1

I am trying to incorporate SSL with my App so it use a secure connection when accessing through vnc viewers. Based on logs I don't think it even passes the handshaking stage.

Server Configuration: 

pid = <location>/stunnel.pid  
cert = <location>/SystemCred.pem  

[websocket]  
accept = <hostname>:9999  
connect = 127.0.0.1:1111

I am using tightVNC with SSL. foreground = yes pid = client = yes debug = 6

options = ALL

cert = /home/tweet/Desktop/cert/SystemCred.pem

#[vnc_stunnel]
#accept = localhost:5930
connect = <server_ip>:9999

Copied the SystemCred.pem of server and specified it in the MyCert configuration of tightVNC.

Client error logs: 

2016.10.04 17:22:01 LOG5[ui]: Reading configuration from file /tmp/ss_vncviewer23188.4043.MzSbol  
2016.10.04 17:22:01 LOG5[ui]: UTF-8 byte order mark not detected  
2016.10.04 17:22:01 LOG5[ui]: FIPS mode disabled  
2016.10.04 17:22:01 LOG6[ui]: Initializing inetd mode configuration  
2016.10.04 17:22:01 LOG6[ui]: Loading certificate from file: /home/tweet/Desktop/cert/SystemCred.pem  
2016.10.04 17:22:01 LOG6[ui]: Certificate loaded from file: /home/tweet/Desktop/cert/SystemCred.pem  
2016.10.04 17:22:01 LOG6[ui]: Loading private key from file: /home/tweet/Desktop/cert/SystemCred.pem  
2016.10.04 17:22:01 LOG4[ui]: Insecure file permissions on /home/tweet/Desktop/cert/SystemCred.pem  
2016.10.04 17:22:01 LOG6[ui]: Private key loaded from file: /home/tweet/Desktop/cert/SystemCred.pem  
2016.10.04 17:22:01 LOG4[ui]: Service [stunnel] needs authentication to prevent MITM attacks  
2016.10.04 17:22:01 LOG5[ui]: Configuration successful  
2016.10.04 17:22:01 LOG5[ui]: Service [stunnel] accepted connection  
2016.10.04 17:22:01 LOG6[ui]: s_connect: connecting <server_ip>:9999  
2016.10.04 17:22:01 LOG5[ui]: s_connect: connected <server_ip>:9999  
2016.10.04 17:22:01 LOG5[ui]: Service [stunnel] connected remote server from 10.194.6.207:46832  
2016.10.04 17:22:01 LOG6[ui]: SNI: sending servername: <server_ip>  
2016.10.04 17:22:01 LOG6[ui]: Certificate verification disabled  
2016.10.04 17:22:01 LOG6[ui]: Certificate verification disabled  
2016.10.04 17:22:01 LOG6[ui]: SSL connected: new session negotiated  
2016.10.04 17:22:01 LOG6[ui]: Negotiated TLSv1.2 ciphersuite ECDHE-RSA-AES256-GCM-SHA384 (256-bit encryption)  
2016.10.04 17:22:01 LOG3[ui]: SSL_read: Connection reset by peer (104)  
2016.10.04 17:22:01 LOG5[ui]: Connection reset: 0 byte(s) sent to SSL, 0 byte(s) sent to socket  
vncviewer: VNC server closed connection

Server error logs:
Service [websocket] accepted connection from :46830
s_connect: connect 127.0.0.1:1111: Connection refused (111)

I'm really stuck and I don't know what is happening. I'm failry new with this one. Hope you guys can help.

Frozenpotato
  • 21
  • 1
  • 3

1 Answers1

0

Maybe try the 'SSH method'.

I faced similar issue, of which the error exactly was Connection refused (111).

Not wanted to reboot.

However, I tried with that 'secure' method (For my instance, just follow the archlinux wiki page ~), and worked...

Note that another strange point is that

  • originally when I run vncserver with my primary user in that server-pc, everything seems fine, except the KDE seems not support desktop screens simultaneously on both server and client ...
  • so I tried again with the new fresh user, like said above, and stucked ...
laoyb
  • 99
  • 2
  • 8