Sunday, August 19, 2018

Install and Configure OpenVPN on Raspberry Pi

This is a supplement post on setting and configuring OpenVPN. However, we are going to configure OpenVPN on a Raspberry Pi.

Download and Install Raspbian OS

Download the latest Raspbian OS and burn the image to a SD card using the software Etcher. Once we booted up the Raspberry Pi, we can follow the wizard to set password, enable wifi and update the software. We can also choose to enable ssh and vnc using Raspberry Pi Configuration software. We can also run the configuration software from command line using raspi-config.

Install OpenVPN and Easy-Rsa

Once the system is updated, we can proceed to install OpenVPN using the command:

sudo apt-get install -y openvpn

The repository for Raspberry Pi do not have version 3 of easy-rsa. Version 3 of easy-rsa is more easier to use without the need to perform many configuration. To use Easy-RSA version 3, we can download the package from github at the location Next we can once we download and unzipped the software, we can copy the content to /etc/openvpn folder.

Preparing Easy-RSA Folder

In this section we will show how to prepare for Easy-RSA. First, go to Github site on Easy-RSA and download the latest package here.  

Next, we extract the archive to the Downloads folder. Then we make new directory using the command below:

# make a direcotry for easy-rsa
sudo mkdir /etc/openvpn/easy-rsa
cd /etc/openvpn/easy-rsa
sudo cp -rv <download folder of easy-rsa>/* ./

The rest of the configuration is the same as our post "Configuring OpenVPN on AWS EC2 (Update: Aug 2018)". Please proceed to follow with the rest of the configuration.

Configure Router

If you are placing the Raspberry Pi behind your router, we need to configure the router tp perform port forwarding on TCP 1194 to the Raspberry Pi. Please consult the manual of your particular router on performing port forwarding.

Testing and Troubleshooting

Listed below are some tips on troubleshooting OpenVPN:

Server Configuration

  1. Check if the server is running using systemctl command. 
  2. Use journalctl -xe to check for error message.
  3. Please note that every time we change something of the conf file, we MUST restart the service.
  4. We have to eliminate every error so that the server is up and running.
  5. Common error are location of the key file, so check the path carefully. As software getting updates and changes are made. The path of the key may not be the same.

Client Configuration

  1. Similarly, we must make sure that client configuration file is loaded without any issue.
  2. Common problem is the client could not find the location of the key.
  3. Eliminate each problem until the profile is loaded to the client software.

Connection Problem

  1. If both the server and client is running without error, but we still could not  establish connection. Then we need to troubleshoot from client to server. First make sure that the client do not have firewall. Or at least the firewall is disabled for troubleshooting.
  2. Next, check the router that is in front of the Raspberry Pi. Change the setting such that the router can response to ping. Also make sure that you got the correct public IP address of your router. If you can ping the router proceed to next step.
  3. For next step, we need to check if the port forwarding is done correctly. You can perform the same port forwarding for TCP port 22. This port is for ssh server. Try to connect to the Pi using ssh. If you can perform ssh to the Pi behind the firewall, then it confirm that the method of port forwarding is correct.
  4. Next, we need to check if the correct port number is used as per server and client configuration file. Also make sure the router is forwarding the correct port number.
  5. Please also make sure that the correct protocol (tcp or udp) is configure on the server and client. Also check if the router is forward the correct protocol.
  6. Finally, disable tls-auth first and try connecting. If connection is successful without tls-auth but connection failed when tls-auth is turn on, thwn we know that the problem lies with tls-auth. 
  7. Change tls-auth to tls-crypt. Also make sure that server got 0 and client got 1 in the configuration. 
  8. If tls is configured correctly, we can also make sure that we have download and use the correct key files. You can download them again. 

Client Firewall

  1. If you can make connection to the VPN server with client firewall down, but you could not make connection on client firewall; then the problem is with client firewall.
  2. Usually, client firewall do not have nay problem as usually we block incoming but allow outgoing. Please make sure that your client firewall allow the vpn port for outgoing tracffic.

Internet Problem

  1. If the connection is successful, but you could not browse the Internet; then the problem definitely lies with IP routing. 
  2. First make sure the script is running. Also make sure that we system reboot it will automatically run the script.
  3. If the script is running, check the IP routing command. For some system, they do not use eth0 as default, so we need to change the interface name to the correct one. 
  4. If you are using wifi, then you should replace eth0 with wlan0.

