Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Automate reverse VNC connection using Vine Server Apps
If you provide tech support for your family, you know this frequently needs you to remotely control their Mac and fix their problems for them. You could use Screen Sharing or iChat but unfortunately your relative's computer is behind a firewall. How do you set this up beforehand so it's not painful to talk them through the screen sharing activation steps?

What follows is a simple double clickable method to handle this.

There are a variety of ways you can approach this problem: for example, iChat and Sharing preferences both have screen sharing options. In the case of my relatives, however, they all live behind NAT firewalls and even run old pre-screen sharing OSX versions, so setting up the needed tunnels or trying to port forward the inbound VNC connection on port 5900 through their firewall is a nightmare to do over the phone.

Instead I use the 'reverse connection' feature found in some VNC servers. I use Vine (formerly But even this is painful to talk through for a computer illiterate relative, so instead I created an AppleScript that activates it with just a double click.
  • Open AppleScript Editor.
  • Enter this command:
      do shell script "'/Applications/Vine' -connectHost"
    where is either your dynamic DNS domain name if you have one, or your IP address of your computer (not your relative's).
  • Save this as an application (not as a script).
You can then e-mail this to them.

On your computer start up a VNC client like Chicken of the VNC and then place it to listen mode. If you have a firewalling router on your network, make sure port 5500 is port fowarded to your machine.

When they double click the application you sent, their desktop will instantly appear on your computer. Nothing else for them to do.

Thus the only prior set up you have to do is a one-time install of Vine Server on their computer and also to leave your double clickable AppleScript on their desktop.

You can if you like add a slight amount of security by using the over oscvnc-sever command line options to add things like a password or to use a different port.

A nice feature of this too is it does not require them to run the VNC server all the time. They just need to click it when they need me, so those security measures are not really needed.

[crarko adds: I haven't tested this one.]
  • Currently 2.67 / 5
  You rated: 1 / 5 (6 votes cast)

Automate reverse VNC connection using Vine Server | 16 comments | Create New Account
Click here to return to the 'Automate reverse VNC connection using Vine Server' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Automate reverse VNC connection using Vine Sever
Authored by: daveywest on Dec 29, '10 07:49:06AM

Or you could just try out That thing will punch through any firewall.

[ Reply to This | # ]
Automate reverse VNC connection using Vine Sever
Authored by: tofergregg on Dec 29, '10 10:51:10AM

+1 on LogMeIn. I've set up about a billion VNC servers on Macs/PCs/Linux and also used Screen Sharing and Skype screen sharing, etc. LogMeIn is by far the most simple solution, and the free version works perfectly, with no fussing around with router port forwarding or making the other party do anything other than ensure they are connected to the Internet (and I understand that is not necessarily trivial, however...). </commercial>

[ Reply to This | # ]
Automate reverse VNC connection using Vine Sever
Authored by: SOX on Dec 30, '10 07:55:44AM

When I've used them in the past, they don't work with proxy setups or all firewalls. Moreover, setting up VNC yourself provides a more veratile solution. The example I gave was how to automate a fool-proof reverse connection. But sometimes you don't need to drill through firewalls. Sometimes you want to just connect to the machine when no one is there for some midnight software updates or installs, etc... For that you want to be able to VNC in directly or over an ssh tunnel. So you want a VNC like vineserver ready to run. The method above is the fail safe when firewalls mess things up.

Additionally The reason I don't like letmein or gotomymac and various schemes is that I don't running daemons that open ports to some third party. For example, a Nursing facility had a proxy system. Finally, I don't mind putting that stuff on the clueless relative's computer but I dont' want a "trusted" app that connects to the mothership on my computer. it seems like a giant security hole: even if you trust the company what happens when there is a direct attack on the port.

I also prefer a direct connection that works on a local network as well.

[ Reply to This | # ]
Automate reverse VNC connection using Vine Sever
Authored by: stottm on Dec 29, '10 08:09:38AM

I used to do something similar to remote control a Windows XP box. I had UltraVNC on the WinXP computer as well as PuTTY doing a reverse ssh tunnel. I then used the Mac's builtin VNC to connect to a local port that re-routed to the WinXP via the ssh tunnel. This is a lot of work, but entertaining to figure out...

Better to just download the Team Viewer app which is completely cross-platform, free for personal use, encrypted (AES-256), includes files transfer, and is about twice as fast as BackToMyMac or VNC. It works through firewalls and NAT routers.

Works on Windows, Mac, Linux, and even Mobile such as iPhone/iPad/Android!

[ Reply to This | # ]
Automate reverse VNC connection using Vine Sever
Authored by: karog on Dec 29, '10 09:13:14AM

I used to do the putty reverse ssh thing with my father. Now I have set up dd-wrt with vpn server on his router and vpn in bridged (tap). Then I am local on his lan and can do anything including VNC securely. He doesn't have to do anything as his VNC server is always running but only available on the LAN.

I use tomatousb myself and will update his router next time I am there as I fear remote router firmware update.

[ Reply to This | # ]
Automate reverse VNC connection using Vine Sever
Authored by: AaronAdams on Dec 29, '10 08:18:53AM

Let's be more accurate: NAT firewalls that don't support UPnP or NAT-PMP may prevent iChat screen sharing from working. For example, all AirPorts and Time Capsules can act as NAT firewalls, but iChat works just fine through them because they have NAT-PMP. So a NAT firewall doesn't necessarily preclude you from using iChat.

