(to FAQ) (to Downloads) (to Building) (to Beta Test) (to Donations)
![[PayPal]](x-click-but04.gif){kind=small}
x11vnc allows one to view remotely and interact with real X displays (i.e. a display corresponding to a physical monitor, keyboard, and mouse) with any VNC viewer. In this way it plays the role for Unix/X11 that WinVNC plays for Windows.
It has built-in SSL/TLS encryption and RSA authentication, including VeNCrypt; UNIX account and password login support; server-side scaling; single port HTTPS/HTTP and VNC; Zeroconf service advertising; and TightVNC and UltraVNC file-transfer. It has also been extended to work with non-X devices: webcams and TV tuner capture devices, embedded Linux systems such as Qtopia Core, and natively on Mac OS X Aqua/Quartz.
It also provides an encrypted Terminal
Services mode (-create,
-svc,
or -xdmsvc
options) based on Unix usernames and Unix
passwords where the user does not need to memorize his VNC display/port
number.
Normally a virtual X session (Xvfb) it created, but it also work
with X sessions on physical hardware.
See also the tsvnc terminal services mode of the SSVNC viewer.
I wrote x11vnc back in 2002 because x0rfbserver was
basically impossible to build on Solaris and had poor performance. The
primary x0rfbserver build problems centered around esoteric
C++ toolkits. x11vnc is written in plain
C and needs only standard libraries and so should work
on nearly all Unixes. I also added some
enhancements to improve the interactive response, add many
features, and etc.
This page including the FAQ contains much information [*]; solutions to many problems; and interesting applications, but nevertheless please feel free to contact me if you have problems or questions (and if I save you time by giving you some of my time, please consider a paypal donation). Please check the FAQ first; I realize this page is massive, but you can often use your browser's find-in-page action using a keyword to find the answer to your problem or question.
Please help beta test the new performance speedup feature using viewer-side pixel caching "ncache". Let me know how it goes; thanks.
SSVNC: An x11vnc side-project provides an
Enhanced TightVNC Viewer package (SSVNC)
for Unix, Windows, and Mac OS X with automatic SSL and/or SSH tunnelling
support, SSL Certificate creation, saved connection profiles, and
built-in Proxy support. And for the Unix viewer: NewFBSize, ZRLE,
Viewer-side Scaling, cursor alphablending, and low color modes. Also
on Unix the UltraVNC File Transfer, Text Chat, Single Window, Server
Input, and 1/n Scaling extensions are supported along with UltraVNC
DSM encryption. This bundle could be placed on, say, a USB memory stick
for SSL/SSH VNC viewing from nearly any networked computer.
Please help test out some recently added features:
automatic service tunnelling via SSH for: CUPS and SMB Printing, ESD/ARTSD
Audio, and SMB (Windows/Samba) filesystem mounting; Port Knocking; and the sshvnc/tsvnc modes.
x11vnc -ssl SAVE ...")
on a Debian or Ubuntu system from Sept. 2006 through May 2008, then those keys are
likely extremely weak and can be easily cracked. The certificate files
should be deleted and recreated on a non-Debian system or an updated one.
See
http://www.debian.org/security/2008/dsa-1571 for details.
The same applies to SSH keys (not used by x11vnc directly, but
many people use SSH tunnels for VNC access.)
Some VNC links:
For Unix, the traditional VNC implementation includes a "virtual" X11 server
Xvnc (usually launched via the vncserver command) that
is not associated with a physical display, but provides a "fake" one
X11 clients (xterm, firefox, etc.)
can attach to. A remote user then connects to Xvnc via the VNC
client vncviewer from anywhere on the network to view and interact
with the whole virtual X11 desktop.
The VNC protocol is in most cases better suited for remote connections with low bandwidth and high latency than is the X11 protocol because it involves far fewer "roundtrips" (an exception is the cached pixmap data on the viewing-end provided by X). Also, with no state maintained the viewing-end can crash, be rebooted, or relocated and the applications and desktop continue running. Not so with X11.
So the standard Xvnc/vncserver program is very useful, I use it for things like:
However,
sometimes one wants to connect to a real X11 display (i.e.
one attached to a physical monitor, keyboard, and mouse: a Workstation
or a SunRay session) from far away. Maybe you want to close down an
application cleanly rather than using kill, or want to work
a bit in an already running application, or would like to help a distant
colleague solve a problem with their desktop, or would just like to
work out on the deck for a while. This is where x11vnc
is useful.
In this basic example let's assume the remote
machine with the X display you wish to view is
"far-away.east:0"
and the workstation you are presently working at is
"sitting-here.west".
Step 0. Download x11vnc (see below)
and have it available to run
on far-away.east (on some linux distros it is as easy as
"apt-get install x11vnc", "emerge x11vnc", etc.)
Similarly, have a VNC viewer
(e.g. vncviewer) ready to run on sitting-here.west.
We recommend
TightVNC Viewers
(see also our SSVNC viewer.)
Step 1.
By some means log in to far-away.east and get a command shell
running there. You can use ssh, or even rlogin,
telnet, or any other method to do this. We do this because
the x11vnc process needs to be run on the same machine the X
server process is running on (otherwise things would be extremely slow).
Step 2.
In that far-away.east shell (with command prompt
"far-away>" in this example)
run x11vnc directed at the far-away.east X session display:
far-away> x11vnc -display :0You could have also set the environment variable
DISPLAY=:0
instead of using "-display :0".
This step attaches x11vnc to the far-away.east:0 X display
(i.e. no viewer clients yet).
Common Gotcha:
To get X11 permissions right, you may also need to set the
XAUTHORITY environment variable (or use the
-auth option)
to point to the correct
MIT-MAGIC-COOKIE file (e.g. /home/joe/.Xauthority).
If x11vnc does not have the authority to connect to
the display it exits immediately.
More on how to fix this below.
If you suspect an X11 permissions problem do this simple test: while sitting at the physical X display open a terminal window (gnome-terminal, xterm, etc). You should be able to run x11vnc successfully in that terminal without any need for command line options. If that works OK then you know X11 permissions are the only thing preventing it from working when you try to start x11vnc via a remote shell. Then fix this with the tips below.
Note as of Feb/2007 you can also try the
-find
option instead of "-display ..." and see if that
finds your display and Xauthority. (End of Common Gotcha)
When x11vnc starts up there will then be much chatter
printed out (use "-q" to quiet it),
until it finally says something like:
. . 13/05/2004 14:59:54 Autoprobing selected port 5900 13/05/2004 14:59:54 screen setup finished. 13/05/2004 14:59:54 13/05/2004 14:59:54 The VNC desktop is far-away:0 PORT=5900which means all is OK, and we are ready for the final step.
Step 3.
At the place where you are sitting (sitting-here.west in
this example) you now want to run a VNC viewer program. There are VNC
viewers for Unix, Windows, MacOS, Java-enabled web browsers, and even
for PDA's like the Palm Pilot! You can use any of them to connect to
x11vnc (see the above VNC links under "Background:" on how to
obtain a viewer for your platform or see
this FAQ.
For Solaris, vncviewer is available in the
Companion CD
package SFWvnc).
In this example we'll use the Unix vncviewer program on
sitting-here by typing the following command
in a second terminal window:
sitting-here> vncviewer far-away.east:0That should pop up a viewer window on
sitting-here.west
showing and allowing interaction with the far-away.east:0
X11 desktop. Pretty nifty!
When finished, exit the viewer: the remote x11vnc process will shutdown
automatically (or you can use the
-forever option
to have it wait for additional viewer connections).
Common Gotcha:
Nowadays there will likely be a host-level firewall on the x11vnc
side that is blocking remote access to the VNC port (e.g. 5900).
You will either have to open up that port (or a range of ports) in
your firewall administration tool, or try the SSH
tunnelling method below (even still the firewall must allow in the
SSH port, 22).
Shortcut:
Of course if you left x11vnc running
on far-away.east:0 in
a terminal window with the
-forever option
or as a service,
you'd only have to do Step 3 as you moved around.
Be sure to use a VNC Password or
other measures if you do that.
Super Shortcut:
Here is a potentially very easy way to get all of it working.
ssvnc_no_windows-1.0.19.tar.gz) on the Viewer-side machine../ssvnc/bin/tsvncusername@hostname (e.g. fred@far-away.east) in the "VNC Terminal Server" entry.username@hostname and start up x11vnc
and then connect a VNC Viewer through the SSH encrypted tunnel.