Please search the web or ask in the forum when all else failed.


Friday, August 17, 2018

Configuring OpenVPN on AWS EC2 (Update: Aug 2018)

Update Aug 2018

When we configure OpenVPN on AWS few months back, OpenVPN is still in the Amazon repo. However, if we start a new instances now, we would not be able to install OpenVPN. Therefore, we need to configure epel as additional repo and install OpenVPN from CentOS. Using epel repo, we managed to installed the latest version of OpenVPN (2.4.6).  Please note that the configuration is quite different. New OpenVPN uses systemd instead of chkconfig. 

If you are still using old AWS image or you are using old version of OpenVPN, this post is not for you. Please check out our older post  Configuring OpenVPN on AWS EC2.

This post is for those who are using the latest AWS AMI image and OpenVPN version 2.4.6.

Creating and Starting AWS Instance

We would not be going through the process of starting the instance. Please check out our previous post Configuring OpenVPN on AWS EC2. Alternatively, you can also checkout Amazon AWS tutorial on Launch a Linux Virtual Machine.

Connecting to Instance

In this section, we will be connecting to the server via ssh. First, we copy the key file to ssh folder:

cp ~/Downloads/myServerKey.pem ~/.ssh/

If there is no .ssh folder, use the home folder first. 

cp ~/Downloads/myServerKey.pem ~

Next, we need to change the permission:

chmod 400 myServerKey.pem

We connect to ssh with:

ssh -i ~/.ssh/myServerKey.pem
# (xxx refers to ip address from our instance summary)

Once the connection is successful, we have the following screen

Next, we would like to prepare the server for openvpn.

Installing OpenVPN and Preparation

Before we start installing openvpn, we need to update the system as follows:

# EC2 maintenance
sudo yum update -y

Next, try to install OpenVPN using the command below. 

# Install openvpn try 
sudo yum install openvpn -y
sudo yum install easy-rsa -y --enablerepo=epel

If it works, please skip the next section of configuring epel repo. Otherwise, please continue to configure epel repo.
To configure the latest epel repo using the following command:

# If we cannot install openvpn configure epel for centos 7
# we believe AMI it is base on centos 7
sudo yum install
Next, we would like to update the system first before installing openvpn and easy-rsa:

# After install epel perform system update and install openvpn
sudo yum update -y
sudo yum install openvpn -y
sudo yum install easy-rsa -y

Next, we would like to create a directory for easy-rsa under /etc/openvpn. This way any configuration will not be lost when there is an update. It is not advisable to store the configuration under /usr/share folder.

# make a direcotry for easy-rsa
sudo mkdir /etc/openvpn/easy-rsa
cd /etc/openvpn/easy-rsa
sudo cp -rv /usr/share/easy-rsa/3.0.3/* ./

Setup OpenVPN and Generate Keys

This section of setting up keys remains the same. To setup openvpn, first we initialize PKI and build the certificate authority:

# Build PKI and CA
sudo ./easyrsa init-pki
sudo ./easyrsa build-ca

Please note that we will be asked to create the password for the CA. It is advisable to create a good and long password.

Next, we will generate a Diffie-Hellman key. This is to provide forward secrecy.

sudo ./easyrsa gen-dh

Next we generate the vpn server certificate. Please create a good password for the server certificate. Please note that for the second command, it will prompt a signing password. We need to use CA PASSWORD FOR SIGNING.

# Generate server cert and signed
# Create a good server password
sudo ./easyrsa gen-req server
# When prompt, use CA password for signing
sudo ./easyrsa sign-req server server

Next, we generate client certificate. Similarly, create a good password for the client certificate. If we are generating the client certificate for family or friends; we may need to ask them to enter the passphrase. Similarly, use CA password for signing certificate.

# Generate client
sudo ./easyrsa gen-req client
sudo ./easyrsa sign-req client client

We can create as many client certificate according to our needs. The syntax of the command on creating client certificate is as follows:

sudo ./easyrsa gen-req <filename>
sudo ./easyrsa sig-req client <filename>

Note: We need to substitute <filename> with a name of our choice.

Finally for added security we add TLS security by generating a ta.key. This feature is to prevent DDOS attack.

# add TLS security
cd /etc/openvpn
sudo openvpn --genkey --secret ta.key

Copy Keys

We need to copy keys generated to client for connection. For that, we prefer to create a separate folder and park the necessary keys to the folder.

