Authentication problems with RealVNC Server installed on Raspberry PI3

[wizard982]

Hello,
I've used UltraVNC Viewer for ages, with Windows, Linux and Rasbian systems.
With the last version 1.4.3.6 I have problems during the connection phase to my Raspberry device.
I want to start by saying that I moved from RealVNC 6 to RealVNC 7.8.0 but I have the same problem with both versions.
BTW, I'm going to try to briefly explain the problem and enclose to this request also the RealVNC logs captured from Raspberry Debian OS and some screenshots, about the UltraVNC messages, captured from my Windows PC.
I made three tests, one with RealVNC Viewer, one with TigerVNC, and obviously, one with UltraVNC Viewer.
Other important things to say is that RealVNC is configured with:

• Authentication property set to VncAuth value
• Encryption property set to AlwaysOff value
• AudioEnable property set to False value
• IdelTimeout property set to 0 value
• RfbPort set to a different one from the standard

The other configuration properties are set to their standard values.

Despite the various guides that I read on the Internet in which this seems to be the configuration that enables the other viewers to talk with success with RealVNC, this communication is systematically interrupted by the UltraVNC side (but I tried also with TightVNC and the problem seems to be the same) with the "no supported authentication methods" message.
This doesn't happen when I use RealVNC viewer or TigerVNC.

Now I will paste the captured logs and the screens

UltraVNC with Authentication property set to VncAuth

<13> 2024-01-07T11:13:56.669Z serverp2p vncserver-x11[530]: Connections: connected: 192.168.1.2::58767 (TCP)
<14> 2024-01-07T11:13:56.670Z serverp2p vncserver-x11[530]: SConnection: Client needs protocol version 3.8
<13> 2024-01-07T11:13:56.671Z serverp2p vncserver-x11[530]: Connections: disconnected: 192.168.1.2::58767 (TCP) ([EndOfStream] Disconnection by client)

UltraVNC with Authentication property set to None

<13> 2024-01-07T11:18:40.824Z serverp2p vncserver-x11[530]: Connections: connected: 192.168.1.2::59230 (TCP)
<14> 2024-01-07T11:18:40.826Z serverp2p vncserver-x11[530]: SConnection: Client needs protocol version 3.8
<14> 2024-01-07T11:18:40.827Z serverp2p vncserver-x11[530]: SProtoV4Down: Client requests security type None(1)
<14> 2024-01-07T11:18:40.827Z serverp2p vncserver-x11[530]: SConnection: Authentication successful
<13> 2024-01-07T11:18:40.828Z serverp2p vncserver-x11[530]: Connections: authenticated: 192.168.1.2::59230 (TCP), as (anonymous) (d permissions)
<14> 2024-01-07T11:18:40.888Z serverp2p vncserver-x11[530]: SConn: Server default pixel format depth 24 (32 bpp) little-endian rgb888
<14> 2024-01-07T11:20:04.250Z serverp2p vncserver-x11[530]: SConn: Client pixel format depth 24 (32 bpp) little-endian rgb888
<14> 2024-01-07T11:20:04.251Z serverp2p vncserver-x11[530]: SConnection: Encodings Hextile(5) unknown encoding 29 unknown encoding 27 unknown encoding 26 unknown encoding 25 unknown encoding 19 unknown encoding 18 unknown encoding 17 ZRLE(16) unknown encoding 10 unknown encoding 9 unknown encoding 8 unknown encoding 7 Zlib(6) unknown encoding 4 RRE(2) CopyRect(1) Raw(0) unknown encoding -250 Cursor(-239) unknown encoding -232 unknown encoding -26 unknown encoding -65525 unknown encoding -224 DesktopSize(-223) unknown encoding -308 unknown encoding -32768 unknown encoding -32767 unknown encoding -32764 unknown encoding -32766 unknown encoding -32765 unknown encoding -1063131698
<14> 2024-01-07T11:20:04.251Z serverp2p vncserver-x11[530]: SConnection: Current encoding Hextile