There are a number of things assumed here, first that you are able to SSH into
the remote host; i.e. that you have a Unix account there and the SSH server is
running. On Unix and MacOS X it is assumed that the ssh client command
is available on the local machine (on Windows a plink binary is included in
the SSVNC bundle). Finally, it is assumed that you are already logged
into an X session on the remote machine, e.g. your workstation (otherwise,
a virtual X server, e.g. Xvfb, will be started for you).
In some cases the remote SSH server will not run commands with the same $PATH that you normally have in your shell there. In this case click on Options -> Advanced -> X11VNC Options, and type in the location of the x11vnc binary under "Full Path". (End of Super Shortcut)
Desktop Sharing: The above more or less assumed nobody was
sitting at the workstation display "far-away.east:0". This
is often the case: a user wants to access her workstation remotely.
Another usage pattern has the user sitting at
"far-away.east:0" and invites one or more other people to
view and interact with his desktop. Perhaps the user gives a demo or
presentation this way (using the telephone for vocal communication). A
"Remote Help Desk" mode would be similar: a technician
connects remotely to the user's desktop to interactively solve a problem the
user is having.
For these cases it should be obvious how it is done. The above steps will
work, but more easily the user sitting at far-away.east:0
simply starts up x11vnc from a terminal window, after which the
guests would start their VNC viewers. For this usage mode the
"-connect host1,host2" option
may be of use to automatically
connect to the vncviewers in "-listen" mode on the list of hosts.
The above example had no security or privacy at all. When logging
into remote machines (certainly when going over the internet) it is
best to use ssh, or use a VPN (for a VPN, Virtual Private
Network, the above example should be pretty safe).
For x11vnc one can
tunnel the VNC protocol through an encrypted ssh channel.
It would look something like running the following commands:
sitting-here> ssh -t -L 5900:localhost:5900 far-away.east 'x11vnc -localhost -display :0'(you will likely have to provide passwords/passphrases to login from
sitting-here into your far-away.east Unix account;
we assume you have a login account on far-away.east and it is
running the SSH server)
And then in another terminal window on sitting-here run the
command:
sitting-here> vncviewer -encodings "copyrect tight zrle hextile" localhost:0Note: The
-encodings option is very important:
vncviewer will often default to "raw" encoding if it thinks the
connection is to the local machine, and so
vncviewer gets tricked this way by the ssh redirection. "raw"
encoding will be extremely slow over a networked link, so you
need to force the issue with -encodings "copyrect tight ...".
Nowadays, not all viewers use the -encodings option, try
"-PreferredEncoding=ZRLE" (although the newer viewers seem
to autodetect well when to use raw or not).
Note that "x11vnc -localhost ..." limits incoming vncviewer
connections to only those from the same machine. This is very natural for
ssh tunnelling (the redirection appears to come from the
same machine).
Use of a VNC password is also strongly
recommended.
Note also the -t we used above (force allocate pseudoterminal), it
actually seems to improve interactive typing response via VNC!
You may want to add the -C option to ssh to enable
compression. The VNC compression is not perfect, and so this may help
a bit. However, over a fast LAN you probably don't want to enable SSH
compression because it can slow things down. Try both and see which
is faster.
If your username is different on the remote machine use something
like: "fred@far-away.east" in the above ssh command line.
Some VNC viewers will do the ssh tunnelling for you automatically,
the TightVNC Unix vncviewer does this when the
"-via far-away.east"
option is supplied to it (this requires x11vnc to be already
running on far-away.east or having it started by
inetd(8)). See the 3rd script example
below for more info.
SSVNC: You may also want to look at the
Enhanced TightVNC Viewer (ssvnc)
bundles because they contain scripts and GUIs to automatically set up SSH
tunnels (e.g. the GUI, "ssvnc", does it automatically and
so does this command: "ssvnc_cmd -ssh user@far-away.east:0")
and can even start up x11vnc as well.
The Terminal Services mode of SSVNC is perhaps the easiest way to use x11vnc. You just need to have x11vnc available in $PATH on the remote side (and can SSH to the host), and then on the viewer-side you type something like:
tsvnc fred@far-away.easteverything else is done automatically for you. Normally this will start a virtual Terminal Services X session (RAM-only), but if you already have a real X session up on the physical hardware it will find that one for you.
Gateways:
If the machine you SSH into is not the same machine with the
X display you wish to view (e.g. your company provides incoming SSH
access to a gateway machine), then you
need to change the above to, e.g.: "-L 5900:OtherHost:5900":
sitting-here> ssh -t -L 5900:OtherHost:5900 gateway.eastWhere
gateway.east is the internet hostname (or IP) of
the gateway machine (SSH server). 'OtherHost' might be, e.g., freds-pc or
192.168.2.33 (it is OK for these to be private hostnames or
private IP addresses, the host in -L is relative to the remote
server side).
Once logged in, you'll need to do a second login (ssh,
rsh, etc.) to the workstation machine 'OtherHost' and then start
up x11vnc on it (if it isn't already running).
(The "-connect gateway:59xx" option may be another alternative here with
the viewer already in -listen mode).
For an automatic way to use a gateway and have all the network
traffic encrypted (including inside the firewall) see
Chaining SSH's.
These gateway access modes also can be done automatically for you via the "Proxy/Gateway" setting in SSVNC (including the Chaining SSH's case, "Double Proxy").
A lot of people have inexpensive devices for home or office that act as a Firewall and Router to the machines inside on a private LAN. One can usually configure the Firewall/Router from inside the LAN via a web browser.
Often having a Firewall/Router sitting between the vncviewer and x11vnc will make it impossible for the viewer to connect to x11vnc.
One thing that can be done is to redirect a port on
the Firewall/Router to, say, the SSH port (22) on an inside machine
(how to do this depends on your particular Firewall/Router,
often the router config URL is http://192.168.100.1
See www.portforward.com
for more info).
This way you reach these computers from anywhere on the Internet and
use x11vnc to view X sessions running on them.
Suppose you configured the Firewall/Router to redirect these ports to two internal machines:
Port 12300 -> 192.168.1.3, Port 22 (SSH) Port 12301 -> 192.168.1.4, Port 22 (SSH)(where
192.168.1.3 is "jills-pc" and
192.168.1.4 is "freds-pc".)
Then the ssh's would look something like:
sitting-here> ssh -t -p 12300 -L 5900:localhost:5900 jill@far-away.east 'x11vnc -localhost -display :0' sitting-here> ssh -t -p 12301 -L 5900:localhost:5900 fred@far-away.east 'x11vnc -localhost -display :0'Where
far-away.east means the hostname (or IP)
that the Router/Firewall is using (for home setups this
is usually the IP gotten from your ISP via DHCP, the site
http://www.whatismyip.com/ is a
convenient way to determine what it is).
It is a good idea to add some obscurity to accessing your system via SSH by using some high random port (e.g. 12300 in the above example). If you can't remember it, or are otherwise not worried about port scanners detecting the presence of your SSH server and there is just one internal PC involved you could map 22:
Port 22 -> 192.168.1.3, Port 22 (SSH)
Again, this SSH gateway access can be done automatically for you via the
"Proxy/Gateway" setting in SSVNC.
And under the "Remote SSH Command" setting you can enter the
x11vnc -localhost -display :0.
Host-Level-Firewalls: even with the hardware Firewall/Router problem solved
via a port redirection, most PC systems have their own Host level
"firewalls" enabled to protect users from themselves. I.e. the system
itself blocks all incoming connections. So you will need to see what is
needed to configure it to allow in the port (e.g. 22) that you desire.
E.g. Yast, Firestarter, iptables(1), etc..
VNC Ports and Firewalls: The above discussion was for configuring the Firewall/Router to let in port 22 (SSH), but the same thing can be done for the default VNC port 5900:
Port 5900 -> 192.168.1.3, Port 5900 (VNC) Port 5901 -> 192.168.1.4, Port 5900 (VNC)(where
192.168.1.3 is "jills-pc" and
192.168.1.4 is "freds-pc".)
This could be used for normal, unencrypted connections and
also for SSL encrypted ones.
The the VNC displays to enter in the VNC viewer would be, say, "far-away.east:0"
to reach jills-pc and "far-away.east:1" to reach freds-pc.
We assume above that x11vnc is using port 5900 (and any Host-Level-firewalls on
jills-pc has been configured to let that port in).
