Skip to content

Instantly share code, notes, and snippets.

@mindscratch

mindscratch/notes.md

Last active October 25, 2016 11:11
Show Gist options
  • Save mindscratch/c6a6da98cb05b195f50f to your computer and use it in GitHub Desktop.
Save mindscratch/c6a6da98cb05b195f50f to your computer and use it in GitHub Desktop.
Download ZIP
Setup server for VNC & VPN
Raw
notes.md

Setting up a CentOS 7 server to run a VNC server and connect to a VPN.

The basic steps:

  • install and start vnc server
  • install openconnect
  • connect to vpn
  • create ssh tunnel from desktop to server
  • use vnc viewer to connect to vnc server

Setup VNC Server

On CentOS 7 (see rhel 7 on ec2 notes following this code block):

yum groupinstall -y "GNOME Desktop" && reboot
yum install -y tigervnc-server
cp /lib/systemd/system/vncserver@.service /etc/systemd/system/vncserver@:1.service

# EDIT: /etc/systemd/system/vncserver@\:1.service 
# change user and path to user .vnc directory
# add `-geometry 1280x1024` to line that starts vnc server

systemctl daemon-reload
systemctl enable vncserver@:1.service

# exit root, become user, start vncserver so you can set a password
vncserver

# if this doesn't work, find the pid and kill it. also cleanup /tmp/.X1* stuff
vncserver -kill :5901

# start the server, make sure the server is started, if not issue a `start`
systemctl start vncserver@:1.service
systemctl status vncserver@:1.service

On RHEL7 EC2 instance:

yum groupinstall "X Window System"
yum -y groupinstall gnome
yum install firefox

cp /lib/systemd/system/vncserver@.service /etc/systemd/system/vncserver@:1.service

# EDIT: /etc/systemd/system/vncserver@\:1.service 
# change user to ec2-user and path to /home/ec2-user/.vnc

systemctl daemon-reload
systemctl enable vncserver@:1.service

# now, as the "ec2-user":
# set a password for the vnc server, then kill the server it starts
vncserver

# if this doesn't work, find the pid and kill it. also cleanup /tmp/.X1* stuff
vncserver -kill :5901

# as root:
# start the vncserver
systemctl start vncserver@:1.service

Install openconnect

yum install -y wget
wget http://git.infradead.org/users/dwmw2/vpnc-scripts.git/blob_plain/HEAD:/vpnc-script
mkdir /etc/vpnc && mv vpnc-script /etc/vpnc/
chmod +x /etc/vpnc/*
  • build and install openconnect
yum groupinstall "Development Tools"
yum install -y gnutls-devel.x86_64 libxml2-devel
wget ftp://ftp.infradead.org/pub/openconnect/openconnect-7.06.tar.gz
tar xf openconnect-7.06.tar.gz
cd openconnect-7.06/
./configure
make
make install

Connect to VPN

openconnect -u VPN_USER_NAME --authgroup="ra_username" https://<VPN SERVER IP>

When prompted, type "yes" and then enter your VPN Password.

Create the SSH tunnel

On your desktop (assuming the vncserver is using port 5901, as it was configured earlier)

user=ec2-user  # or 'root', depends on the server you're connecting to
ssh -i /path/to/private_key.pem -L 5901:localhost:5901 $user@<server running vnc> -N

Connect to VNC server

From your desktop, use Tiger VNC (or similar) to connect to "localhost:5901", enter password used when configuring the vnc server.

@mindscratch
Copy link
Author

mindscratch commented Sep 22, 2016
edited

If an EBS volume is created and attached, you need to make a filesystem and mount it:

mkdir /data
mkfs -t xfs /dev/xvdf
mount /dev/xvdf /data -t xfs

partial reference: http://stackoverflow.com/questions/28792272/attaching-and-mounting-existing-ebs-volume-to-ec2-instance-filesystem-issue

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment