Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
branch: master
Fetching contributors…

Cannot retrieve contributors at this time

file 72 lines (48 sloc) 2.117 kb

Twisted VNC Authentication Proxy (TVAP) (VNCAP)

This is woefully incomplete.

If you are using Fx4 or earlier, you need to use a WebSocket Flash emulator and thus you will need to serve a Flash policy. A simple policy server is shipped in this package, try:

$ sudo twistd -n flashpolicy

To start the server, try:

$ twistd -n vncap

By default, the daemon runs on TCP port 8888, bound only to localhost. Here are some examples for customizing the control port.

Running on TCP port 8000, bound to localhost:

$ twistd -n vncap -c tcp:8000:interface=localhost

Running on a local UNIX socket:

$ twistd -n vncap -c unix:/tmp/vncap.sock

Requirements:

  • Twisted 10.2 or newer
  • txWS 0.6 or newer

If your distribution insists on splitting Twisted into multiple packages, you will also need the Twisted Web package, usually called python-twisted-web.

Controlling the Proxy

To command the proxy to open ports, a JSON snippet should be sent to the control port. The snippet should be a JSON dictionary, with the following required keys:

  • daddr: The destination hostname for the VNC backend
  • dport: The destination port for the VNC backend
  • password: A password for the VNC frontend conection

The following keys are optional:

  • sport: The preferred source port for the VNC frontend
  • ws: Whether the frontend should be wrapped for WebSockets
  • tls: Whether the frontend should be wrapped with TLS for SSL/WSS

If the requsted sport is not available, one will be automatically assigned.

TLS

If TLS is requested, the proxy will look for SSL key and certificate information from hardcoded locations. The locations for the SSL files are:

  • keys/vncap.key: SSL key
  • keys/vncap.crt: SSL certificate

To generate simple keys, an example series of OpenSSL invocations might be:

$ openssl genrsa -out keys/vncap.key 1024
$ openssl req -new -key keys/vncap.key -out keys/vncap.csr
$ openssl x509 -req -in keys/vncap.csr -signkey keys/vncap.key -out
keys/vncap.crt
Something went wrong with that request. Please try again.