TigerVNC with Authentication property set to VncAuth

<13> 2024-01-07T11:15:32.930Z serverp2p vncserver-x11[530]: Connections: connected: 192.168.1.2::58953 (TCP)
<14> 2024-01-07T11:15:32.966Z serverp2p vncserver-x11[530]: SConnection: Client needs protocol version 3.8
<14> 2024-01-07T11:15:32.983Z serverp2p vncserver-x11[530]: SProtoV4Down: Client requests security type RA2ne_128(6)
<14> 2024-01-07T11:15:34.404Z serverp2p vncserver-x11[530]: SecTypeRA2: using AES-128
<14> 2024-01-07T11:15:39.513Z serverp2p vncserver-x11[530]: SConnection: Authentication successful
<13> 2024-01-07T11:15:39.513Z serverp2p vncserver-x11[530]: Connections: authenticated: 192.168.1.2::58953 (TCP), as (anonymous) (d permissions)
<14> 2024-01-07T11:15:39.544Z serverp2p vncserver-x11[530]: SConn: Server default pixel format depth 24 (32 bpp) little-endian rgb888
<13> 2024-01-07T11:15:39.545Z serverp2p vncserver-x11[530]: Connections: disconnected: 192.168.1.2::58436 (TCP) ([NonShared] Non-shared connection requested)
<14> 2024-01-07T11:15:39.595Z serverp2p vncserver-x11[530]: SModulePrint: set printer (none) as default
<14> 2024-01-07T11:15:39.595Z serverp2p vncserver-x11[530]: CupsApi: Removing printer HPLJPM15w_(HP_LaserJet_M15w)_via_VNC_from_UNO
<14> 2024-01-07T11:15:39.614Z serverp2p vncserver-x11[530]: SMsgWriter: framebuffer updates 448
<14> 2024-01-07T11:15:39.614Z serverp2p vncserver-x11[530]: SMsgWriter: Raw rects 1, bytes 16650, pixels 16640
<14> 2024-01-07T11:15:39.614Z serverp2p vncserver-x11[530]: SMsgWriter: JRLE rects 1161, bytes 1903476, pixels 11024384
<14> 2024-01-07T11:15:39.614Z serverp2p vncserver-x11[530]: SMsgWriter: ZRLE2 rects 412, bytes 183684, pixels 3144716
<14> 2024-01-07T11:15:39.614Z serverp2p vncserver-x11[530]: SMsgWriter: CopyRect rects 0, bytes 0, pixels 0
<14> 2024-01-07T11:15:39.614Z serverp2p vncserver-x11[530]: SMsgWriter: raw bytes equivalent 53947128, compression ratio 25.64
<14> 2024-01-07T11:15:39.617Z serverp2p vncserver-x11[530]: SConnection: Encodings CursorWithAlpha(-314) unknown encoding 1464686180 Cursor(-239) unknown encoding -240 unknown encoding 1464686182 DesktopSize(-223) unknown encoding -308 unknown encoding -261 unknown encoding 1464686184 unknown encoding -307 unknown encoding -224 unknown encoding -1063131698 unknown encoding -313 unknown encoding -312 unknown encoding -258 unknown encoding 7 CopyRect(1) unknown encoding 50 ZRLE(16) Hextile(5) RRE(2) CopyRect(1) Raw(0) unknown encoding -254 unknown encoding -24
<14> 2024-01-07T11:15:39.618Z serverp2p vncserver-x11[530]: SConnection: Current encoding ZRLE

