How do use VNC to remote access VM guests running under a KVM?
Linux - Virtualization and CloudThis forum is for the discussion of all topics relating to Linux Virtualization and Linux Cloud platforms. Xen, KVM, OpenVZ, VirtualBox, VMware, Linux-VServer and all other Linux Virtualization platforms are welcome. OpenStack, CloudStack, ownCloud, Cloud Foundry, Eucalyptus, Nimbus, OpenNebula and all other Linux Cloud platforms are welcome. Note that questions relating solely to non-Linux OS's should be asked in the General forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
How do use VNC to remote access VM guests running under a KVM?
I'm running Ubuntu Lucid LTS, and have successfully setup KVM/Qemu and also I have running 2 guest OS's, but,,,, (yes there is always a but), the display VNC IP of each guest has been auto allocated by the KVM to 127.0.0.1
According the the virtual machine manager, the 1st guest OS is default VNC port,,, 2nd guest OS has auto allocated port, of which I have no idea what port has been allocated.
I want to be able to access each guest as needed, at a remote location outside the router using a VNC client, ie, remote desktop, but I can't put 127.0.0.1 in the hostname, I even tried my WAN IP address, but the connection is rejected by the host, I even have the right port open both in the hardware firewall, and router.
i'd really not recommend this at all. you can use virt-manager to connect from a remote machine and open the consoles that way, but the vnc / spice interfaces aren't meant to be exposed, and VNC in itself is utter rubbish. if you do a netstat -plnt on the kvm host you'll be able to see the listening port numbers if you really must.
If you need conventional remote desktop access I'd suggest using a proper solution like nx from nomachine.org for a Linux host. Personally I would suggest using a normal ssh connection to them. If you need a desktop remotely, you're probably doing something wrong, and given that you're talking about forwarding on a router, I would really expect this to be the case. Don't mistake a hack for a feature.
The problem with NX, is that it only opens the desktop of the host OS, not guest OS's installed in a KVM.
I thought the idea behind a KVM is that it can run multiple OS's as a guests of the host OS and each guest can be accessed remotely.
To try out various new OS's, I have tried using either VirtualBox, or VMware player, but I would have to be at home and use them locally.
As I'm spending a lot of time traveling around the country, I would like to be able to remote access my home server's guest OS's, but it may look like I may have to invest about $600 for a KVM over IP, whereas I can then remote access my home server and install/remove OS's for testing while I'm away from my home.
Huh? NX opens a desktop on whatever server it runs on. if you run it on a VM then it gives you a desktop there...??
The "idea" of KVM is that it creates virtual machines. I would strongly recommend treating them as if they were normal physical machines, and only utilize the vm management tools when appropriate, not as the standard access mechanism.
Ooooh, You're mixing up Kernel Virtual Machines and a Keyboard / Video / Mouse switch right? These things have NOTHING in common other than their TLA.
I am talking about Kernel Virtual Machines, Ubuntu Qemu runs alongside KVM, and locally, I use virt-manager (GUI) frontend for Qemu/KVM to create the new VM's, then I can close the manager and the VM will be running in the background, but, from what I seen on example images, each VM should have it's own LAN Ip address, so that from another machine (inside the LAN) I should be able to enter that guests IP address in a remote desktop client using VNC protocol, and connect,,, EG, guest1 = Lubuntu:- IP 192.168.0.25, guest2 = Winxp: IP 192.168.0.30 and by entering one of those IP address in the remote desktop client hostname and selecting VNC, I should be able to open one of those guests, instead, every guest created has 127.0.0.1 as it's IP address.
Also, I have a separate server running apache, postfix, sshd (using non standard port), dovecot, squid, etc etc, and all necessary ports open in the firewall and router, the remote desktop client has the ability to use a host for SSH tunneling, so I should be able to use my WAN IP (forwarded to my main server) for SSH tunneling, but to prevent brute force attempts on port 22, I'm not using the default port 22 for SSH and also using a certificate, which would mean re-configuring the VNC client to use the assigned port for SSH.
How would I go about doing that?,,,assigning IP addresses to VM guests VNC (instead of 127.0.0.1), then re-configuring the VNC client to use my assigned port for SSH tunneling, then, in theory, I should be able to access the guests using my WAN IP, from a remote location outside the router and still be secure, or is a KVM over IP the only way to go?
Well, I just found a way to do just what I wanted.
After playing around with virt-manager, I found that if I edit the guest settings, and remove the hardware 'Screen: VNC', and add a new 'Screen: VNC', it allows me to choose what port and also to either only listen on 127.0.0.1, or on all available addresses, and to add a password if needed. To which I then check 'Listen on all addresses', then choose a port (best is non standard VNC port other than 5900', then create a password, I then forward that port in the firewall and router to the host, then I called a friend in Ohio, and asked him to try his VNC client and enter my WAN IP plus the port in the client hostname, ie, <IP : port> (excuse the space between : this forum replaces some characters with smilies), then enter the password (which I can change by repeating the above procedure), and guess what?,,,, yahayyyyy he can connect and control the guest's GDM.
So I then changed the password, and having 2 guest OS's running, I made a note of the ports I assigned to them, then went to my office in Phoenix, and tried connecting, and yep, I can successfully connect and control a guest OS by choosing a different port in the hostname.
All fixed, all done, I'm happy.
Later, I'll invest in a KVM over IP, so that I can remote install different OS's.
Again, don't confuse a feature with a hack. I would not recommend deliberately misusing the inner workings here. I would especially not want to allow vnc connections directly over the internet.
You also appear to have no need whatsoever for a KVM over IP, what's the need for that??
Last edited by acid_kewpie; 12-03-2011 at 02:04 AM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.