Connect to Debian v12=bookworm (WayVNC protocol)

[PizzaProgram]

Debian v12 (bookworm) has dropped RealVNC as default VNC server, and changed it to Wayland VNC (WayVNC).

Now all Raspberry Pi users are forced to install TigerVNC viewer on their desktops to be able to control their Linux machine from Windows + Mac.

Please add this feature, so millions of RPi (Debian) users can use UltraVNC in the near future to connect. Thank you very much in forward !

.

[RudiDeVos]

Looks like some special authentication is needed for it, need to setup test... gonna take some time

[PizzaProgram]

Many Thanks!

Maybe You could check, how it's done at TigerVNC Viewer?

I'm not sure which file is it exactly, but this one seems for me a good starting point: https://github.com/TigerVNC/tigervnc/blob/master/common/rfb/CConnection.cxx

It's also GPL license, so maybe copy-paste is OK too.

[RudiDeVos]

I need to pass on this one. It's not only authentication but also encryption based on keys. This is like the encryption plugin we have, different implemented. When it was only authentication it would be doable, sorry to complex to add a second encryption in vnc. Perhaps a nice student project to make a new plugin for UltraVNC.

[Neustradamus]

@RudiDeVos: Please do not close this ticket..

[RudiDeVos]

Thanks to Vladimir Vissoultchev extra AUthentication methods have beeb implemented in the viewer. bin test builds. Please provide feedback https://www.uvnc.eu/download/1440/vncviewer_1.4.4.0-dev.zip Extra Info WIP: RSA-AES authentication and encryption (#139)

• First cut of RSA-AES authentication and encryption
• Fix AESEAXPlugin threading issues
• Use separate DynBuffers for encoding and for decoding
• Copy previous content when resizing DynBuffer
• Remove CMAC and AES-EAX test vectors
• On auth user cancel raise QuiteException
• Allow multiple RestoreBuffer calls to gather enough incoming data
• On ReadExact decryption plugin might need several lookahead peeks on incoming data to fill encrypted buffer with enough data to be able decrypt a chunk of plaintext enough to fulfil requested size of data
• Repeat request is signalled by returning -1 from RestoreBuffer call
• Various m_pDSMPlugin->IsEnabled() checks are added alternative m_pPluginInterface check
• Stop using separate CSP context for client RSA key
• Reduce memcpy on RestoreBuffer
• Fix m_pPluginInterface availability check for RAW and Tight encoding
• Allow CMAC to depend on externally initialized cipher
• Add support for RSA-AES-256 security types
• Use constant-time array compare and refactor err handling
• Abstract client connection so RSAKEX can be reused for server-side impl
• Remove user/pass spurious size checks
• Add ClientConnectionRSAAES.cpp to vs2017 project
• Show server identity confirmation dialog
• Allow persisting server key fingerprint in options file
• Fix non-encrypted RA2ne/RA2ne_256 sub-types encrypt til end of handshake

eNCrypt authentication with TLS encrypted transport (#142)

• First cut VeNCrypt authentication with TLS encrypted transport
• Add ClientConnectionTLS.cpp to vs2017 project
• Cleanup includes
• Fix TLS 1.3 support
• Refactor member var names
• Show warning dialog for invalid server certificates in TLS sub-types
• Chain TLSVnc and X509Vnc sub-types to AuthVnc
• Allow persisting TLS certificate thumbprint in options file

[PizzaProgram]

This is extremely great news !! :+1:

I've just tested it, and it's almost perfect.

Even clipboard functions are working in some cases.

While probing, encountered only 5 tiny things that could be improved later:

1. Saving the connection and trying to re-open it with uvnc does not work, it is freezing immediately.
2. Username does not get saved
3. Password saving does not work. password=0000000000000000
4. Certificate warning always appears, not even if it gets imported to the hosts certs, can not be set to 'trust always'.
5. Clicking the tiny rectangle left from the IP on the toolbar makes the app crash.

Just an idea:

If the saving of user+pass makes it difficult to distuiguish from normal .vnc files, maybe saving these kind of connection as *.uvnc could help.

Once again :

• Thank you very very much for this quick and great work!

[wqweto]

4. Certificate warning always appears, not even if it gets imported to the hosts certs, can not be set to 'trust always'.

This is because wayvnc always uses X509Plain sub-type for vencrypt authentication in which client is required to always check for valid server certificate so uvnc does not provide easy option to skip this warning dialog.

It is possible to silence the warning by manually editing the .vnc file so you can to add thumbprint section like this

[thumbprint]
172.17.17.159:5900=b3-7d-4d-a2-7c-68-15-8b-e6-df-8a-d0-66-02-2d-ff-58-f8-40-51

The entries format is server:port=hex-thumb-print where you can obtain the certificate's thumbprint for your server from View Certificate button, there is Details tab the last entry is the certificate's thumbprint in hex:

Copy/paste and add dashes between each two symbols.

[PizzaProgram]

Why is the link broken? https://www.uvnc.eu/download/1440/vncviewer_1.4.4.0-dev.zip

Is is possible to link a new release to the official page? https://uvnc.com/downloads/ultravnc.html

IMHO with this update you can easily set a new 1.5.x version like: 1.5.0.20240214

[Neustradamus]

@PizzaProgram: The link was not official, only a dev test...

[RudiDeVos]

Directory listing is on that folder.(...1440/) It's used internal to pass files.. You can use them only for testing , 1.5.x is on the way but we still need to make other changes.

[PizzaProgram]

Hi, Is there any release date of 1.4.4+ version? The 1.4.3.6 was released on 2023.october = half year ago.

Since an other +2 month has just passed, I do not think it is necessary to wait an other 4-5 month for the 1.5 to be ready any more. Even if 1.4.4 is just a beta, with this new WayVNC protocol it is much better than the 1.4.3 publicly available!

Please put it out for public download! (or the 1.5 beta.)

PS: Raspberry released an update for the WayVNC protocol available for upgrade. (And a new kernel too.) I'll test how much more it's stable. The old one froze sometimes so badly I could not refresh the page, saw only the last image of the screen, could not interact.

[RudiDeVos]

1.5.0.0 development released on request. https://uvnc.com/downloads/ultravnc/160-ultravnc-1-5-0-0-development.html

[PizzaProgram]

Thank you very much! :1st_place_medal:

Funny that You have forgot to mention this achievement in the change log.

You may add this last line under 1.4.4.0: Able to connect to Debian v12=bookworm (by WayVNC protocol) #133