For a home system
one likely does not have a hostname and would have to use the IP address, say,
"24.56.78.93:0". E.g.:
vncviewer 24.56.78.93:0The IP address would need to be communicated to the person running the VNC Viewer. The site http://www.whatismyip.com/ can help here.
-bg
(forks into background after connection to the display is
set up) or using the -f option of ssh.
Some example scripts are shown below.
Feel free to try the ssh -C to enable its compression and
see if that speeds things up noticeably.
#!/bin/sh
# usage: x11vnc_ssh <host>:<xdisplay>
# e.g.: x11vnc_ssh snoopy.peanuts.com:0
# (user@host:N also works)
host=`echo $1 | awk -F: '{print $1}'`
disp=`echo $1 | awk -F: '{print $2}'`
if [ "x$disp" = "x" ]; then disp=0; fi
cmd="x11vnc -display :$disp -localhost -rfbauth .vnc/passwd"
enc="copyrect tight zrle hextile zlib corre rre raw"
ssh -f -t -L 5900:localhost:5900 $host "$cmd"
for i in 1 2 3
do
sleep 2
if vncviewer -encodings "$enc" :0; then break; fi
done
See also rx11vnc.pl below.
vncviewer -listen" and have x11vnc initiate a
reverse connection using the
-connect option:
#!/bin/sh
# usage: x11vnc_ssh <host>:<xdisplay>
# e.g.: x11vnc_ssh snoopy.peanuts.com:0
# (user@host:N also works)
host=`echo $1 | awk -F: '{print $1}'`
disp=`echo $1 | awk -F: '{print $2}'`
if [ "x$disp" = "x" ]; then disp=0; fi
cmd="x11vnc -display :$disp -localhost -connect localhost" # <== note new option
enc="copyrect tight zrle hextile zlib corre rre raw"
vncviewer -encodings "$enc" -listen &
pid=$!
ssh -t -R 5500:localhost:5500 $host "$cmd"
kill $pid
Note the use of the ssh option "-R" instead
of "-L" to set up a remote port redirection.
vncviewer special
option -via for gateways. The only tricky part is we need to
start up x11vnc and give it some time (5 seconds in this example) to
start listening for connections (so we cannot use the TightVNC default
setting for VNC_VIA_CMD):
#!/bin/sh
# usage: x11vnc_ssh <host>:<xdisplay>
# e.g.: x11vnc_ssh snoopy.peanuts.com:0
host=`echo $1 | awk -F: '{print $1}'`
disp=`echo $1 | awk -F: '{print $2}'`
if [ "x$disp" = "x" ]; then disp=0; fi
VNC_VIA_CMD="ssh -f -t -L %L:%H:%R %G x11vnc -localhost -rfbport 5900 -display :$disp; sleep 5"
export VNC_VIA_CMD
vncviewer -via $host localhost:0 # must be TightVNC vncviewer.
Of course if you already have the x11vnc running waiting for connections
(or have it started out of inetd(8)), you can simply use
the TightVNC "vncviewer -via gateway host:port" in its default
mode to provide secure ssh tunnelling.
VNC password file: Also note in the #1. example script that
the option
"-rfbauth .vnc/passwd" provides additional
protection by requiring a VNC password for every VNC viewer that connects.
The vncpasswd or storepasswd programs, or
the x11vnc -storepasswd option can
be used to create the password file. x11vnc also has the
slightly less secure -passwdfile
and "-passwd XXXXX" options to specify passwords.
Very Important:
It is up to YOU to tell x11vnc to use password
protection (-rfbauth or -passwdfile),
it will NOT do it for you automatically or force you to
(use -usepw
if you want to be forced to).
The same goes for encrypting the channel between the viewer
and x11vnc: it is up to you to use ssh,
stunnel, -ssl
mode, a VPN, etc.
(use the Enhanced TightVNC Viewer (SSVNC)
GUI if you want to be forced to use SSL or SSH).
For additional safety, also look into
the -allow and -localhost
options and building x11vnc with
tcp_wrappers support to limit host access.
One can also encrypt the VNC traffic using an
SSL/TLS tunnel such as stunnel
(also stunnel.mirt.net)
or using the built-in (Mar/2006)
-ssl openssl mode.
A SSL-enabled Java applet VNC Viewer is also provided in the
x11vnc package (and https can be used to download it).
Although not as ubiquitous as ssh, SSL tunnelling still provides
a useful alternative.
See this FAQ on -ssl and -stunnel modes for
details and examples.
The
Enhanced TightVNC Viewer (SSVNC)
bundles contain some convenient utilities to automatically set up
an SSL tunnel from the viewer-side (i.e. to connect to "x11vnc -ssl ...").
And many other enhancements too.
libvncserver for all of the VNC
aspects; I couldn't have done without it. The full source code may be
found and downloaded (either file-release tarball or CVS tree) from the
above link.
As of Oct 2008, the
x11vnc-0.9.5.tar.gz source package is released (recommended download). The
x11vnc 0.9.5 release notes.
The x11vnc package is the subset of the libvncserver package
needed to build the x11vnc program.
Also, you can get a copy of my latest, bleeding edge
x11vnc-0.9.6.tar.gz tarball to build the most up to date one.
Precompiled Binaries/Packages: See the FAQ below for information about where you might obtain a precompiled x11vnc binary from 3rd parties and some ones I create.
VNC Viewers: To obtain VNC viewers for the viewing side (Windows, Mac OS, or Unix) try these links:
More tools:
Here is a ssh/rsh wrapper script rx11vnc that attempts
to automatically do the above Steps 1-3 for you (provided you have ssh/rsh
login permission on the machine x11vnc is to be run on). The above example would
be: "rx11vnc far-away.east:0" typed into a shell on sitting-here.west.
Also included is an experimental script rx11vnc.pl that attempts to tunnel the
vnc traffic through an ssh port redirection (and does not assume port 5900 is free).
Have a look at them to see what they do and customize as needed:
Make sure you have all the needed build/compile/development packages installed (e.g. Linux distributions foolishly don't install them by default.)
If your OS has libjpeg.so
and libz.so in standard locations you can build as follows
(example given for the 0.9.5 release of x11vnc:
replace with the version you downloaded):
(un-tar the x11vnc+libvncserver tarball) # gzip -dc x11vnc-0.9.5.tar.gz | tar -xvf - (cd to the source directory) # cd x11vnc-0.9.5 (run configure and then run make) # ./configure # make (if all went OK, copy x11vnc to the desired destination, e.g. $HOME/bin) # cp ./x11vnc/x11vnc $HOME/binOr do
make install, it will probably install to /usr/local/bin
(run ./configure --help for information on customizing
your configuration, e.g. --prefix=/my/place).
You can now run it via typing "x11vnc", "x11vnc -help | more",
"x11vnc -forever -shared -display :0", etc.
Note:
Currently gcc is recommended to build libvncserver.
In some cases it will build with non-gcc compilers, but the resulting
binary sometimes fails to run properly.
For Solaris pre-built gcc binaries are at
http://www.sunfreeware.com/.
Some Solaris pre-built x11vnc binaries are here.
However, one user reports it does work fine when built with Sun Studio 10, so YMMV. In fact, here is a little build script to do this on Solaris 10:
#!/bin/sh PATH=/usr/ccs/bin:/opt/SUNWspro/bin:$PATH; export PATH CC='cc' \ CFLAGS='-xO4' \ LDFLAGS='-L/usr/sfw/lib -L/usr/X11/lib -R/usr/sfw/lib -R/usr/X11/lib' \ CPPFLAGS='-I /usr/sfw/include -I/usr/X11/include' \ ./configure MAKE="make -e" AM_CFLAGS="" export MAKE AM_CFLAGS $MAKEIn general you can use the "
make -e" trick if you don't like
libvncserver's choice of AM_CFLAGS. See the
build scripts below for more ideas.
Scripts similar to the above have been shown to work with vendor C compilers
on HP-UX (ccom: HP92453-01) and Tru64 (Compaq C V6.5-011).
You can find information on Misc. Build problems here.
/usr/local, /usr/sfw,
/opt/sfw, etc).
Note:
If configure cannot find these two libraries then
TightVNC and ZRLE encoding support will be disabled, and you don't want that!!!
The TightVNC encoding gives very good compression and performance, it
even makes a noticeable difference over a fast LAN.
