VNC Server

VNC server allows you to connect to another computer and control it remotely. It is also known as 'super unblocker' or 'enhanced unblocker' as it allows you to play PC games as well as unblocking websites.

• A 64-bit Linux PC is required to host the server. (Recommended distribution: Ubuntu 22.04)

• An additional site-unblocking might be required if you are using the HTML-based VNC client.

Open root shell

1. On your Linux PC, open a terminal. (usually an option in the desktop right-click menu)

2. Type command 'su' and input your password to open a root shell. The '$' sign should be changed to '#'. For Ubuntu, use command 'sudo bash' instead.

Update packages

3. Update packages with the command below: (This command is for Ubuntu or Debian, if you are using other distributions, use your distribution's package manager instead)

• apt update && apt upgrade -y

Install required packages

4. Install required packages.

• apt install git iptables python3 -y && apt purge ufw -y

Setup iptables

5. Reset the iptables firewall rules to default.

• iptables -P INPUT ACCEPT; iptables -P FORWARD ACCEPT; iptables -P OUTPUT ACCEPT; iptables -F; iptables -X; iptables -t nat -F; iptables -t nat -X; iptables -t mangle -F; iptables -t mangle -X; iptables -t raw -F; iptables -t raw -X

6. Allow port 9997 and block all incoming traffic from other ports.

• iptables -I INPUT -p tcp --dport 9997 -j ACCEPT; iptables -A INPUT -i lo -j ACCEPT; iptables -A INPUT -i lo -p tcp -j ACCEPT; iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT; iptables -A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable; iptables -A INPUT -p tcp -j REJECT --reject-with tcp-reset; iptables -A INPUT -j REJECT --reject-with icmp-proto-unreachable

Setup VNC server

7. Install TigerVNC server.

• apt install tigervnc-standalone-server -y

8. Type command 'exit' to exit the root shell.

9. Start the VNC server. You should be asked to set a password, use a strong password to reduce the risk of getting cracked.

• vncserver -localhost -geometry 1280x720 -pixelformat rgb888 -autokill :1

10. To stop the VNC server, either logout or use command 'vncserver -kill :1'. To start the VNC server next time, use the same command above.

Setup VNC client to make the server accessible

11. Create a directory for VNC client installation.

• cd ~; mkdir vnc; cd vnc

12. Install noVNC HTML5 client.

• git clone https://github.com/novnc/noVNC.git

13. Start the client.

• ./utils/novnc_proxy --vnc 127.0.0.1:5901 --listen 9997

14. Now you should be able to access the server at http://127.0.0.1:9997/vnc.html. Use the password you have set before to connect to the server.

15. Press ctrl+c to stop the client. To start the VNC client next time, use the command below:

• ~/vnc/utils/novnc_proxy --vnc 127.0.0.1:5901 --listen 9997

Port forwarding

16. Login to your router and forward port 9997 or use DMZ to make the service reachable from the internet. Go to https://www.yougetsignal.com/tools/open-ports/ and test port 9997 to ensure it is open. If you have issues with port forwarding, you can use a ipv6 address instead.

17. Go to https://whatsmyip.com to get your public address.

18. The service should be reachable now from other places with address http://YOUR_IP_ADDRESS:9997/vnc.html

Domain registration

19. As most ISPs use dynamic IP addresses, your public IP address might change automatically in the future, therefore having a domain is strongly recommended. Although most domains are paid, you can still get a free domain at https://freenom.com or https://nic.eu.org.

20. Once you registered a domain, go to https://dynu.com and login.

21. Go to DDNS services and add the domain you have registered.

22. From your domain registry, change the name server records to ns1.dynu.com, ns2.dynu.com, ns3.dynu.com.

23. Go back to the control panel and click the download button. Download the IP update client for your platform, then follow the setup instructions provided.

24. Now you should also be able to access the service from other places with address http://YOUR_DOMAIN:9997/vnc.html

SSL encryption

25. Unencrypted HTTP traffic is risky as hackers can easily capture your passwords, therefore a SSL encryption is also recommended. Furthermore, unencrypted HTTP sites are not allowed to be embedded into Google Sites.

26. A SSL certificate is required in order to enable SSL Encryption. To obtain a SSL certificate for your domain, you need to install Certbot on your PC.

• sudo apt install certbot -y

27. Certbot requires port 80 and 443 to be open and reachable from the internet. You may need to forward port 80 and 443 as well as allowing them in iptables.

• sudo iptables -I INPUT -p tcp --dport 80 -j ACCEPT

• sudo iptables -I INPUT -p tcp --dport 443 -j ACCEPT

28. Run Certbot to get the SSL certificate.

• sudo certbot certonly --standalone

29. If no errors occurred, the SSL certificate should be located under /etc/letsencrypt/live/YOUR_DOMAIN/ directory. To make it accessible from non-root users, use the command below.

• sudo chmod -R 0755 /etc/letsencrypt/

30. Start the VNC client with this command to enable SSL encryption.

• ~/vnc/utils/novnc_proxy --vnc 127.0.0.1:5901 --listen 9997 --cert /etc/letsencrypt/live/YOUR_DOMAIN/cert.pem --privkey /etc/letsencrypt/live/YOUR_DOMAIN/privkey.pem

31. You should be able to access the service with address https://YOUR_DOMAIN:9997/vnc.html

Unblock your service

32. After you enabled SSL encryption for your service, you should be able to embed it into a Google Site with the embed code.

33. If this does not work for you, you might need to change the DNS servers to 1.1.1.1 and 1.0.0.1 in the system settings, or enable secure DNS and set it to https://family.cloudflare-dns.com/dns-query in the browser settings. (Click here for more information)