There are NAT firewalls that don't support NAT-PMP or UPnP. Mine is one of them, so instead, I have to use port triggering. Set up your firewall to trigger TCP ports 16384-16403, incoming and outgoing, and iChat screen sharing (as well as audio and video) work perfectly.

[ Reply to This | # ]
Automate reverse VNC connection using Vine Sever
Authored by: SOX on Dec 30, '10 08:03:58AM

Thanks but not very clear. Truthfully, I've always been somewhat mystified on this sort of unpnp stuff on firewalls. please explain. I dont' understand what it is trying to do.

port triggers and other firewall settings are usually a non-starter. First, in many case people can't access their modems or firewalls to set these up. (e.g. in a shared facility). Second, it's impossible to set these up remotely the first time! and third, trying to edit these remotely is perilous. you can easily make a change that prevents you from connecting back.

as for port triggers I've never had good luck with those. In the case of VNC or ssh inbound I don't even see how a port trigger would work. There is no outbound to trigger the port. For ichat there are some outbound connections to the status server and I had set these up for ichat's outbound connections you trigger the inbound port ranged and never got the expected inbound ones to work.

[ Reply to This | # ]
Automate reverse VNC connection using Vine Sever
Authored by: AaronAdams on Jan 04, '11 10:42:51AM

It's very clear: NAT routers with NAT-PMP or UPnP enable you to use iChat for screen sharing.

NAT-PMP and UPnP originate at the host and tell the firewall to listen for traffic on a specific port, and when that traffic arrives, forward it to the host. It's a dynamic way of opening ports as needed for specific services at the time they are used. Think of it as automated port forwarding.

Port triggers are a little different. Port triggers are configured at the firewall, and when a host behind the firewall sends outgoing traffic on a specific port, the firewall knows to listen for a response back on another specific port or port range and to forward that traffic back to the originating host.

I see that the article has been changed to attempt to negate my original point, but I want to state that reverse VNC via Vine Server isn't absolutely necessary behind all NAT firewalls, and that includes Apple's own AirPort base stations. iChat works fine through them.

There's nothing hard about configuring a firewall for NAT-PMP/UPnP if it supports it. Port triggering works exactly as I stated above when configured correctly. Both of these things can be done remotely and are hardly perilous if you're competent.

[ Reply to This | # ]
Automate reverse VNC connection using Vine Sever
Authored by: renaultssoftware on Dec 29, '10 10:32:46AM
Shouldn't it be Vine Server? Vine Sever sounds like cutting Tarzan off ;-) In other words, retitle the post please.

[ Reply to This | # ]
Automate reverse VNC connection using Vine Sever
Authored by: crarko on Jan 04, '11 01:40:41PM

Why yes; it should.

[ Reply to This | # ]
Automate reverse VNC connection using Vine Sever
Authored by: kenandles on Dec 29, '10 11:03:16AM

logmein has a free easy screen share

[ Reply to This | # ]
Automate reverse VNC connection using Vine Sever
Authored by: berserk on Dec 30, '10 12:42:31AM

5500 is the default PORT or I have to insert the option "-connectPort 5500" ?

[ Reply to This | # ]
Automate reverse VNC connection using Vine Sever
Authored by: RobK on Dec 31, '10 06:37:11AM

Remember using just VNC does not encrypt the connection. If you want encryption first set up a reverse SSH tunnel and then run the VNC server. You can do this with a script if you like.

Or just use a great free service like Teamviewer. I cannot recommend Teamviewer enough. Free for non commercial use.


I used to use reverse SSH tunnels and VNC for remote support but now I am just using teamviewer. It is a lot easier to set up.

[ Reply to This | # ]
Team viewer not free
Authored by: SOX on Dec 31, '10 12:30:41PM

The free version of Teamviewer does not allow remote control of the desktop. At least not in the latest version 6.

[ Reply to This | # ]
Team viewer not free
Authored by: RobK on Jan 02, '11 08:21:51PM

Teamviewer is free for non commercial use. And it does allow you to have complete remote control of the remote user's desktop. I know. I use it a couple of times a month to support friends and family with their Mac and PC problems.

In other words, it does allow you to provide free remote support for non-commercial use.

But it does not yet provide free unattended remote access for Macs. (It seems to provide this for PC's but I have not used it).

The original post describes a Script that the person who wants support runs. After the script it run, a person can provide remote support using VNC.

Teamviewer is very similar. The person who wants supports runs the free QuickSupport Module. After it is run, a person can provide remote support over a SECURE connection for free for non commercial use. Works great for Mac's and PC's (and now Linux boxes).

[ Reply to This | # ]
Automate reverse VNC connection using Vine Server
Authored by: ThomasDav on Mar 30, '12 08:16:44AM

Do you think there is a way to email both the Vine Server and the script so the person on the receiving end only has to click the shell script app? I tried to play around with it but do not know scripting language well enough to even hazard a guess. Ive searched for days on a way to customize the vine server itself, but no luck with my current skill set.
My Kingdom - or at least a reasonable fee - for a Single Click VNC Solution on Mac!

[ Reply to This | # ]