Shortcuts:
On Solaris 10 you can pick up almost everything just by insuring that your
PATH has /usr/sfw/bin (for gcc) and
/usr/ccs/bin (for other build tools), e.g.:
env PATH=/usr/sfw/bin:/usr/ccs/bin:$PATH sh -c './configure; make'(The only thing this misses is
/usr/X11/lib/libXrandr.so.2,
which is for the little used -xrandr option, see the script
below to pick it up as well).
libjpeg is included in Solaris 9 and later
(/usr/sfw/include and /usr/sfw/lib),
and zlib in Solaris 8 and later
(/usr/include and /usr/lib).
So on Solaris 9 you can pick up everything with something like this:
env PATH=/usr/local/bin:/usr/ccs/bin:$PATH sh -c './configure --with-jpeg=/usr/sfw; make'assuming your
gcc is in /usr/local/bin and
x11vnc 0.7.1 or later.
These are getting pretty long, see those assignments split up in the build script below.
If your system does not have these libraries at all you can get
the source for the libraries to build them: libjpeg is available at
ftp://ftp.uu.net/graphics/jpeg/
and zlib at
http://www.gzip.org/zlib/.
See also
http://www.sunfreeware.com/
for Solaris binary packages of these libraries as well as for gcc. Normally they
will install into /usr/local but you can install them anywhere
with the --prefix=/path/to/anywhere, etc.
Here is a build script that indicates one way to pass the library
locations information
to the libvncserver configuration via
the CPPFLAGS and LDFLAGS
environment variables.
---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<--- #!/bin/sh # Build script for Solaris, etc, with gcc, libjpeg and libz in # non-standard locations. # set to get your gcc, etc: # PATH=/path/to/gcc/bin:/usr/ccs/bin:/usr/sfw/bin:$PATH JPEG=/path/to/jpeg # set to maybe "/usr/local", "/usr/sfw", or "/opt/sfw" ZLIB=/path/to/zlib # set to maybe "/usr/local", "/usr/sfw", or "/opt/sfw" # Below we assume headers in $JPEG/include and $ZLIB/include and the # shared libraries are in $JPEG/lib and $ZLIB/lib. If your situation # is different change the locations in the two lines below. # CPPFLAGS="-I $JPEG/include -I $ZLIB/include" LDFLAGS="-L$JPEG/lib -R $JPEG/lib -L$ZLIB/lib -R $ZLIB/lib" # These two lines may not be needed on more recent Solaris releases: # CPPFLAGS="$CPPFLAGS -I /usr/openwin/include" LDFLAGS="$LDFLAGS -L/usr/openwin/lib -R /usr/openwin/lib" # These are for libXrandr.so on Solaris 10: # CPPFLAGS="$CPPFLAGS -I /usr/X11/include" LDFLAGS="$LDFLAGS -L/usr/X11/lib -R /usr/X11/lib" # Everything needs to built with _REENTRANT for thread safe errno: # CPPFLAGS="$CPPFLAGS -D_REENTRANT" export PATH CPPFLAGS LDFLAGS ./configure make ls -l ./x11vnc/x11vnc ---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---8<---Then do
make install or copy the x11vnc
binary to your desired destination.
BTW, To run a shell script, just cut-and-paste the above into a file, say
"myscript", then
modify the "/path/to/..." items to correspond to your
system/environment, and then type: "sh myscript" to run it.
Note that on Solaris make is /usr/ccs/bin/make,
so that is why the above puts /usr/ccs/bin in PATH.
Other important build utilities are there too: ld, ar, etc.
Also, it is probably a bad idea to have /usr/ucb in your PATH
while building.
Starting with the 0.7.1 x11vnc release the
"configure --with-jpeg=DIR --with-zlib=DIR" options are handy if
you want to avoid making a script.
If you need to link OpenSSL libssl.a on Solaris see this
method.
If you need to build on Solaris 2.5.1 or earlier or other older Unix OS's, see this workaround FAQ.
Building on FreeBSD, OpenBSD, ...: The jpeg libraries
seem to be in /usr/local or /usr/pkg on
these OS's. You won't need the openwin stuff in the above script
(but you may need /usr/X11R6/...). Also starting with the 0.7.1
x11vnc release, this usually works:
./configure --with-jpeg=/usr/local make
Building on HP-UX: For jpeg and zlib you will need to
do the same sort of thing as described above for Solaris. You
set CPPFLAGS and LDFLAGS to find them
(see below for an example).
You do not need to do any of the above /usr/openwin stuff.
Also, HP-UX does not seem to support -R, so get rid
of the -R items in LDFLAGS.
Because of this, at runtime you may need to set
LD_LIBRARY_PATH or SHLIB_PATH to indicate
the directory paths so the
libraries can be found. It is a good idea to have static archives,
e.g. libz.a and libjpeg.a for the nonstandard
libraries so that they get bolted into the x11vnc binary
(and so won't get "lost").
Here is what we recently did to build x11vnc 0.7.2 on HP-UX 11.11
./configure --with-jpeg=$HOME/hpux/jpeg --with-zlib=$HOME/hpux/zlib makeWhere we had static archives (libjpeg.a, libz.a) only and header files in the $HOME/hpux/... directories as discussed for the build script.
On HP-UX 11.23 and 11.31 we have had problems compiling with gcc.
"/usr/include/rpc/auth.h:87: error: field 'syncaddr' has incomplete type".
As a workaround for x11vnc 0.9.4 and later set your CPPFLAGS
to include:
CPPFLAGS="-DIGNORE_GETSPNAM" export CPPFLAGSThis disables a very rare usage mode for
-unixpw_nis
by not trying getspnam(3).
Using HP-UX's C compiler on 11.23 and 11.31 we have some severe compiler errors that have not been worked around yet. If you need to do this, contact me and I will give you a drastic recipe that will produce a working binary.
Building on AIX:
AIX: one user had to add the "X11.adt" package to AIX 4.3.3 and 5.2 to
get build header files like XShm.h, etc.
You may also want to make sure that /usr/lpp/X11/include,
etc is being picked up by the configure and make.
Building on Mac OS X:
There is now native Mac OS X support
for x11vnc by using the raw framebuffer feature. This mode does
not use or need X11 at all. To build you may need to disable X11:
./configure --without-x ... makeHowever, if your system has the Mac OS X build package for X11 apps you will not need to supply the "
--without-x" option
(in this case the resulting x11vnc would be able to export
both the native Mac OS X display and windows displayed in the XDarwin
X server). Be sure to include the ./configure option to
find libjpeg on your system.
OpenSSL:
Starting with version 0.8.3 x11vnc can now be built
with SSL/TLS support. For this to
be enabled the libssl.so library needs to be available
at build time. So you may need to have additional
CPPFLAGS and LDFLAGS items if your
libssl.so is in a non-standard place.
As of x11vnc 0.9.4 there is also the --with-ssl=DIR
configure option.
On Solaris using static archives libssl.a and
libcrypto.a instead of .so shared libraries (e.g. from
www.sunfreeware.com), we found we needed to also set LDFLAGS
as follows to get the configure to work:
env LDFLAGS='-lsocket -ldl' ./configure --with-ssl=/path/to/openssl ... make
I don't have any formal beta-testers for the releases of x11vnc, so I'd appreciate any additional testing very much.
Thanks to those who suggested features and helped beta test x11vnc 0.9.5 released in Oct 2008!
Please help test and debug the 0.9.6 version for release sometime in Spring 2009.
The version 0.9.6 beta tarball is kept here:
x11vnc-0.9.6.tar.gz
There are also some Linux, Solaris, Mac OS X, and other OS test binaries here. Please kick the tires and report bugs, performance regressions, undesired behavior, etc. to me.
To aid testing of the built-in SSL/TLS support for x11vnc, a number of VNC Viewer packages for Unix, Mac OS X, and Windows have been created that provide SSL Support for the TightVNC Viewer (this is done by wrapper scripts and a GUI that start STUNNEL). It should be pretty convenient for automatic SSL and SSH connections. It is described in detail at and can be downloaded from the Enhanced TightVNC Viewer (SSVNC) page. The SSVNC Unix viewer also supports x11vnc's symmetric key encryption ciphers (see the 'UltraVNC DSM Encryption Plugin' settings panel.)
Here are some features that will appear in the 0.9.6 release:
-ssl mode.
VNC Viewers like vinagre, gvncviewer/gtk-vnc, and the vencrypt package support
this encryption mode.