Please note that while preparing the key files, it is easier if we use operate as root.

# *********************************************
# Below is the step to copy key files to a folder for scp

sudo su
cd /etc/openvpn
mkdir keys
cp ta.key keys
cp /etc/openvpn/easy-rsa/pki/dh.pem keys
cp /etc/openvpn/easy-rsa/pki/ca.crt keys
cp /etc/openvpn/easy-rsa/pki/private/ca.key keys
cp /etc/openvpn/easy-rsa/pki/private/client.key keys
cp /etc/openvpn/easy-rsa/pki/issued/client.crt keys
cd keys
chmod 777 *

# ls to confirm
# exit from root
# ************************************************

Please note that all the keys and certificate are necessary for the client to use except one key. The key that are not required is ca.key. We copy this key for safe keeping offline since it is not necessary for the server to use this key.

Just a reminder, .crt files are public key and .key are private key. If we are working with multiple clients, then we can only give them the appropriate client private key. Clients can have all the crt files. ta.key are for extra security, similar to dh.pem.

# Below is instruction for local machine
# Copy from local machine
scp -i ~/.ssh/myServerKey.pem* ~/localpath/

Finally, we clean up the ca.key and change the permission to the more restrictive one.

# Must only do after ca.key is copied to local machine
sudo rm /etc/openvpn/easy-rsa/pki/private/ca.key
sudo rm /etc/openvpn/keys/ca.key
cd /etc/openvpn/keys
sudo chmod 600 *

Summary we only provide client with the follow:
  • ta.key
  • dh.pem
  • ca.crt
  • client.crt - must be the same certificate create for the user.
  • client.key - must be the same key create for the user.
On the client side, please also make sure that the key files are secured with permission a 400 or 600. Please also reminded to safe keep ca.key.

Setup OpenVPN Server Configuration

We can get a sample server configuration from the openvpn site. It is easier to copy the config file from the server.

IMPORTAT CHANGED: Please note that we no longer place the config file server.conf on /etc/openvpn. Instead we will be keeping under root folder /etc/openvpn/server. 

Use the following command to copy the sample:

cd /usr/share/doc/openvpn-2.4.6/sample/sample-config-files
sudo cp server.conf /etc/openvpn/server/

To configure the server file using the command

#### Configure server file
sudo nano /etc/openvpn/server/server.conf

Listed below are the configuration we use:

IMPORTANT CHANGED: Please note that for tls-auth no longer work. Please use tls-crypt instead.

We add 2 lines as shown below


The following are changes we made or setting we uncomment:

# We set the protocol to TCP as some firewall block UDP.
proto tcp

# SSL/TLS root certificate (ca), certificate
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/server.crt
key /etc/openvpn/easy-rsa/pki/private/server.key

# Diffie hellman parameters.
dh /etc/openvpn/easy-rsa/pki/dh.pem

push "redirect-gateway def1 bypass-dhcp"

push "dhcp-option DNS"
push "dhcp-option DNS"

# tls-auth no longer worked
# Please also provide full path of ta key
tls-crypt /etc/openvpn/ta.key 0 # This file is secret

# Enable compression on the VPN link and push the
compress lz4-v2
push "compress lz4-v2"

# You can uncomment this out on
# non-Windows systems.
user nobody
group nobody

# We need to command out the following
# This is for udp, to use tcp, this must be disabled.
#explicit-exit-notify 1

The follow are the defaults we use:

port 1194
dev tun
ifconfig-pool-persist ipp.txt
keepalive 10 120
cipher AES-256-CBC
status openvpn-status.log
verb 3

Start OpenVPN Server

IMPORTANT CHANGE: Please note that OpenVPN server start to use systemd for services.

