got failed to connect to 192.168.1.3:5901 w tigervnc viewer win app.

i also tried :1 instead of :5901 and got same thing. the 1 is supposed to be for a display user in a config file where i have just the one, me.

tigervnc said unable to connect to socket: no connection could be made because the target machine actively refused it. (10061)

question: do you have any idea what the next step might be to troubleshoot that error?
whats the right way to test it without ssh tunnel ?

is there a good quickstart quide anywhere thats less overwhelming than the arch wiki page?

The :1 that relates to the port (5900 + 1) is in /etc/tigervnc/vncserver.users. Is that where you have this value? Don't forget to start the service as well (sudo systemctl start [email protected]:1.service).

Did you specify a session in ~/.vnc/config? No garuda-inxi so I can't tell what desktop you have, but check in /usr/share/xsessions/ if you aren't sure what to put.

Also in ~/.vnc/config, make sure you remove or comment out the line in the ArchWiki example that says localhost--that line enables VNC session only on the machine itself, not from the network.

2 Likes

its garuda plasma dragonized.
have the #localhost commented out
and restarted like u said
sudo systemctl start [email protected]:1.service

i did do the session ~/.vnc/config
:neil=1

but i just heard in a video that you cannot be logged in as my user AND vnc in as that same user.
is that true?

if that is the case than i would probably just be happier with some other remote desktop solution that will MIRROR the already logged in screens as they are.
can you recommend any?

Just to be clear, the user mappings go in /etc/tigervnc/vncserver.users--not ~/.vnc/config.

The mapping you noted is not right; it should be like this:

:1=neil

That is not true, at least not the way you have written it. TigerVNC creates an extra display, it is not a real time broadcast of a logged-in session. If you want a VNC solution that is a real-time broadcast of a logged-in session, take a look at X11vnc: X11vnc - ArchWiki

Another option to consider would be RustDesk. A benefit of RustDesk would be it is very easy to deploy, and very easy to connect to. A drawback is it will have a more pronounced latency than a VNC client.

2 Likes

thanks. im going to try x11vnc bc its just a multi-monitor linux on my lan a few feet away....
question: if you x11vnc into a two or three monitor laptop setup, what happens?
is there a left/right arrow to move to the other monitor screens or is there a special trick configuration ? thanks

Additional configuration is required for multi-monitor setups, as you might expect. I don't have any experience with that kind of configuration myself, but a quick web search turns up plenty of hits for tutorials and forum assistance:

How you interact with the displays (arrow keys or keybindings or whatever) would depend on the client you will use on the guest machine, I imagine.

2 Likes

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.