Setting up a CentOS 7 server to run a VNC server and connect to a VPN.
The basic steps:
- install and start vnc server
- install openconnect
- connect to vpn
- create ssh tunnel from desktop to server
- use vnc viewer to connect to vnc server
On CentOS 7 (see rhel 7 on ec2 notes following this code block):
yum groupinstall -y "GNOME Desktop" && reboot
yum install -y tigervnc-server
cp /lib/systemd/system/vncserver@.service /etc/systemd/system/vncserver@:1.service
# EDIT: /etc/systemd/system/vncserver@\:1.service
# change user and path to user .vnc directory
# add `-geometry 1280x1024` to line that starts vnc server
systemctl daemon-reload
systemctl enable vncserver@:1.service
# exit root, become user, start vncserver so you can set a password
vncserver
# if this doesn't work, find the pid and kill it. also cleanup /tmp/.X1* stuff
vncserver -kill :5901
# start the server, make sure the server is started, if not issue a `start`
systemctl start vncserver@:1.service
systemctl status vncserver@:1.service
On RHEL7 EC2 instance:
yum groupinstall "X Window System"
yum -y groupinstall gnome
yum install firefox
cp /lib/systemd/system/vncserver@.service /etc/systemd/system/vncserver@:1.service
# EDIT: /etc/systemd/system/vncserver@\:1.service
# change user to ec2-user and path to /home/ec2-user/.vnc
systemctl daemon-reload
systemctl enable vncserver@:1.service
# now, as the "ec2-user":
# set a password for the vnc server, then kill the server it starts
vncserver
# if this doesn't work, find the pid and kill it. also cleanup /tmp/.X1* stuff
vncserver -kill :5901
# as root:
# start the vncserver
systemctl start vncserver@:1.service
- get vpnc-script (http://www.infradead.org/openconnect/vpnc-script.html)
yum install -y wget
wget http://git.infradead.org/users/dwmw2/vpnc-scripts.git/blob_plain/HEAD:/vpnc-script
mkdir /etc/vpnc && mv vpnc-script /etc/vpnc/
chmod +x /etc/vpnc/*
- build and install openconnect
yum groupinstall "Development Tools"
yum install -y gnutls-devel.x86_64 libxml2-devel
wget ftp://ftp.infradead.org/pub/openconnect/openconnect-7.06.tar.gz
tar xf openconnect-7.06.tar.gz
cd openconnect-7.06/
./configure
make
make install
openconnect -u VPN_USER_NAME --authgroup="ra_username" https://<VPN SERVER IP>
When prompted, type "yes" and then enter your VPN Password.
On your desktop (assuming the vncserver is using port 5901, as it was configured earlier)
user=ec2-user # or 'root', depends on the server you're connecting to
ssh -i /path/to/private_key.pem -L 5901:localhost:5901 $user@<server running vnc> -N
From your desktop, use Tiger VNC (or similar) to connect to "localhost:5901", enter password used when configuring the vnc server.
If an EBS volume is created and attached, you need to make a filesystem and mount it:
partial reference: http://stackoverflow.com/questions/28792272/attaching-and-mounting-existing-ebs-volume-to-ec2-instance-filesystem-issue