Vino – testing the connectivity|Vino – testando a conectividade

Hi, folks. For those of you who don’t know: Vino is the VNC server that comes with GNOME. Its purpose is to allow you sharing the computer with other people, often to get remote support. You can enable it by clicking System->Preferences->Remote Desktop.

Currently, this applet shows the local name/IP of the machine and allows you to send this address to someone by email.

Wondering how to make things easier to people who wants support, I’ve made some changes in this dialog, by offering a button to let the user to know his real IP address as well his reachability.

Screenshots of this new feature:

Oi, gente. Para quem não sabe: Vino é o servidor VNC que vem com o GNOME. Seu propósito é permitir o compartilhamento do computador com outras pessoas, geralmente para prestação de suporte remoto. Você pode habilitá-lo clicando em Sistema->Preferências->Área de trabalho remota.

Atualmente, esta tela mostra o nome/IP local da máquina e permite o envio deste endereço para alguém por email.

Pensando em como tornar as coisas mais fáceis para as pessoas que precisam de suporte, fiz algumas mudanças nesta tela, adicionando um botão que permite ao usuário obter seu verdadeiro IP, bem como sua conectividade com a internet.

Capturas de tela:

Picture 1: Now we show a message ‘service is not running’ when the server is off.
Figura 1: Agora nós mostramos uma mensagem ‘serviço não está em execução’ quando o servidor não está ativo.

Picture 2: Once the service is started, we show the local IP/name. There’s a button to get the real IP from the internet.
Figura 2: Quando o serviço é iniciado, nós mostramos o nome/IP local. Existe um botão para obter o IP real pela internet.

Picture 3: Clicking on the button brings up the real IP and the status of this machine: In this scenario, the machine is behind a firewall and it’s not reachable. We supply a few information about this.
Figura 3: Ao clicar no botão, obtemos o IP real e o status da máquina: Neste exemplo, a máquina está por trás de um firewall, e não é alcancável. Nós damos uma breve explicação sobre isso.

Picture 4: In this scenario, the machine is open to the internet, and can be reached.
Figura 4: Neste exemplo, a máquina está aberta, e pode ser alcançada pela internet.

The code is still in my machine, I would like to hear comments, suggestions about this feature. Currently I’m using an external webservice to get the real IP and to test the reachability.

Of course, this change doesn’t fix all our problems, but I believe it helps the user, by giving him more information about his conectivity. Another feature I would love to implement is reverse connection, which will help even more the users behind a firewall.

So, go comment please!

O código ainda está na minha máquina, eu gostaria muito de ouvir comentários, críticas, sugestões sobre essa mudança. No momento estou usando um webservice externo para obter o IP real e para testar a conectividade.

Claro, esta mudança não resolve todos os nossos problemas, mas acredito que já ajuda o usuário, dando a ele mais informação a respeito da sua conectividade. Outra mudança que adoraria fazer é a conexão reversa, que vai ajudar ainda mais quem está atrás de um firewall.

Então, estão esperando o quê? Comentem!

41 thoughts on “Vino – testing the connectivity|Vino – testando a conectividade”

  1. I think this would be a good place to use uPnP, if the router is configured to allow it vino could push a port to the internet (I think this should be configurable through your new interface though)
    No idea how complex that would be to implement, so I won’t hold it against you if you don’t 😉

  2. You have a noble goal 🙂

    However, The presentation needs some work.

    1.) Brasero has added “info boxes” to some dialogs which are basicly text boxes inside the dialog with a yellow (notification) color. Maybe add something like this?

    2.) Is the “service is not running” message helpful? I mean, it’s right below a disabled checkbox, so I guess users get the idea?

    3.) the (i) icon does not make much sense. It looks like this is for testing if the machine is accessible from outside. Why not do this automatically? Also, this is only relevant if you want to share with ppl from outside your LAN.

    I would go for a brasero-like info box and just show the relevant info.
    – if the checkbox is off, show nothing
    – if the checkbox gets activated, show the internal (LAN) address or hostname as a mailto: link
    – also, try to find the external IP in the background. if the IP can be found, update the info box with some info on how to reach the box from outside the local net

  3. Why display “Users can access your machine from the service is not running?” if the service isn’t running? Why not hide the whole thing and tell the user.

  4. Using red and green icons is not very good for color blind people like me. It would be better to use a green check and a white cross in red background, i think.

  5. Yep, a easy way to establish a reverse connection (encrypted via ssh) would be really great thing. This would solve a lot of issues.

    Most people nowadays own hardware routers, and for most users it’s pretty much impossible to set up port forwarding.

  6. As others have said, I think uPNP is the way to go here. I also very much like the ideas Michael Monreal wrote, I think the interface could be improved by following his suggestions.

    There have been some posts about a gnu upnp framework lately, it’s either called gupnp or gnupnp iirc, that should easily allow you to forward the correct ports. These days most routers support upnp, and if not you could always display information about the port they’d need to forward.

    The knowledge required to open up a port on the router is exactly the same when people need help with windows, so if vino can’t do it for them then that’s just how it is…

  7. Two things:

    1. Perhaps add Status & Information header like you have Sharing and Security and add the new stuff there at the bottom. It seems a bit cluttered having the status where you placed it.

    2. Now that Empathy is part of GNOME I think it would be awesome if someone added some sort of Remote Assistance button that users could send to their friends for help or something perhaps Mom could send you while you chat online so we could help her.

  8. In addition to UPnP IGD stuff, there is also the equivalent thing for non-Windows networks using Zeroconf NAT-PMP. Also see the escaping hostile networks talk at LCA 2008 by Dafydd Harries.

