Can't connect remotely to ubuntu computer outside my network

Ok So I want to use VNC to connect to an ubuntu machine at my sisters house. I configured the host machine in the desktop sharing settings appropriately to allow for other users to view the desktop etc. When I run remmina and add the profile to connect to the machine, I get the error, 'unable to connect to vnc server' (ssh doesn't work as well 'no route to host'). I've entered the right IP address but I have a feeling the problem may be with the router which is a BT router and they have a bad reputation as well. Or am I missing a piece of vnc software? I just assumed all you needed on both systems is remmina(also note that the profiles protocol is VNC and not RDP, just to clear things up). I will do further troubleshooting but I was wondering if you guys could point me in the right direction in the meantime. Thanks in advance.

The router acts as a firewall and blocks all incoming traffic, unless initiated from within the network. You have to configure your router to pass through traffic from a certain port to your PC.

See https://portforward.com/router.htm for per-router instructions.

get the ssh port open, make sure ssh works , then follow the instructions here . basically it boils down to this command from localhost:
ssh user@remote_host -L 5900:127.0.0.1:5900
then connect your local vnc to 127.0.0.1:5900
substitute you vnc server's listening port (on the remote host) for 5900
5900 is only used by x11vnc to serve up the current desktop. all other vnc programs start at 5901, unless its a server thats not have a xorg session running atm.

1 Like

Ok I'll try that, do I have to do this on both routers? They're both the same brand if that's relevant.

I'll give this ago, are all these instructions exclusive to the host machine?

Routers block the incoming traffic only, otherwise you wouldn't be able to connect to the internet. Thus you only need to open the port on the network you are trying to connect to.

Also make sure you've got the correct IP address. You'll have to use that of the router, as seen from the internet. You can find it here: https://duckduckgo.com/?q=what+is+my+ip&t=ffab&ia=answer (just below the search box)

Lastly, note that your IP is most likely subject to change. Depending on your ISP the IP may change anywhere from every few hours to months.

Open port 22 on your router and on ufw on the computer.

any routers must be configured to let port 22 (ssh) through to your machine, by port forwarding it to your machine .

Just to update, I open port 22 on both routers and I went through the steps in the link you posted. When I try to connect to the remote host using 127.0.0.1:5900, I still get 'Unable to connect VNC server". I'm don't know a lot about networking but I was confused as to why the remote ubuntu machines actual ip address is not being used anywhere.

What happens when you do this from outside the targets LAN?

ssh username@targetsExternalIP:22

It'll look similar to:

ssh [email protected]:22

targetsExternalIP is the outward facing IP of the default gateway at your sisters

AND FOR THE LOVE OF GOSH DONT POST THE EXTERNAL IP HERE! Exposed :22 on the net, not a good idea to post

I shall try this and just to simplify things is the targetsExternalIP just the IPv4/6 address of the target system?

No, it's the targets outward facing IP.

You need to go on the target computer or any other computer on that network, type in "what's my IP address" on google and write that down. That's the IP you want from your house and in the ssh command

Lastly you'll have to have port forwarded 22 from the default gateway, router or whatever you want to call it directly to the internal IP of the target device. You can get the internal up by typing "ip addr" on the command prompt. Also make sure the target has service sshd started.

Then from you house do ssh username@externalIP:22 and let me know what it says.

Ok, one issue is with my particular router, it allows me to port forward 22 but it doesn't seem to give me the option to direct it to the internal ip of the device, unless it does this by default for any device on the netowrk? I won't be able to do this until tomorrow and I'll also check if the sshd service is started. Thanks

Down and dirty network diagram from my iPhone right to l1t

    HR1 external 23.86.90.982                               HR2 external 123.87.12.11
   <>-----------------------------------------------------<>
    |  HR1 internal 192.168.1.254.                        |.   Hr2 internal 192.168.1.254
    |.                                                    |
    [] - your comp 192.168.1.187                          [] - vnc comp 192.168.1.45

Ok, so the [] are the computers both at different houses.

The <> are the home routers.

Routers are typically used as the "edge" device which acts as the interface between all of the computers at your house to the internet. There are two IPs associated with your router, ian internal and a Public facing IP. Therefore, the router creates a division point, on one side is the public internet and all the other routers connected to it, and on the other side of your router are all the internal devices in your home network.

All of the devices on the internal side of the router make up a LAN (local area network). Each device on a LAN has an IP address. Any traffic that is destined for a device not within the LAN has to be sent to the router which will forward that request to another router that will then forward it to the appropriate device on its LAN.

Therefore, when devices on different LANs need to talk to each other theIR routers have to talk to each other and when routers talk they only care about each other's public facing IP addresses.

Within a LAN, every device that needs to be able to send trafffic out of its LAN needs a "default gateway" set. The default gateway is used when the device can't send it's message directly to another device because they are not on the same LAN. When this happens the device sends the request to its default gateway. This is normally the internal IP address of your router.

So if you visit google.com the first thing is your computer doesn't care about "google.com" which is the "domain name." It wants the public facing IP address of the domain name "google.com." To get this there is a nifty system called DNS, which isn't important to deep dive on for your ssh issue, but what's important is that system then returns to your computer the IP address for google.com - 172.217.8.174.

When your computer realizes 172.217.8.174 isn't on the LAN it sends that request to the default gateway. However, that's just Google's router public facing IP address. What we are really doing is making a service request to Googles router to forward our webpage request to the appropriate device on their LAN, which is the web server. How do we do thi? By appending a port number to the IP address.

Typically :80 (port 80) and :443 (port 443 - secure http). So, by visiting 172.217.8.174:80 we are essentially sending a request to Googles router to make a request on port 80 - the web service. Google's router is configured to forward all requests on public facing :80 to the web server within its LAN. We won't know this IP. However, as long as the local serve is running the web server service (httpd) and configured properly, the web server immediately responds by sending the HTML contents of a file called index.html back to its router, which forwards that back to our routers external IP, which then routes it to our internal IP address, which is our computer - and holy shit the internet just worked!

So how does this apply to your situation. We need to know a few things about your sisters network. We need the local IP of the sshd server (the Ubuntu box there). Your sisters router needs to also be configured recognize anytime its public facing ip is hit on :22 to forward it to the ssh port on the Ubuntu IP. Like the guy said below if the router gives you shit on the internal side set it to forward public :22 to forward to ubuntuIPAdress:2222. Go to the Ubuntu box and edit the sshd.conf file to listen on 2222 restart sshd. Open port 2222 on the Ubuntu box and your good.

At that point you should be able for outside her LAN do ssh ubuntuUserName@sistersExternalIP:22

If we can get a secure shell we can go forward with getting VNC set up, but let's take it one step at a time. Get port forwarding and local machine configuration correct. Enumerate (get) the correct IP addresses and test ssh. We can troubleshoot from there.

Finally, we're doing a very similar thing to what I explained with google, only we aren't using DNS to automate getting your sisters IP and we are making a service call for ssh (secure shell) rather than an http request (web service).

Good luck! Keep us posted!

Another thing to keep in mind; sometimes Internet providers block common service ports to 'protect' you. You may need to use a different port number on the public side (like 2222) and port forward that to 22 on the LAN side.

1 Like

Thanks man this is very informative, as you say I'll try and get ssh successfully running and take it from there. Just to be clear what I should do for now, my router manager's port forwarding section allows me to open up port 22 which I have done but it doesn't let me specify what IP address to direct it to (which I assume would be the internal IP address of the Ubuntu machine). Note that I actually haven't tried that ssh command with the public IP address, so I'll try that first without editing the config file.

Edit: I ran the command "ssh username@publicIP:22" and it returned "Could not resolve hostname publicIP:22: Name or service not known

Edit 2: I checked the ssh config file and all entries were commented out (with #, I think this comments the parameters out in this context) except the last 3. When I ran the ssh command again(with all parameters uncommented), this returned "/etc/ssh/ssh_config line 43: Bad cipher '3des' ". So my config file must not be properly set up?

I kind of get the impression my router will not like me do that. BT routers are notorious for being pretty terrible routers, this is all for a Plex server and the reasons I moved it to my sisters was because her uploads were faster and when the server was at my home, I couldn't even prioritise gaming packets so it was impossible to play whilst someone was streaming.