GlobalProtect VPN with VNC

Permissions

Permission for remote VNC access via GlobalProtect is handled centrally. See below for details of your access profile.

Only VNC entries allow VNC access to the named servers.

VPN Account Details


Introduction

With GlobalProtect, you are no longer able to connect directly to your VNC server – instead you must tunnel your VNC session via our SSH gateway using OpenSSH.

Both Linux and the macOS come with OpenSSH pre-installed. On Windows 10 and newer, will need to install OpenSSH first.

You only need install the client, not the server1.

Full Guidance


Instructions

To connect to your allowed VNC servers with OpenSSH, open a terminal window on Linux or macOS, or a PowerShell window on Windows, then connect using the below.

ssh mylogin@sshgw.essex.ac.uk -N -L 2222:<vnchost>.essex.ac.uk:5900

(mylogin is your University user name [e.g jb22007] and vnchost is the VNC server you wish to connect to).

You will be prompted for your standard University password – after which it looks like nothing is happening.

You can now run your VNC client and connect to 127.0.0.1:2222 – this should then connect to the VNC server and allow you to login. When finished. You can close your VNC viewer and then close the terminal window in which you ran the ssh command – though this will eventually timeout if nothing is connected.

If you need to use this frequently, create a batch or cmd script on windows or a shell script on Linux or macOS.