    Please also make this optional so that paranoid folks can decide to not make noise on the network.

  9. Hi John,

    I love the direction Vino is going. Good work! Add me to the list of people suggesting using UPnP for retrieving the firewall/gateway external adress and also open firewall.

    I’ve found when working with clients that it’s often easier for me, as the helper, to run a VNC client in listen mode and fix any firewall issued on my side and then let the client connect via an outbond connection to me.

    This has several advantages:

    1) Often I has better knowledge on how to setup the firewalls correct. The person in need only sets up an outbound connection.

    2) Often I have a dns entry while my client’s don’t. This way I can ask them to connect to Much easier than having the client find their ip adress via ifconfig and read it via telephone or send by mail. Your efforts would ease this step of course.

    3) I would say it increases security. Often I, as a more experienced user, am more security aware. Client tend to forget to turn off Vino/VNC after the session leaving them vulnerable towards the internet. Using client listen mode, the client need not to assign any password on his/her machine.

    I would find it very useful if both Vinagre and Vino would support Client Listen mode they way VNC does it, heck we could probably to even better.

    Keep up the good work!

  10. Hey there,
    I really like what you already have, that’s a lot user friendlier.
    But right now I think something should be created to bypass NAT.

    It’s really irritating, it happens to me a lot that friends of mine have probs with their computers (and sometimes they run ubuntu) and then I can’t VNC into them because they don’t have any idea how to do port-forwarding to their machine.

    So, could you think of a way to bypass NAT ?

  11. If you use an external service, I’d prefer if it actually was hosted by

    Other then that, I agree that UPnP is the way to go here.


  12. This looks good, but like others have already mentioned, UPnP would thoroughly kick ass and simplify things. I can’t remember how often I had to explain how to open ports on the router and then have them type the magical ufw port forwarding command. And every router is different, real pain when on the phone. These changes on the screenshots at least skip one step – finding out the real IP address.

  13. a) why uPNP when we have zeroconf (aka avahi)?
    b) isn’t this whole thing just excercise in “unscrew my application”? Shouldn’t somehow this be done automagically so that user is not bothered? Yes, joining with telepathy (and using tubes? or at least for passing the IP address and port number?) could be worthy.

  14. That’s nice work although you should get rid of that (i) icon, and do not display “Users can acces your desktop” while they can’t.

    Now, be this nice, this is not optimal, and I’d strongly recommend using telepathy.

  15. This feature is often used for support, but by no means always. Change the wording to something more generic, instead of
    “in order to get support”
    “in order to let others connect to your computer”.

  16. > Probably because zeroconf just does not do what
    > the author wants. Zeroconf is about locating _local_
    > network services.

    I think it is not right — Zeroconf can be used world-wide.

  17. That’s a nice improvement to Vino. I wouldn’t mind seeing this change added.

    I see that you are getting quite a few comments regarding UPnP. Am I the only one that thinks this is a security risk? I have mine shut off in my router. I prefer to manually open my ports. Maybe you could just add a little textbox that reminds the user to open port 5900 if they haven’t to get outside access.

  18. Why not use Avahi? Well, UPNP would not be used for service discovery but NAT traversal. Not all routers support this, though. Some support NAT-PNP (?) though. The transmission bittorrent client has support for this.

    Security risk? Well, you don’t want use this is a bigger LAN/WLAN but it’s convenient to have for the home user where you probably only have 2-3 of your own (or family member’s) PCs.

  19. IPv6? Ha! Well, it will replace v4 at some point in time rather sooner than later I suppose but it won’t change the usage of NAT in most places.

  20. como eu faço pra conectar ao meu servidor VNC que roda em um ubuntu 8.04 usando o Browser na porta 5800 como usava no realVNC? Obrigado.

  21. The changes you proposed for Vino’s user interface helps a lot, considering the additional comments about colors, icons and preferences for simplicity, as suggested above by some people.

    I also would like to see an easy, opensource based and non-invasive solution for connecting two linux systems behind NAT, similar to crossloop (, which is free but proprietary).

  22. Thinking outside the box, how about adding support for other transports than plain TCP. Eric already mentioned empathy, which supports XMPP and has libjingle support.

    How about using XMPP as the transport to negotiate the connection for the two parties. libjingle is capable of doing the negotiation and is rather good at it, it’s even capable of doing NAT piercing. The downside for this would be that we need a separate client that supports VNC with XMPP negotiation. But in the end, if two parties are able to talk to each other, why not take advantage of that and allow programs to sort out the kinks.

  23. I think the route is in place isn’t it? Open a ssh channel then vnc through it. Vinagre/Vino is the vnc bit. What I would like is some clear syntax to make it work.

    At the target end a NAT server is the norm I suggest and the target user machine must have a port forwarded from the NAT router. A window to allow the target to make their router forward a port 590x would be great. ‘sudo route’ tells them the router (default gateway). Can the port forward be automated? Is nmap any good here?

    Then for the Remote Desktop Viewer end its down to syntax to string it all together. Mail headers give the route through the internet so sending an email is a very good idea (could RDV parse the header and pluck out the route? Equally could the body of the email be parsed to pick out the machine name/ip address and forwarded port?)

  24. Hi, any plans to allow the vino/vinagre to set up specific options for individual connections like color depth, compression level, refresh rate? I often have to use vnc on low bandwidth settings, but vino/vinagre do not allow me to do that 🙁 Thanks!

Comments are closed.