It can also be used with the -unixpw option
to enable Unix username and password authentication.
A similar but older VNC security type "TLSVNC" (used by vino) is supported as well.
See the -vencrypt
and -tlsvnc
options for additional control.
The difference between normal -ssl mode and VeNCrypt is
that the former wraps the entire VNC connection in SSL (like HTTPS does
for HTTP i.e. it is vncs://) while VeNCrypt switches on the SSL/TLS at
a certain point during the VNC handshake.
-http_oneport
enables single-port HTTP connections via the Java VNC Viewer. So, for
example, the web browser URL "http://myhost.org:5900"
works the same as "http://myhost.org:5800",
but with the convenience of only involving one port
instead of two. This works for both unencrypted connections
and for SSH tunnels (see -httpsredir if the tunnel port differs).
Note that HTTPS single-port operation in
-ssl SSL encrypted mode has been available since
x11vnc version 0.8.3.
-sslCRL option.
This will only be useful for wide deployments: say a company-wide x11vnc SSL
access deployment using a central Certificate Authority (CA)
via -sslGenCA
and -sslGenCert.
This way if a user has his laptop lost or stolen, you only have to revoke
his key instead of creating a new Certificate Authority and redeploying to
all of the users.
-avahi/-zeroconf
Service Advertizing mode, if x11vnc was not compiled with the avahi-client library, then
an external helper program, either avahi-publish(1) (on Unix) or
dns-sd(1) (on Mac OS X), is used instead.
-rfbport PROMPT"
option will prompt the user via the GUI to select the VNC port (e.g. 5901)
to listen on, and a few other basic settings. This enables a handy GUI
mode for naive users:
x11vnc -gui tray=setpass -rfbport PROMPT -logfile $HOME/.x11vnc.log.%VNCDISPLAYsuitable for putting in a launcher or menu, e.g.
x11vnc.desktop.
The -logfile expansion is new too.
In the GUI, the tray=setpass Properties panel has been improved.
-solid solid background color option now works
for the Mac OS X console.
-reopen option
instructs x11vnc to try to reopen the X display if it is prematurely closed
by, say, the display manager (e.g. GDM).
Here are some features that appeared in the 0.9.5 release:
-scale 1280x1024" or "-scale 0.8x0.75"
Also, "-geometry WxH" is an alias for "-scale WxH"$PATH, the
-chatwindow option allows a
UltraVNC Text Chat window to appear on the local X11 console/display
(this way the remote viewer can chat with the person at the physical display; e.g. helpdesk mode).
This also works on the Mac OS X console if the Xquartz X11 server
(enabled by default on leopard) is running for the chatwindow.
Here are some features that appeared in the 0.9.4 release:
-find
and -create
X session finding or creating modes: new desktop types and service
redirection options.
Personal cupsd daemon and SSH port redirection helper
for use with SSVNC's Terminal Services feature.
-connect
work in the
-find,
-create
and related -display WAIT:...
modes.
-proxy.
Forward connections can also use:
-ssh.
UltraVNC repeater proxy
(either normal or SSL) are supported. Use either the
"-connect repeater=ID:NNNN+host:port"
or
"-connect repeater://host:port+ID:NNNN"
notation.
The SSVNC VNC viewer also supports the UltraVNC
repeater.
-advertise_truecolor"
to handle some workaround in this mode.
-finddpy and
-listdpy
utilities help to debug and configure the
-find,
-create,
and -display WAIT:... modes.
-xrandr option is not supplied.
-autoport
options gives more control over the VNC port x11vnc chooses.
-ping secs
can be used to help keep idle connections alive.
-clear_all.
-xkb.
-ncache 10".
The unix Enhanced TightVNC Viewer ssvnc has a nice
-ycrop option to
help hide the pixel cache area from view.
libssl available (or with
--without-ssl) has been fixed.
./configure --with-system-libvncserver"
to use a system installed libvncserver library instead
of the one bundled in the release tarball.
-unixpw
mode in the username and password dialog no text will
be echoed if the first character sent is "Escape". This
enables a convenience feature in SSVNC to send the username
and password automatically.
classes/ssl/UltraViewerSSL.jar file
(that is pointed to by ultra.vnc). The signed applet
SignedUltraViewerSSL.jar version (pointed to by
ultrasigned.vnc) will be needed to access the local drive if
you are using it for file transfer via a Web browser.
Some other bugs in the UltraVNC Java viewer were fixed and a few
improvements to the UI made.
-users sslpeer=".
The emailAddress subject field is inspected for username@hostname
and then acts as though "-users +username" has been supplied.
This way the Unix username is identified by (i.e. simply extracted from) the
Client SSL Certificate.
This could be useful with
-find,
-create
and
-svc
modes if you are also have set up and use VNC Client SSL Certificate authentication.
WAIT:cmd=...)
if the VNC Viewer is authenticated via a Client SSL Certificate, then
that Certificate is available in the environment variable RFB_SSL_CLIENT_CERT.
-avahi"
or "-zeroconf".
-id), and
disable (friendly) user input and viewing (monitor blank) at the VNC server.
-find",
"-create",
"-svc",
and "-xdmsvc"
for commonly used FINDCREATEDISPLAY usage modes.
-ssl) mode.
-forcedpms,
-clientdpms,
-noserverdpms,
and
-grabalways.
-loopbg"
option.
-noxdamage"
if it is not working well. OpenGL applications like like beryl and MythTv have been shown to make XDAMAGE
not work properly.
-httpsredir
to spare the user from needing to include &PORT=NNN in the browser URL.
Here are some features that appeared in the 0.8.4 release:
-display WAIT:cmd=FINDCREATEDISPLAY -unixpw ..." that
will Create a new X session (either virtual or real and with or without a display
manager, e.g. kdm) for the user if it cannot find the user's X
session display via the FINDDISPLAY method.
See the -svc
and the -xdmsvc
aliases.
-reflect host:N"
option. Instead of polling an X display, the remote VNC Server host:N
is connected to and re-exported via VNC. This is intended for
use in broadcasting a display to many (e.g. > 16; classroom or large demo) VNC viewers
where bandwidth and other resources are conserved by spreading the
load over a number of repeaters.
-nowireframelocal to disable.
-N"
option couples the VNC Display number to the X Display number.
E.g. if your X DISPLAY is :2 then the VNC display will be :2 (i.e. using port 5902).
If that port is taken x11vnc will exit.
-nodpms to
avoid problems with programs like KDE's kdesktop_lock
that keep restarting the screen saver every few seconds.
-xwarppointer
option is enabled by default when XINERAMA is active.
./configure --without-x", or download a binary mentioned
above, (even if you don't plan on ever using it in this mode!), and let
me know how it went. Thanks.
Here are some features that appeared in the 0.8.3 release:
-ssl option
provides SSL encryption and authentication natively via the
www.openssl.org library.
One can use from a simple self-signed certificate server certificate
up to full CA and client certificate authentication schemes.
-ssl,
the -stunnel option
starts up a SSL tunnel server stunnel (that must be installed
separately on the system:
www.stunnel.org
stunnel.mirt.net
)
to allow only encrypted SSL connections from the network.
-sslverify option
allows for authenticating VNC clients via their certificates in
either -ssl or -stunnel modes.
-sslGenCert,
-sslGenCA,
and related options.
classes/ssl/VncViewer.jar. In addition to
normal HTTP, the applet may be loaded
into the web browser via HTTPS (HTTP over SSL).
(one can use the VNC port, e.g. https://host:5900/, or also
the separate
-https port
option). A wrapper shell script
ss_vncviewer is also provided that
sets up a stunnel client-side tunnel on Unix systems.
See Enhanced TightVNC Viewer (SSVNC) for
other SSL/SSH viewer possibilities.
-unixpw option
supports Unix username and password authentication
(a simpler variant is the
-unixpw_nis option
that works in environments where the encrypted passwords are readable, e.g. NIS).
The -ssl
or -localhost
+ -stunnel
options are enforced in this mode to prevent password sniffing.
As a convenience, these requirements are lifted if a SSH tunnel can be deduced (but
-localhost still applies).
-unixpw with
"-display WAIT:cmd=FINDDISPLAY"
or "-display WAIT:cmd=FINDCREATEDISPLAY"
provides a way to allow a user to login with their UNIX password and have
their display connected to automatically.
See the -svc
and the -xdmsvc
aliases.
