Q: Which ports must be open für ScreenSharing?

Hi, Mark!

I've opened the port 5900, tried to connect to other Mac using vnc://192.168.1.2/ according to System Preferences - Sharing

   "(…) Other users can access your computer's screen at vnc://192.168.1.2/ (…)"

and received the same old error message.

What do I do wrong? :-(

Regards,

Vlad

Hi, rccharles!

What do you mean exactly with the servers?

Should I use one of this addresses instead of the one suggested by System Preferences - Sharing?

Thanks!

Vlad

Here is the error message I get:

It says something like :"Connection failed with 109.168.1.2. Please check that screensharing (in system preferences - sharing) is active on the computer you want to connect. Check also that your internet connection is working properly."

Apropos which address exactly: I've tried this combinations after CMD+K

1.- vnc://<address_from_system_prefs_sharing>/

2.- <address_from_system_prefs_sharing>

3.- vnc://<ip_address>/

4.- <ip_address>

and all of them also whitout /  at the end.

Nothing worked.

Hi, Camelot!

Thanks for the reply!

> Are all these hosts on the same local network?

No, not at all. I'm trying to connect to some Mac in another country right now.

> if these hosts are disparate (e.g. in different locations) then the 192.168.x.x address won't be valid.

> That's a local area network address that will never work over the internet.

I also supposed something like this. That's why I posted also exactly what I did after CMD+K.

> Your router translates this (via NAT) to a publicly-routable IP address provided by your ISP.

> It is this public address that the remote user would need to connect to

> (in addition to the router being configured to route incoming connections on port 5900 to the relevant host).

That's why I also tried with the "real" IP address (as seen from "outside"), in the format "vnc://ip_address/", "ip_address/" (that was completed with "smb://") and the same whitout the final /. But none of this attempts worked!

I am surprised because with my previous (DSL-)internet connection and OS X systems (Mavericks and older) I had no problems at all.

> Note that if you do configure your router to permit incoming connections, you're leaving yourself open to random users hitting your system,

> and VNC is not considered secure.

Thanks for this information, I didn't know this.

I have also opened a port in order to VPN to my company's server. This port is always opened as well :-(

> A better solution would be to implement a VPN which provides a secure connection between the remote locations -

> then you would be able to use the 192.168.x.x address since the VPN would make them seem like they are on the same network.

This seams very reasonable - but right now I an not even able to get a proper (and insecure ;-) VNC-connection working again! :-/

I would gladly consider to implement a VPN-solution (even when I'm not so sure HOW exactly to do this right now…) but I would like to solve first this annoying problem. I must be able to reach my mother's Mac Mini again (she is living in Romania, has no clue and need assistance - and I cannot deliver this anymore! :-((()

Thanks again!

Regards,

Vlad

Hi, Bob!

Thanks for the reply!

> Generally you do NOT need to configure your router for out-bound VNC connections to a remote system. 

> HOWEVER, the remote system needs to allow connections over port 5900 to the destination computer. 

> If that destination computer is not using a public IP address and is behind a router, then it will need that router to port forward port 5900 to the computer.

> But since you ONLY experienced this problem AFTER changing your home setup,

> I am assuming the remote destination system is already configured to work correctly.

That should be so, my mother didn't change anything for sure.

> The only reason I can imagine your "VDSL-router from Telekom" not allowing you to VNC out is if it has a Firewall feature that blocks most out-bound TCP connections, except for maybe port 80 (web servers), and the various ports for email. 

> This is a "Wild Guess".  I do NOT know anything about the "VDSL-router from Telekom", so I could be guessing totally wrong.

This is correct!

> Can you VNC to another computer in your home?   Or is that also being blocked?

I don't have right now any other computer in my home, but I did this previously, so yes, it is possible.

However, I wasn't able to connect to the very same computer after it wasn't in my network anymore.

> Is the remote destination computer a Mac with System Preferences -> Sharing -> Screen Sharing enabled?

Yes!

> Or is it a Windows or Unix/Linux system?

No, the 3 computer I tried are all Macs.

> Is it essential that you use VNC,

Not at all, I would use anything that is possible. I only used the OS X screensharing app before, that's the reason why I asked about it.

> or can you use something like TeamViewer.com (free for personal use).

As I said, I would use anything! The only constraint is my mother's Mac Mini: it's the first Mac Mini, Power PC, running 10.5.8

> Side note:  192.168.n.n, 10.n.n.n, and 172.16.n.n thru 172.31.n.n are non-routing IP addresses.  You can ONLY access system in your home LAN using them.  Your home router will NOT send any of these addresses to the public internet.  Which range of IP addresses are used on your home LAN is determined by your home router.

Aha! Thanks!

Regards,

Vlad

Hi, Robert!

Thanks for the reply!

> 1) I suggest you switch to a free screen sharing app.  It will do all the work for you.

> https://secure.logmein.com/

> or

> see BobHarris suggestion in the second to last paragraph.

Ok, I'll take a look at logmein and TeamViewer (I didn't use them before).

As I wrote in the answer to Bob, the only problem is the very old Mac Mini of my mother. I am curious if it's possible to install the client of logmein or TeamViewer on an old Mac like this.

> 2) What ip address were you using for your mother before? It should not have changed.

I don't know, because I didn't need it with the screensharing app. Unfortunately iChat is not supported anymore on her Mac, so now I need a substitute.

> If your mother has a dynamic ip address,

> You need one of these free servers...

> http://www.noip.com/free

> http://www.changeip.com/services/free-dynamic-dns/

> https://www.dnsdynamic.org/

I will, if she has a dynamic ip address.

> 3) You should use the ping command to see if you can reach your mother's computer still.

I will try, thanks! I totally forgot about it! :-/

> 4) Oh, skype allows you to view the screen of remote computers. You mother will have to click the correct button to enable.

There is a problem with Skype. Microsoft doesn't support Skype anymore for Macs with operating systems older than Snow Leopard. I've found a workaround but implies some work in Terminal, so this is something I have to do remotely… after connecting via VNC to her Mac Mini! :-)

So one after the other…

I will try the ping AND LogMeIn AND TeamViewer and report the results

Thanks again!

> Robert

Regards,

Vlad

Hello again!

Sorry for the delay, is not easy to co-ordinate with elder parents! ;-)

What have I done?

1.- My mother went to http://www.whatismyip.com and found out that she have the IP 109.100.181.55

2.- Armed with this information I went to the Terminal.app and ping-ed her. Here is the result:

Vlads-iMac:~ Vlad$ ping -c4 109.100.181.55

PING 109.100.181.55 (109.100.181.55): 56 data bytes

Request timeout for icmp_seq 0

Request timeout for icmp_seq 1

Request timeout for icmp_seq 2

--- 109.100.181.55 ping statistics ---

4 packets transmitted, 0 packets received, 100.0% packet loss

Vlads-iMac:~ Vlad$

3.- A little disappointed :-) I ping-ed google.com (see attached screenshot). It is still running…

Something is wrong here, but I'm not sure if only with my mother's Mac Mini :-/

What do you think?

Regards,

Vlad