Connecting to a virtual machine running on a Centos KVM host from Mac

Yalla-One · 04-14-2018, 07:43 AM

Hi,

Recently bought a new server to virtualise a few servers, and have so much spare capacity that I also want to virtualise a home computer for my private stuff, leaving my work Macbook strictly for work.

Unfortunately, I have come across a real newbie problem, where dozens of web searches give some information, but I simply cannot find out how to connect to the virtual machine display from my laptop.

Right now I use VMware remote console to remote connect to an old server running an old virtualised desktop and then launch virt-manager there to connect to the new KVM-server on CentOS with the virtualised desktop. That's not very efficient. When I connect from virt-manager I am asked for both the ssh key and the IP of the virtualised host.

So the question is - how do I get the VNC client on OSX to connect directly to the virtualised desktop on the KVM machine?

The Centos KVM host running all the virtualised machines is on 192.168.1.11
The virtualised desktop I want to connect to is on 192.168.1.33

The MacBook is on 192.168.1.101 but that's hardly relevant. However, it might be worth mentioning that the Centos KVM host has a bridge interface so all virtualised machines are accessible from the network.

On OSX VNC client, do I need to ssh to the Centos KVM host on .11, or the virtualised machine on .33? Which IPs do I type in where, in order to work remotely?

Thanks a bunch in advance!

bgstack15 · 04-16-2018, 01:17 PM

If you're opening straight VNC (no security, be warned!), it's probably in the 5000/tcp range. At some point on the destination system in question, check for listening sockets:
[code]netstat -tlpn/[code]

Code:

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name 
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      1/systemd        
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1326/sshd        
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      1634/master

My output shows that system is listening on ports 111 (rpcbind, something with nfs), 22 (ssh), and locally to 25 (smtp). You should see Xvnc or something listening around port 5000 or even 5900 (5901 is X display :1, 5902 is :2, etc., depending on implementation).

Make sure the firewall is open, and that the vnc client system can reach the target port (I struggled with kvm network bridging and never really got the networks to be fully connected) on the target IP address.

You type into your vnc client the target hostname or IP address, along with either the port number or even the X display. Again, it might be implementation-specific.

Code:

192.168.1.33:0
192.168.1.33:5000

References:

https://help.ubuntu.com/community/VNC/Clients
https://bgstack15.wordpress.com/2017...c-on-centos-7/ (disclaimer: my blog)

Now, when I've set up vms for virtual desktops, I set up a whole terminal service. If you're interested in a slightly different approach that uses RDP (and I know MacOS has a mstsc client for rdp), check out my blog post about it: https://bgstack15.wordpress.com/2017...-on-fedora-26/.

Air-Global · 04-17-2018, 09:32 AM

Depending on where you installed the VNC server is where you connect.
Whilst using KVM I suspect you added a "Display VNC" in virt-manager or similar when creating your VM, in that case you connect to the host. If you chose to run a VNC server in your VM itself then you would connect to the VM's ip.

Besides that there is not much I can share that bgstack15 didnt already except for my personal preference in running remote desktops.
Using KVM VM's I prefer to use Spice, it renders only what is needed and even allows USB sharing:
https://www.linux-kvm.org/page/SPICE
https://www.spice-space.org/index.html

sundialsvcs · 04-19-2018, 01:03 PM

This sounds to me like it should be a basic TCP/IP-routing exercise:

First, you need to be sure that the VM exposes its virtual addresses properly to its host, so that a host user can ping it and so forth. Check the route entries for correctness.
Next, you need to be sure that the Mac has a route to the VM's IP-addresses, specifying the server as a "gateway."
You probably also need to define reverse-routing instructions on the VM, so that it will know how to return traffic to the Mac, completing the round trip. The VM host's IP-address should be specified as the gateway.
You might need to define routing commands on the server, so that it will know how to route traffic that's destined to your Mac. (Routing at every "hop" must define the entire round-trip.)

When you think that you have it all set up correctly, traceroute should enable you to quickly verify it. It should find the route. If it suddenly "starts printing rows of asterisks," instead, you know that there is no reverse-route at that "hop." (The packets know how to get to that "hop," but once there they don't know how to get back.)

The packets sent from the Mac should pass through the server as a gateway and be forwarded successfully to the VM. Then, the reply packets should pass through the server gateway in the opposite direction. Every computer, and the VM, should know how and where to send traffic flowing in both directions.