(Answer) (Category) VNC FAQ-o-Matic : (Category) SSH and Other Step-by-Step How-To's : (Category) How to setup an encrypted tunnel (eg, SSH) for my VNC connection :
Using Stunnel
Here's a great article which essentially covers everything about
setting up VNC to work well with Stunnel in a Windows environment:

http://www.securityfocus.com/infocus/1677
Stunnel is a program that allows you to encrypt arbitrary TCP connections 
inside SSL (Secure Sockets Layer), and is available on both Unix and Windows.
Stunnel enhances the security of non-SSL aware servers and protocols (like 
VNC), by providng good transport encryption for the data.

The following text is lifted from http://www.stunnel.org/examples/vnc.html

Definitions: 

Server    The machine on which you'll run a VNC server. You'll be viewing 
          this machine's desktop somewhere else. 

Client    The machine at which you wish to sit, launch a VNC client, and 
          view the remote (server) desktop. 


server$ stunnel -d 7777 -r 5901         # recieve from 7777, route decrypted
                                        # packets to local vncserver

server$ vncserver :1                    # start vncserver on first
                                        # screen (port 5901)

client$ stunnel -d 5901 -r server:7777  # tunnel vnc to server

client$ vncviewer localhost:1           # connect to local stunnel process

Thanks to MikeS for his details on using Stunnel between Windows machines:
--------------------------------------------------------------------------

Below is what I have setup using Stunnel 4.04 on Windows

The machine that is running the server only needs to map the port
used by the stunnel (in this example 7777) to the VNC port 5900.

The client machine maps local port to VNC servers thru the stunnel port
(again port 7777 in this example). I have is setup to use 127.0.0.1 or
127.0.0.1:5900 to go to one server, and 127.0.0.1:5901 to go to a totally
different server. 

All the files are just downloaded, and it seems to work fine. I don't know 
how to create the stunnel.pem files, so just have it using the one from the 
site.

[Server STUNNEL.CONF FILE - MAPS STUNNEL PORT to VNC PORT]

 client = no
 cert = stunnel.pem

 [vnc]
 accept = 7777
 connect = 5900

[Client STUNNEL.CONF File - Setup to be able to work with 2 VNC servers]

 client = yes
 cert = stunnel.pem

 [vnc]
 accept = 5900
 connect = xxx.xxx.xxx.xxx:7777
 [vnc2]
 accept = 5901
 connect = 192.168.0.8:7777

[Files in Directory from Stunnel.org]

LIBEAY32 DLL     1,379,459  12-31-02 11:54a libeay32.dll
LIBSSL32 DLL       476,329  12-31-02 11:54a libssl32.dll
OPENSSL  EXE     1,089,536  12-31-02 11:54a openssl.exe
STUNNEL  EXE        59,904  01-12-03  4:54p stunnel.exe
STUNNEL  PEM         1,690  02-28-03 12:24a stunnel.pem
[Append to This Answer]
Previous: (Answer) Using Zebedee
Next: (Answer) Using Kaboodle
This document is: http://faq.gotomyvnc.com/cgi-bin/fom?file=33
[Search] [Appearance]
This is a Faq-O-Matic 2.721.
This FAQ administered by sbest@best.com