VNC vs Firewall
In an old LinuxFormat Answers you had a FAQ about remote desktops. The question was about connecting from a work computer to a remote home computer. I assume the home machine is probably behind a router with a firewall? So doesn't he need to open a port in this firewall at home before he can connect? Is this risky? Which port is used for VNC? David Hignett A home computer behind a router is inaccessible from outside by default. It’s not just a firewall, Network Address Translation (NAT) on the router means that the external IP address only gets as far as the router. You need to set up port forwarding on the router to forward specific ports from the Internet to a specific computer. In the case of VNC, the default address uses port 5900. However, this is considered a security risk and will open you up to all sorts of attacks from people trying to find vulnerabilities in the VNC software. A safer approach is to use a VPN (Virtual Private Network) which creates an encrypted tunnel through which the remote
computer becomes a part of the home network We've covered this in the past, but it can be a little tricky to set up. Fortunately, there is now a simpler alternative in the form of the ZeroTier service. This allows you to create a virtual network in your web browser. The first step is to go to www.zerotier.com and install the software on both computers. Next, create a network, which you do from the website. This has a 16-character ID, used to add computers to the network. On each computer, run $ sudo zerotier-cli join ID
You don’t want anyone to be able to connect to your network, so you need to go back to the web control panel at https://
myzerotier.com, go to your network and tick the Auth box for each computer. Now each computer has a new IP address that can only be accessed by other authorised computers on your network. All traffic is encrypted and goes directly between your computers and the software only connects to the zeroTier server to get the location of the other computer.
Unlike a VPN, ZeroTier creates a new private network rather than joining a computer to an existing network, so you need to add each computer separately. Apart from that, it's a simple way of safely accessing a computer from afar, and it works with mobile devices too.