To start openvpn use the command:

# Use the following command to start server
sudo systemctl start openvpn-server@server.service
# server.service: the name server is the name of .conf file
# If foo.conf is the config file command will be
# sudo systemctl start openvpn-server@foo.service

To check if the server is running use the command:

# Use the following command to check server status
sudo systemctl status -l openvpn-server@server.service
To start server on boot, use the command:

# Use the following command to enable server on boot
sudo systemctl enable openvpn-server@server.service
If error occurs, use the command to check for errors:
# If error occurs use the following command to check for error
journalctl -xe
We can also check for error log at /var/logs/messages

Configure IP Routing 

we also need to configure ip routing. Create a shell script file with the following command:

# Copy the section below on the script
# chkconfig: 345 99 10
echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward
sudo iptables -t nat -A POSTROUTING -s -o eth0 -j MASQUERADE
sudo iptables -t nat -A POSTROUTING -s -o eth0 -j MASQUERADE

Once the shell script is done, we need to change the permission of the file using the command below:
sudo chmod +x

Once the shell script is done, we can test the script using the command below:

sudo ./

To make the script run every reboot, we need to create a service. Use the step as follows:

Step 1: Create a service file using the command:

sudo nano /etc/systemd/system/iproute.service

Step 2: Copy the following section to the service file:

# Enter the following section on the file



Step 3: Use the following command to start and enable the service:

sudo systemctl start iproute.service
sudo systemctl status -l iproute.service
sudo systemctl enable iproute.service

Configuring Client

Before we start connecting the vpn session, we need to configure the client file. Copy the sample file from openvpn site.

We add the following line:


We need to made changes to the following:

# The hostname/IP and port of the server.
remote ip-address-my-server-1 1194

# Use tcp for vpn
proto tcp

# tls-auth no longer work
# tls-auth ta.key 1
tls-crypt ta.key 1

#Need to change if keys are in different location
ca ca.crt
cert client.crt
key client.key

The following are default:

dev tun
resolv-retry infinite
remote-cert-tls server
cipher AES-256-CBC
verb 3

For Mac OS X user, we recommend Tunnelblick. We can get their software at Please follow the site tutorial on how to use tunnelblick. But it is quite intuitive.

For Ubuntu (Debian class) or Red Hat class user,  we can install openvpn using yum or apt-get. After that we can launch the session using the command line

# To connect openvpn vis command line
sudo openvpn --config '/pathToClientConfigFile'

enter client password when asked.

Alternatively, we can also use network manager.

Connecting From Client and Troubleshooting

Now, we can start the session. To test connection, please ping If ping test is successful then we are good to go.

If client failed to make connection, first check the server log to see if openvpn is running. The most common error is the location of all the keys.

If server is running well with no error, but the client is still not able to connect; then disable tls-auth. Comment them out. Please note that tls-auth is is not working for some version of OpenVPN, use tls-crypt instead.

If server is running well with no error and client still failed to make connection, perhaps we should try to make connection in a public wifi. Try to make connection from different location to see if the problem lies with the firewall.

If connection is successful but we cannot use the browser, then we need to check the DNS settings and IP routing. Please check port forwarding is correct. Please also check if IP routing command is for the correct interface. Make sure eth0 or wlan0 is the correct interface name. Please remember to check the server configuration file.


Wednesday, August 15, 2018

Syntax Highlighting with Prism.JS on

To enable syntax highlighting using Prism.JS. Insert the following code at the end of the header of your Blogger theme.

<link href='' rel='stylesheet'/>

<script src='' type='text/javascript'/>

To include code in the blog, switch to html and insert the following code:

<pre class="lang-bash"><code>

#This is programming code for shell script


For other language we replace bash with c,  cpp, csharp, docker, javascript, swift, objectivec or python.

For more language code please refer to the end of the main page of Prism.JS.


Sunday, August 5, 2018

Install Fedora 28 on Mac Mini (late 2009)

This is a basic guide to install Fedora 28 on Mac Mini (late 2009) version.  This version is quite unstable as we received message that our boot image crash. Despite the error message, we manage to get Fedora to work. 

Preparing to Install Fedora 28

We prepare a Fedora USB driver, we can download the Fedora Media Writer App. Using this app, we can download Fedora and burn to the USB drive directly.

Installing Fedora 28

Bootup from USB using option (Alt) key. Then select Try Fedora 28. Once the live image is booted, we can use the disk app to remove any partition that we want to get rid of. Alternatively, we can do that during installation.

Click and run the app to install Fedora. The welcom screen is as follows:


Select the appropriate language, click Continue. You will be presented something similar to the following screen, except that the disk was not defined.

We can change the time zone and keyboard if we thin k the automated selection is wrong. Under System, click on Installation Destination to configure the drive.

Select the disk if you have more than one disk. Then select if you would want the system to configure the drive automatically for you. 

We select custom and click Done.