-unixpw_cmd
and
"-passwdfile cmd:,custom:..."
options to allow you to supply your own authentication and password
lookup programs.
./configure --without-x"
for -rawfb only
operation (e.g. embedded linux console devices).
-rotate option
enables you to rotate or reflect the screen before exporting via VNC.
This is intended for use on handhelds and other devices where the rotation
orientation is not "natural".
-ultrafilexfer"
alias is provided and improved UltraVNC filetransfer rates have been achieved.
-connect_or_exit host"
option x11vnc will exit immediately unless the reverse connection to
host succeeds.
The "-rfbport 0" option disables TCP listening for connections
(useful for this mode).
-rawfb rand"
and "-rawfb none" options are useful for testing automation
scripts, etc., without requiring a full desktop.
-verbose"
(also "-v") to turn it back on for debugging or if you
are going to send me a problem report.
Here are some Previous Release Notes
Both a client and a server: It is sometimes confusing to people that x11vnc is both a client and a server at the same time. It is an X client because it connects to the running X server to do the screen polls. Think of it as a rather efficient "screenshot" program running continuously. It is a server in the sense that it is a VNC server that VNC viewers on the network can connect to and view the screen framebuffer it manages.
When trying to debug problems, remember to think of both roles. E.g. "how is x11vnc connecting to the X server?", "how is the vncviewer connecting to x11vnc?", "what permits/restricts the connection?". Both links may have reachability, permission, and other issues.
Network performance: Whether you are using Xvnc or x11vnc it is always a good
idea to have a solid background color instead of a pretty background image.
Each and every re-exposure of the background must be resent over the network:
better to have that background be a solid color that compresses very
well compared to a photo image. (This is one place where the X protocol has
an advantage over the VNC protocol.) I suggest using xsetroot,
dtstyle or similar utility to set a solid
background while using x11vnc. You can turn the pretty background
image back on when you are using the display directly.
Update: As of Feb/2005 x11vnc has
the -solid [color] option that works on recent GNOME, KDE,
and CDE and also on classic X (background image is on the root window).
Update: As of Oct/2007 x11vnc has
the -ncache option that does a reasonable job
caching the background (and other) pixmap data on the viewer side.
I also find the TightVNC encoding gives the best response for my usage (Unix <-> Unix over cable modem). One needs a tightvnc-aware vncviewer to take advantage of this encoding.
TCP port issues: Notice the lines
18/07/2003 14:36:31 Autoprobing selected port 5900 PORT=5900in the output. 5900 is the default VNC listening port (just like 6000 is X11's default listening port). Had port 5900 been taken by some other application, x11vnc would have next tried 5901. That would mean the viewer command above should be changed to
vncviewer far-away.east:1.
You can force the port with the
"-rfbport NNNN" option
where NNNN is the desired port number.
If that port is already taken, x11vnc will exit immediately.
The "-N" option
will try to match the VNC display number to the X display.
(also see the "SunRay Gotcha" note below)
Options: x11vnc has (far too) many features that may be activated
via its command line options.
Useful options are, e.g., -scale to do server-side scaling,
and -rfbauth passwd-file to use VNC password protection
(the vncpasswd or storepasswd programs,
or the x11vnc -storepasswd option
can be used to create the password file).
Algorithm:
How does x11vnc do it? Rather brute-forcedly: it continuously polls the
X11 framebuffer for changes using XShmGetImage().
When changes are discovered, it instructs
libvncserver which rectangular regions of the framebuffer
have changed, and libvncserver compresses the changes and
sends them off to any connected VNC viewers. A number of applications
do similar things, such as x0rfbserver, krfb, x0vncserver, vino.
x11vnc uses a 32 x 32
pixel tile model (the desktop is decomposed into roughly 1000 such
tiles), where changed tiles are found by pseudo-randomly polling 1
pixel tall horizontal scanlines separated vertically by 32 pixels.
This is a surprisingly effective algorithm for finding changed regions.
For keyboard and mouse user input the XTEST extension is used to
pass the input events to the X server. To detect XBell "beeps" the
XKEYBOARD extension is used. If available, the XFIXES extension is
used to retrieve the current mouse cursor shape. Also, if available
the X DAMAGE extension is used to receive hints from the X server where
modified regions on the screen are. This greatly reduces the system load
when not much is changing on the screen and also improves how quickly
the screen is updated.
Barbershop mirrors effect: What if x11vnc is started up,
and vncviewer is then started up on the same machine and
displayed on the same display x11vnc is polling? One
might "accidentally" do this when first testing out the programs.
You get an interesting recursive/feedback effect where vncviewer images
keep popping up each one contained in the previous one and slightly
shifted a bit by the window manager decorations. There will be an
even more interesting effect if -scale is used.
Also, if the XKEYBOARD is supported and the XBell "beeps" once, you get
an infinite loop of beeps going off.
Although all of this is mildly exciting it is not much use: you will
normally run and display the viewer on a different machine!
You can run x11vnc on your (connected or disconnected) SunRay session. Here are some notes on SunRay usage with x11vnc.
-scrollcopyrect
and
-wireframe
speedups using the CopyRect VNC encoding and
other things, but they only speed up some activities, not all.
x11perf -getimage500, x11perf -putimage500, x11perf -shmput500
and for XFree86 displays with direct graphics access the
dga command (press "b" to run the benchmark
and then after a few seconds press "q" to quit).
Even this "dd if=/dev/fb0 of=/dev/null" often gives
a good estimate. We have seen a few cases where the
hardware fb read speed is greater than 65 MB/sec: on high
end graphics workstations from SGI and Sun, and also from
a Linux user using nvidia proprietary drivers for his
nvidia video card. Update 2008: thankfully, these
sped up drivers are becoming more common on Linux and *BSD
systems and that makes x11vnc run somewhat more quickly.
Option "ShadowFB" "true"
in the Device section of the /etc/X11/XF86Config
or /etc/X11/xorg.conf file.
Note that this disables 2D acceleration at
the physical display and so likely defeats the purpose.
Nevertheless this could be handy in some circumstances,
e.g. if the slower speed while sitting at the physical display
was acceptable (this seems to be true for most video cards
these days). Unfortunately it does not seem shadowfb can
be turned on and off dynamically...
Xvfb as
the X server, e.g.
"xinit $HOME/.xinitrc -- /usr/X11R6/bin/Xvfb :1 -screen 0 1024x768x16"
x11vnc can poll Xvfb efficiently via
main memory. It's not exactly clear why one would want to
do this instead of using vncserver/Xvnc,
(perhaps to take advantage of an x11vnc feature,
such as framebuffer scaling or built-in SSL encryption), but we mention
it because it may be of use for special purpose applications.
You may need to use the "-cc 4" option to force
Xvfb to use a TrueColor visual instead of DirectColor.
See also the description of the -create option that does all of this automatically for you.
Xdummy wrapper script).
See this FAQ for details.
-cursor X" and "-cursor some"
options, however,
for a partial hack for the root window, etc.).
However, on Solaris using the SUN_OVL overlay extension,
x11vnc can show the correct mouse cursor when the
-overlay option is also supplied.
A similar thing is done on IRIX as well when
-overlay is supplied.
XBell() "beeps" will work if the X server supports the
XKEYBOARD extension.
(Note that on Solaris XKEYBOARD is disabled by default. Passing
+kb to Xsun enables it).
-scrollcopyrect
option can give choppy or bunched up transient output and
occasionally painting errors.
-threads can expose some bugs/crashes in libvncserver.
Please feel free to contact me if you
have any questions, problems, or comments about x11vnc, etc.
Also, some people ask if they can make a donation, see
this link for that.
Q-2: I can't get x11vnc and/or libvncserver to compile.
Q-4: Help, I need to run x11vnc on Solaris 2.5.1 (or other old Unix/Linux) and it doesn't compile!
Q-5: Where can I get a precompiled x11vnc binary for my Operating System?
Q-7: How can I see all of x11vnc's command line options and documentation on how to use them?
Q-9: How can I get the GUI to run in the System Tray, or at least be a smaller, simpler icon?
Q-10: How can I get x11vnc to listen on a different port besides the default VNC port (5900)?
Q-11: My Firewall/Router doesn't allow VNC Viewers to connect to x11vnc.
Q-13: Can I make x11vnc more quiet and also go into the background after starting up?
Q-15: The Windows TightVNC 1.3.9 Viewer cannot connect to x11vnc.