RealVNC Viewer with Authentication property set to VncAuth

<13> 2024-01-07T11:16:07.773Z serverp2p vncserver-x11[530]: Connections: disconnected: 192.168.1.2::58953 (TCP) ([System-104] read: Connection reset by peer (104))
<14> 2024-01-07T11:16:07.832Z serverp2p vncserver-x11[530]: SMsgWriter: framebuffer updates 92
<14> 2024-01-07T11:16:07.833Z serverp2p vncserver-x11[530]: SMsgWriter: ZRLE rects 451, bytes 622852, pixels 4334786
<14> 2024-01-07T11:16:07.833Z serverp2p vncserver-x11[530]: SMsgWriter: CopyRect rects 0, bytes 0, pixels 0
<14> 2024-01-07T11:16:07.833Z serverp2p vncserver-x11[530]: SMsgWriter: raw bytes equivalent 17344556, compression ratio 27.85
<14> 2024-01-07T11:16:07.942Z serverp2p vncserver-x11[530]: Agent: SServerAgent: Stopping desktop
<13> 2024-01-07T11:16:12.348Z serverp2p vncserver-x11[530]: Connections: connected: 192.168.1.2::59028 (TCP)
<14> 2024-01-07T11:16:12.359Z serverp2p vncserver-x11[530]: SConnection: Client needs protocol version 5.0
<14> 2024-01-07T11:16:12.360Z serverp2p vncserver-x11[530]: SProtoV5Up: Choosing cipher suite RA4ne_128 [0x0204] (algorithms: RSA-OAEP, ECDHE-Curve25519, SHA-256, AES-GCM-128/NULL-HMAC-SHA1)
<14> 2024-01-07T11:16:12.545Z serverp2p vncserver-x11[530]: SAuthProtoImpl: Offering auth method UserPasswd(1) [required=1]
<14> 2024-01-07T11:16:12.578Z serverp2p vncserver-x11[530]: SAuthProtoImpl: Client chose auth method UserPasswd(1)
<14> 2024-01-07T11:16:18.033Z serverp2p vncserver-x11[530]: SConnection: Authentication successful
<14> 2024-01-07T11:16:18.033Z serverp2p vncserver-x11[530]: SProtoV5Up: Offering empty auth list (auth completed)
<13> 2024-01-07T11:16:18.033Z serverp2p vncserver-x11[530]: Connections: authenticated: 192.168.1.2::59028 (TCP), as (anonymous) (d permissions)
<14> 2024-01-07T11:16:18.034Z serverp2p vncserver-x11[530]: SConn: Pixel buffer 1280x720 at 0,0 depth 24
<14> 2024-01-07T11:16:18.071Z serverp2p vncserver-x11[530]: SConn: Server default pixel format depth 24 (32 bpp) little-endian rgb888
<14> 2024-01-07T11:16:18.073Z serverp2p vncserver-x11[530]: SServerRfb: Peer user agent vncviewer/7.8.0 (Windows NT 10.0; x64; it_IT)
<14> 2024-01-07T11:16:18.078Z serverp2p vncserver-x11[530]: ftExtension: Received advertisement for share 1707611435
<14> 2024-01-07T11:16:18.078Z serverp2p vncserver-x11[530]: FTMsgWriter: Requesting '' of share 1707611435 to depth 0
<14> 2024-01-07T11:16:18.078Z serverp2p vncserver-x11[530]: SConnection: Encodings ZRLE2(24) ZRLE(16) JRLE(22) JPEG(21) TRLE(15) Zlib(6) Hextile(5) RRE(2) Raw(0) CopyRect(1) CursorWithAlpha(-314) CursorWithAlphaOld(-311) Cursor(-239) DesktopSize(-223)
<14> 2024-01-07T11:16:18.078Z serverp2p vncserver-x11[530]: SConnection: Current encoding ZRLE2
<14> 2024-01-07T11:16:18.087Z serverp2p vncserver-x11[530]: SConn: Client pixel format depth 6 (8 bpp) rgb222
<14> 2024-01-07T11:16:18.215Z serverp2p vncserver-x11[530]: ftExtension: Received share EOF
<14> 2024-01-07T11:16:18.216Z serverp2p vncserver-x11[530]: DownloadManager: Requested HPLJPM15w (HP LaserJet M15w) via VNC from UNO
<14> 2024-01-07T11:16:18.216Z serverp2p vncserver-x11[530]: Agent: SServerAgent: Starting desktop
<14> 2024-01-07T11:16:18.216Z serverp2p vncserver-x11[530]: Agent: PixelBufferX11: Using shared memory Pixmap
<14> 2024-01-07T11:16:18.216Z serverp2p vncserver-x11[530]: Agent: SServerAgent: setPixelBuffer 1280x720 at 0,0 pf depth 24 (32 bpp) little-endian rgb888
<14> 2024-01-07T11:16:18.219Z serverp2p vncserver-x11[530]: SConnection: Encodings JRLE(22) ZRLE2(24) ZRLE(16) JPEG(21) TRLE(15) Zlib(6) Hextile(5) RRE(2) Raw(0) CopyRect(1) CursorWithAlpha(-314) CursorWithAlphaOld(-311) Cursor(-239) DesktopSize(-223)
<14> 2024-01-07T11:16:18.219Z serverp2p vncserver-x11[530]: SConnection: Current encoding JRLE
<14> 2024-01-07T11:16:18.219Z serverp2p vncserver-x11[530]: DownloadManager: Download complete.
<14> 2024-01-07T11:16:18.222Z serverp2p vncserver-x11[530]: CupsApi: Adding printer HPLJPM15w_(HP_LaserJet_M15w)via_VNC_from_UNO
<14> 2024-01-07T11:16:18.290Z serverp2p vncserver-x11[530]: SModulePrint: set printer HPLJPM15w(HP_LaserJet_M15w)_via_VNC_from_UNO as default
<14> 2024-01-07T11:16:18.291Z serverp2p vncserver-x11[530]: SConn: Client pixel format depth 24 (32 bpp) little-endian rgb888

Following you can read the details about the RealVNC Server version.