Due to the way Mac Mini was design, we need a few more partition. We need the following partition:

PartitionFile SystemDrive SpaceMount Point / Flag
sda1FAT16200MBFlag: boot, esp
sda4linux swap8GB/swap
sda5ext4rest of free space/

If you find defining partition is a hassle, you can allow the system to configure for you automatically. If you have not remove any unwanted partition, you will be ask to reclaim disk space. Click Done.

We will go back to this screen. Please note that as long as there is a red warnings words, we cannot proceed with the installation. Once we are ready, click Begin Installation.

The installation will proceed as shown above. Once it is completed, we can click Quit as shown below.

Reboot the system when ready.

Post Installation Configuration

During the first boot, we are given the chance to create user ID and even make connection to external storage services. We usually just create the user ID. We can start using Fedora when we have create the ID.

Update Fedora

Once we login to the system, the first thing is to update the system. Run the following command to update the system from a terminal:

sudo dnf update

Once the update is completed, reboot the system.

Enable Additional Repository 

We can enable additional repository from the Software app. Open the app as shown below.

Notice that There is a blue banner for us to enable additional repository. We can enabled that.

Next, we select Software Repositories from the drop down menu. We can enable or disable each repository.

Although RPM Fusion repository is included, but only Nvidia driver and Steam are available. We need to add the complete RPM fusion repositories using the command line. Run the following command:

sudo dnf install$(rpm -E %fedora).noarch.rpm$(rpm -E %fedora).noarch.rpm

Install Additional Software

Most of the software can be install via Software app. We need to download Chrome separately from Google site. Please note that Chromium and Chrome is different product. Chromium is the opens source web browser, Google Chrome is Google web browser that are tightly integrated with Google services.

Download the package that indicate 64bit Fedora.

Click Accept and Install. Once the software is downloaded, click Install as shown below.

We also install additional software via command line as below:

sudo dnf install -y vlc
sudo dnf install -y fuse-exfat exfat-utils

Final Note

Please note that we have no luck in installing any Broadcom wifi drivers. If wifi is a must please get another wifi adapter.


Saturday, August 4, 2018

Installing and Configuring Raspbian for Raspberry Pi

This is a simple guide on installing and configuring Raspbian for Raspberry Pi. Although Noobs is recommended for beginner, we find that downloading and transferring the image to SD card is much faster.

Installing Raspbian

First download the latest version Raspbian from Raspberry Pi website. To transfer the image to SD card, we need to unzip the file first. We also need to prepare a SD card with an adapter for card reader or USB drive.

Next we install and launch Etcher. This a free and open source tool to make bootable drive from Debian/Ubuntu based Linux. Select the image and drive and begin the transfer.

Once it is done, insert the SD card into Pi and boot the system. During first boot we have addition configuration such as setting password etc. Once the setup is completed, please run update as follows:

sudo apt-get update

Once the update is complete we are good to go. 

Configuring Raspbian

Raspbian is similar to other Linux distribution. In addition we can configure essential service such as ssh server and vnc server using the Raspberry Pi Configuration app. The app is located at Preference > Raspberry Pi Configuration as shown below:

Once the GUI interface is launch, select Interface.  We can enable camera, ssh or vnc.

Raspberry Pi has RealVNC installed, once we enabled VNC and we are good to go. For further configuration please refer to our post under server configuration. 

There are times that we need to reset Pi password or we need to perform audio configuration. We can perform that by launching from command line:

sudo raspi-config

A text based configuration box will appear as follows:

Forget Pi Password or Pi Password Not Accepted

To reset password select the first option, and you will be prompt to set a new password.

Reclaim Empty Space in SD Card

Raspbian image only uses lesss than 2GB of data. We can expand the os so that it could reclaim and use the remaining empty space in the SD card. To do that under Advanced Options, select the first option: Expand Filesystem.

Set Raspberry Pi Audio

If you have HDMI attached to the monitor, the audio will pass through HDMI by default. However, we can direct the audio to head phone jack user Advance Options > A4: Audio.

For configuration that are specific to Raspberry Pi, it is either in the GUI interface or the command line raspi-config.


Thursday, August 2, 2018

Install Linux Mint 19 on Mac Mini (late 2009)

This post is part of a series of installation guide to install Linux on Mac Mini (late 2009) version.  For other Linux distribution, please refer to the list at the bottom of this post.