Q-16: KDE's krdc VNC viewer cannot connect to x11vnc.
Q-24:
How do I figure out the window id to supply to the
-id windowid option?
Q-29: I'm having trouble using x11vnc with my Sun Ray session.
Q-30: How do I stop x11vnc once it is running in the background?
Q-31: Can I change settings in x11vnc without having to restart it? Can I remote control it?
Q-32: How do I create a VNC password for use with x11vnc?
Q-33:
Can I make it so -storepasswd doesn't show my password on the
screen?
Q-35: Can I have as many full-access and view-only passwords as I like?
Q-39: Can I limit which machines incoming VNC clients can connect from?
Q-40:
How do I build x11vnc/libvncserver with libwrap (tcp_wrappers) support?
Q-47: Can I have x11vnc automatically lock the screen when I disconnect the VNC viewer?
Q-51: Does x11vnc have built-in SSL tunneling?
Q-52: How do I use VNC Viewers with built-in SSL tunneling?
Q-55: Can I create and use my own SSL Certificate Authority (CA) with x11vnc?
Q-56: How can I run x11vnc as a "service" that is always available?
Q-58:
Can I run x11vnc out of inetd(8)?
How about xinetd(8)?
Q-61: Can I have x11vnc restart itself after it terminates?
Q-62: How do I make x11vnc work with the Java VNC viewer applet in a web browser?
Q-64: Can reverse connections be made to go through a Web or SOCKS proxy or SSH?
Q-66: How can I use x11vnc on "headless" machines? Why might I want to?
Q-68: How can I make x11vnc use less system resources?
Q-69: How can I make x11vnc use MORE system resources?
Q-72:
My OpenGL application shows no screen updates unless
I supply the -noxdamage option to x11vnc.
Q-79: In XFIXES mode, are there any hacks to handle cursor transparency ("alpha channel") exactly?
Q-83:
How can I get my AltGr and Shift modifiers
to work between keyboards for different languages?
Q-88:
The x11vnc -norepeat mode is in effect, but I still
get repeated keystrokes!!
Q-92: Running x11vnc on HP-UX I cannot type "#" I just get a "3" instead.
Q-93: Can I map a keystroke to a mouse button click on the remote machine?
Q-94: How can I get Caps_Lock to work between my VNC viewer and x11vnc?
Q-96: Does x11vnc support server-side framebuffer scaling? (E.g. to make the desktop smaller).
Q-105: Help! x11vnc and my KDE screensaver keep switching each other on and off every few seconds.
Q-107: Can I use x11vnc to view my VMWare session remotely?
Q-109: Can I export via VNC a Webcam or TV tuner framebuffer using x11vnc?
Q-112: Does x11vnc support Mac OS X Aqua/Quartz displays natively (i.e. no X11 involved)?
Q-115: Does the Clipboard/Selection get transferred between the vncviewer and the X display?
Q-117: Can I transfer files back and forth with x11vnc?
Q-118: Which UltraVNC extensions are supported?
Q-123:
Why don't I hear the "Beeps" in my X session (e.g. when typing tput bel
in an xterm)?
Q-124: Does x11vnc work with IPv6?
Q-125: Thanks for your program and for your help! Can I make a donation?
Q-1:
I can't get x11vnc to start up. It says "XOpenDisplay failed (null)"
or "Xlib: connection to ":0.0" refused by server Xlib: No protocol specified" and then
exits. What do I need to do?
For the former error, you need to specify the X display to connect to
(it also needs to be on the same machine the x11vnc process is to run on).
Set your DISPLAY environment variable (or use the
-display option) to specify it. Nearly always the correct
value will be ":0"
(in fact, x11vnc will now assume :0 if given no other information).
For the latter error, you need to set up the X11 permissions correctly.
To make sure X11 permissions are the problem do this simple test:
while sitting at the physical X display open a terminal window
(gnome-terminal, xterm, etc). You should be able to run
x11vnc successfully without any need for special steps or
command line options
in that terminal (i.e. just type "x11vnc"). If that works OK then you know X11 permissions are the
only thing preventing it from working when you try to start x11vnc
via, say, a remote shell.
How to Solve: See the xauth(1), Xsecurity(7),
and xhost(1) man pages or
this Howto
for much info on X11 permissions. For example, you may need to set your
XAUTHORITY environment variable (or use the
-auth option) to point
to the correct MIT-MAGIC-COOKIE file
(e.g. /home/joe/.Xauthority or
/var/gdm/:0.Xauth or /var/lib/kdm/A:0-crWk72K
or /tmp/.gdmzndVlR, etc, etc.), or simply be sure you run
x11vnc as the correct user (i.e. the user who is logged into the X
session you wish to view).
Note: The MIT cookie file contains the secret key that allows x11vnc to connect to the desired X display.
If, say, sshd has set XAUTHORITY
to point to a random file it has created for X forwarding that will
cause problems. (Under some circumstances even su(1)
and telnet(1) can set XAUTHORITY.
See also the gdm parameter NeverPlaceCookiesOnNFS
that sets XAUTHORITY to a random filename in /tmp
for the whole X session).
Running x11vnc as root is often not enough: you need to know where the MIT-MAGIC-COOKIE file for the desired X display is.
Example solution:
x11vnc -display :0 -auth /var/gdm/:0.Xauth(this is for the display manager gdm and requires root permission to read the gdm cookie file, see this faq for other display manager cookie file names).
Note as of Feb/2007 you can also try the
-find
option instead of "-display ..." and see if that
finds your display and Xauthority.
Less safe, but to avoid figuring out where the correct XAUTHORITY
file is, if the person sitting at the physical X session types
"xhost +localhost"
then one should be able to attach x11vnc to the session (from the
same machine). The person could then type "xhost -localhost"
after x11vnc has connected to go back to the default permissions.
Also, for some situations the "-users lurk=" option may soon be
of use (please read the documentation on the
-users option).
To test out your X11 permissions from a remote shell, set
DISPLAY and possibly XAUTHORITY (see your
shell's man page, bash(1), tcsh(1), on how to
set environment variables) and type xdpyinfo in the
same place you will be typing (or otherwise running) x11vnc. If
information is printed out about the X display (screen sizes, supported
extensions, color visuals info) that means the X11 permissions
are set up properly: xdpyinfo successfully connected to
DISPLAY! You could also type xclock
and make sure no errors are reported (a clock should appear on the X display,
press Ctrl-C to stop it). If these work, then typing "x11vnc"
in the same environment should also work.
Important: if you cannot get
your X11 permissions so that the xdpyinfo or
xclock tests work, x11vnc also will not
work (all of these X clients must be allowed to connect to the X
server to function properly).
Firewalls: Speaking of permissions, it should go without saying that the host-level firewall will need to be configured to allow connections in on a port. E.g. 5900 (default VNC port) or 22 (default SSH port for tunnelling VNC). Most systems these days have firewalls turned on by default, so you will actively have to do something to poke a hole in the firewall at the desired port number. See your system administration tool for Firewall settings (Yast, Firestarter, etc.).
Q-2: I can't get x11vnc and/or libvncserver to compile.
Make sure you have gcc (or other C compiler) and all of the required
libraries and the corresponding -dev/-devel packages
installed. These include Xorg/XFree86, libX11,
libjpeg, libz, libssl, ... and
don't forget the devs: libjpeg-dev, libssl-dev
...
The most common build problem that people encounter is that the necessary
X11 libraries are installed on their system however it does not have the
corresponding -dev/-devel packages installed. These dev packages include
C header files and build-time .so symlink. It is a shame
the current trend in distros is to not install the dev package by default
when the the library runtime package is installed... (it diminishes the
power of open source)
As of Nov/2006 here is a list of libraries that x11vnc usually likes to use:
libc.so libX11.so libXtst.so libXext.so libXfixes.so libXdamage.so libXinerama.so libXrandr.so libz.so libjpeg.so libpthread.so libssl.so libcrypto.so libcrypt.soalthough x11vnc will be pretty usable with the subset:
libc.so, libX11.so, libXtst.so,
libXext.so, libz.so, and libjpeg.so.
After running the libvncserver configure,
carefully examine the output and the messages in the config.log file
looking for missing components. For example, if the configure
output looks like:
checking how to run the C preprocessor... gcc -E checking for X... no checking for XkbSelectEvents in -lX11... no checking for XineramaQueryScreens in -lXinerama... no checking for XTestFakeKeyEvent in -lXtst... noor even worse:
checking for C compiler default output file name... configure: error: C compiler cannot create executables See `config.log' for more details.there is quite a bit wrong with the build environment. Hopefully simply adding
-dev packages and/or
gcc will fix it.