Finally, I tried also different versions of UltraVNC and I obtained the same result with the VNC password authentication system enabled.

[RudiDeVos]

Status:
*ubuntu server with RA2ne Auth done,
*repeat using UltraVNC viewer " no support.." done
*Seems that vncAuth is not supported, you need RA2ne ( authetication type 6)

I"m able to see what happen, if no encrytion is needed we possible can implement it, no promises.

[wizard982]

@RudiDeVos thanks for your answer,

maybe these links can help you:
novnc/noVNC#1788
https://static.realvnc.com/media/documents/realvnc-rfb-protocol-security-analysis.pdf

The strange thing is that, at the moment, on my server, the security encryption is set to AlwaysOff

and the only possible options for the Authentication property are:

so it seems to be impossible to manually set the RA2NE Value

[RudiDeVos]

Does someone has a linux image with a vncserver that support RA2NE.
Created a linux server with tigervnc, he announce he support RA2ne but as soon as you connect the server log he doesn't support it.
Does there exist a working wayvnc image for hyper-v ?

Updated tigervnc manual to 1.13, that should support it.
got a little further

SConnection: Client requests security type RA2ne(6)
VNCSConnST: closing 172.29.32.1::54218: Connection failed: failed to open key
Seems i need to read the manual first... some extra config is needed

[RudiDeVos]

Spending to much time on server setup while i should be testing the viewer...
Anyone know how to setup the linux vnc server that support RA2ne?

[StArBoY-Works]

I have a ubuntu server hosted on raspberry pi, I connect it using ssh instead of HDMI, I have enabled VNC on it but I am not sure if its supports RA2ne @RudiDeVos

[RudiDeVos]

This isue is more or less the same as #133
Both support RA2ne as authentication type

[RudiDeVos]

branche RA2ne created.
Required libs for AES
libnettle_nettle_3.9.1_release_20230601_msvc17.zip
libgmp_6.2.1-4_msvc17.zip
Complex builds, can be downloaded prebuild from https://github.com/ShiftMediaProject

vnc server
Download trixie debian testbuild and install tigervnc, this support RA2ne Authentication, runs in Hyper-V

[RudiDeVos]

Thanks to Vladimir Vissoultchev extra AUthentication methods have been implemented in the viewer.
binary test builds.
Please provide feedback
https://www.uvnc.eu/download/1440/vncviewer_1.4.4.0-dev.zip

Extra Info
WIP: RSA-AES authentication and encryption (#139)

• First cut of RSA-AES authentication and encryption
• Fix AESEAXPlugin threading issues

• Use separate DynBuffers for encoding and for decoding
• Copy previous content when resizing DynBuffer
• Remove CMAC and AES-EAX test vectors
• On auth user cancel raise QuiteException

• Allow multiple RestoreBuffer calls to gather enough incoming data

• On ReadExact decryption plugin might need several lookahead peeks on
  incoming data to fill encrypted buffer with enough data to be able
  decrypt a chunk of plaintext enough to fulfil requested size of data
• Repeat request is signalled by returning -1 from RestoreBuffer call
• Various m_pDSMPlugin->IsEnabled() checks are added alternative m_pPluginInterface check

• Stop using separate CSP context for client RSA key
• Reduce memcpy on RestoreBuffer
• Fix m_pPluginInterface availability check for RAW and Tight encoding
• Allow CMAC to depend on externally initialized cipher
• Add support for RSA-AES-256 security types
• Use constant-time array compare and refactor err handling
• Abstract client connection so RSAKEX can be reused for server-side impl
• Remove user/pass spurious size checks
• Add ClientConnectionRSAAES.cpp to vs2017 project
• Show server identity confirmation dialog
• Allow persisting server key fingerprint in options file
• Fix non-encrypted RA2ne/RA2ne_256 sub-types encrypt til end of handshake

eNCrypt authentication with TLS encrypted transport (#142)

• First cut VeNCrypt authentication with TLS encrypted transport
• Add ClientConnectionTLS.cpp to vs2017 project
• Cleanup includes
• Fix TLS 1.3 support
• Refactor member var names
• Show warning dialog for invalid server certificates in TLS sub-types
• Chain TLSVnc and X509Vnc sub-types to AuthVnc
• Allow persisting TLS certificate thumbprint in options file

[wizard982]

Thanks a lot @RudiDeVos, now it works perfectly.
Now I'm waiting for the integration in the official release.