For Debian the list seems to be:
gcc make libc6-dev libjpeg62-dev libx11-dev libxext-dev libxrandr-dev libxtst-dev x-dev xlibs-static-dev zlib1g-dev libssl-devFor Redhat the list seems to be:
gcc make glibc-devel libjpeg-devel xorg-x11-devel or XFree86-devel zlib-devel openssl097aFor other distros or OS's the package names may not be the same but will look similar. Also, distros tend to rename packages as well so the above list may be out of date. So only use the above lists as hints for the package names that are needed.
Have a look at Misc. Build Problems for additional fixes.
Note: there is growing trend in Linux and other distros to slice up core X11 software into more and smaller packages. So be prepared for more headaches compiling software...
libssl:
One user pointed out that if you use a precompiled binary (either one
you downloaded or built on another machine) there is a chance it
won't work because that x11vnc binary requires libssl0.9.7
but the system only has libssl0.9.8 (which evidently is
incompatible with 0.9.7 and has a different SONAME). Your distro
should allow you do have both runtimes installed on your system:
% dpkg -l libssl0.9.7 libssl0.9.8
...
ii libssl0.9.7 0.9.7g-5ubuntu SSL shared libraries
ii libssl0.9.8 0.9.8a-7ubuntu SSL shared libraries
(in fact it should have installed both by default
if it knew what it was doing).
See here too.
Q-3: I just built x11vnc successfully, but when I use it my keystrokes and mouse button clicks are ignored (I am able to move the mouse though).
This is most likely due to you not having a working build environment
for the XTEST client library libXtst.so. The library is probably
present on your system, but the package installing the development
header file is missing.
If you were watching carefully while configure was running
you would have seen:
checking for XTestFakeKeyEvent in -lXtst... no
The solution is to add the necessary build environment package
(and the library package if that is missing too). On Debian
the build package is libxtst-dev.
Other distros/OS's may have it in another package.
x11vnc will build without support for this library (e.g. perhaps
one wants a view-only x11vnc on a stripped down or embedded
system...). And at runtime it will also continue to run even if the X server
it connects to does not support XTEST. In both cases it cannot inject
keystrokes or button clicks since XTEST is needed for that (it can
still move the mouse pointer using the X API XWarpPointer()).
You will see a warning message something like this at run time:
20/03/2005 22:33:09 WARNING: XTEST extension not available (either missing from 20/03/2005 22:33:09 display or client library libXtst missing at build time). 20/03/2005 22:33:09 MOST user input (pointer and keyboard) will be DISCARDED. 20/03/2005 22:33:09 If display does have XTEST, be sure to build x11vnc with 20/03/2005 22:33:09 a working libXtst build environment (e.g. libxtst-dev, 20/03/2005 22:33:09 or other packages). 20/03/2005 22:33:09 No XTEST extension, switching to -xwarppointer mode for 20/03/2005 22:33:09 pointer motion input.
Also, as of Nov/2006 there will be a configure build time
warning as well:
... checking for XFixesGetCursorImage in -lXfixes... yes checking for XDamageQueryExtension in -lXdamage... yes configure: WARNING: ========================================================================== A working build environment for the XTEST extension was not found (libXtst). An x11vnc built this way will be only barely usable. You will be able to move the mouse but not click or type. There can also be deadlocks if an application grabs the X server. It is recommended that you install the necessary development packages for XTEST (perhaps it is named something like libxtst-dev) and run configure again. ==========================================================================
Q-4: Help, I need to run x11vnc on Solaris 2.5.1 (or other old Unix/Linux) and it doesn't compile!
We apologize that x11vnc does not build cleanly on older versions of Solaris, Linux, etc.: very few users are on these old releases.
We have heard that since Dec/2004 a Solaris 2.6 built x11vnc
will run on Solaris Solaris 2.5 and 2.5.1 (since a workaround
for XConvertCase is provided).
In any event, here is a workaround for Solaris 2.5.1 (and perhaps earlier and perhaps non-Solaris):
First use the environment settings (CPPFLAGS,
LDFLAGS, etc.)
in the above Solaris build script
to run the configure command. That should succeed without
failure. Then you have to hand edit the autogenerated
rfb/rfbconfig.h file in the source tree, and just
before the last #endif
at the bottom of that file insert these workaround lines:
struct timeval _tmp_usleep_tv;
#define usleep(x) \
_tmp_usleep_tv.tv_sec = (x) / 1000000; \
_tmp_usleep_tv.tv_usec = (x) % 1000000; \
select(0, NULL, NULL, NULL, &_tmp_usleep_tv);
int gethostname(char *name, int namelen);
long random();
int srandom(unsigned int seed);
#undef LIBVNCSERVER_HAVE_LIBPTHREAD
#define SHUT_RDWR 2
typedef unsigned int in_addr_t;
#define snprintf(a, n, args...) sprintf((a), ## args)
Then run make with the Solaris build script environment,
everything should compile without problems, and the resulting
x11vnc binary should work OK.
If some non-x11vnc related programs fail (e.g. test programs) and
the x11vnc binary is not created try "make -k"
to have it keep going.
Similar sorts of kludges in rfb/rfbconfig.h
can be done on other older OS (Solaris, Linux, ...) releases.
Here are some notes for similar steps that need to be done to build on SunOS 4.x
Please let us know if you had to use the above workaround (and whether it worked or not). If there is enough demand we will try to push clean compilations back to earlier Solaris, Linux, etc, releases.
Q-5: Where can I get a precompiled x11vnc binary for my Operating System?
Hopefully the build steps above and FAQ provide enough info for a painless compile for most environments. Please report problems with the x11vnc configure, make, etc. on your system (if your system is known to compile other GNU packages successfully).
There are precompiled x11vnc binaries built by other groups that are available at the following locations:
Slackware: (.tgz) http://www.linuxpackages.net/
Redhat/Fedora: (.rpm) http://dag.wieers.com/packages/x11vnc/
http://dries.ulyssis.org/rpm/packages/x11vnc
SuSE: (.rpm) http://linux01.gwdg.de/~pbleser/
Gentoo: (info) http://gentoo-wiki.com/ and http://gentoo-portage.com/
FreeBSD: (.tbz) http://www.freebsd.org/
http://www.freshports.org/net/x11vnc
NetBSD: (src) http://pkgsrc.se/x11/x11vnc
Arch Linux: (.tgz) http://www.archlinux.org/
Nokia 770 (.deb) http://mike.saunby.googlepages.com/x11vncfornokia7702
Sharp Zaurus http://www.focv.com/
Debian: (.deb) http://packages.debian.org/x11vnc (N.B: often unmaintained; might be better to compile from source)
Solaris: (pkg) http://www.sunfreeware.com/ (N.B: very old; better to compile from source)
OpenBSD: (.tgz) http://www.openbsd.org/ (N.B: very old and unmaintained; better to compile from source)
If the above binaries don't work and building x11vnc on your OS fails (and all else fails!) you can try one of My Collection of x11vnc Binaries for various OS's and x11vnc releases.
As a general note, the x11vnc program is simple enough you don't
really need to install a package: the binary will in most cases work as
is and from any location (as long as your system libraries are not too
old, etc).
So, for Linux distributions that are not one of the above, the
x11vnc binary from the above packages has a good chance of working.
You can "install" it by just copying the x11vnc binary to the
desired directory in your PATH.
Tip on extracting files from a Debian package: extract the archive via
a command like: "ar x x11vnc_0.6-2_i386.deb" and then you
can find the binary in the resulting data.tar.gz tar file.
Also, rpm2cpio(1) is useful in extracting files from rpm packages.
If you use a standalone binary like this and also want x11vnc to serve up the Java VNC Viewer jar file
(either SSL enabled or regular one), then you will need to extract
the classes subdirectory from the source tarball and point x11vnc
to it via the -httpdir option.
E.g.:
x11vnc -httpdir /path/to/x11vnc-0.8.3/classes/ssl ...
Q-6: Where can I get a VNC Viewer binary (or source code) for the Operating System I will be viewing from?
To obtain VNC viewers for the viewing side (Windows, Mac OS, or Unix) try here:
Q-7: How can I see all of x11vnc's command lin