Video and Wifi Driver

As we have mention in the main post, the video and wifi driver will be our main stumbling block. Based on our experience testing with various distribution, same driver can behave differently in different distribution. For Linux Mint, we find that third party driver will cause us more problem. The recommended Broadcom BCM4321 wifi driver does not work at all. We need to install another driver. If we install Nvidia display driver, the windows will not launch if we boot the system with monitor attached. The best solution is use the default nouveau video driver.

Preparing USB Boot Drive

Preparing USB boot drive is quite straight forward. Please be aware that for Linux Mint 19, there are problem with the original installation image (linuxmint-19-cinnamon-64bit). The installer will crash unless we disable network connection. The developer did not remove the original image, instead they introduce another version (linuxmint-19-cinnamon-64bit-v2). Please download version 2 of Linux Mint 19 instead of the original one. Preparing USB driver is the same as Ubuntu, download Etcher and burn to USB driver using this tool.

Booting Up Linux Mint from USB

To boot up from Mac, press option key (Alt for windows keyboard) when the Mac chimes during startup. The boot menu will show various boot drive. Select the USB drive.

Please note that if the OS hang during boot up, we might need to clear SMC or reset PRAM. Please search the web on the shortcut or check out our main post here. If SMC and PRAM has been reset and you still encounter problem, you might need to check the package or change USB driver.

Once the live image is loaded, we can proceed to install Linux Mint.

Installing Linux Mint 19

The first screen of the installation app is shown as below:

Select your language and click Continue.

Select the keyboard layout and click Continue.

Make sure third party software are check so that we can install other software such as vlc since the repository has been added. Click Continue.

Select Erase data and install Linux Mint and click Install Now. The system will present to us how the system will partition the drive. Basically Linux Mint need 2 partition. The first partition is about 500MB formatted with FAT32. It will mount /boot/efi with boot flag as boot, esp. The rest of the dis space is use to mount the root system. 

Click Continue. Next a map will appear.

The location map is used to set your time zone. Select your appropriate time zone and click Continue.

Enter user name and password. Click Continue. The system will proceed to install the software.

At the end, we should have the choice of keep testing the OS or reboot the system

Once Linux Mint is booted, you will be presented will a startup screen.

There are various option. The most important is to install update. Launch Update Manager.

Make sure updates are installed. Reboot the system if required.

Install Wifi Driver

As mention earlier, the driver recommended for us in Driver Manager is not good. Please make sure we do not install these driver.

The alternative driver works better in Linux Mint. Use the following command:

sudo apt-get install firmware-b43-installer b43-fwcutter

Once installation is completed, edit the file using the command:

sudo nano /etc/modprobe.d/blacklist.conf

Remove the line or commented the line: blacklist bcm43xx

Reboot the system. Now we are good to go.

For additional software installation, please use the app Software Manager.

Since third party repository are included, we can install gparted or vlc from the app.


Wednesday, August 1, 2018

Install and Configure RealVNC in Linux Ubuntu 18.04 LTS

RealVNC is a commercial company that sell VNC license for the enterprise market. However, the company allow home user to setup VNC server for personal use. The limitation is that you are only allow 5 connection. User must register an ID with the company. The configuration of your VNC will be stored on the company's server.

Since RealVNC is professionally produce, it is much better compare to the open source product in Linux. The main advantage is easy configuration although there are steps to install and start the server especially on Linux platform. We do not need to worry about ip address and port number. What the server and client required is our RealVNC ID which we have created. Unlike the default Vino server that comes with Ubuntu, RealVNC will start without user login. The system is created with security in mind. Encryption is done transparently without any intervention from user.

We will be showing a simple guide on how to install and Configure RealVNC Connect (server) in Ubuntu 18.04 LTS.

Setting up RealVNC Account

Goto watch the video and create an account starting with entering your email address. You need to verified your email address before everything is ready.

Download RealVNC Connect Server

Goto this site and choose Linux as the platform. Select DEB x64 and click to download.

The download folder should have the deb file as shown below:

Wayland Compatibility Issue

Unfortunately,  ReadVNC Connect (Service mode) is not supported in Ubuntu 18.04 LTS with Wayland enabled. We can still install RealVNC Connect in Ubuntu 18.04, however, we need to disable Wayland.

Before we disable Wayland, we need to switch to open source linux video driver instead of Nvidia third party driver. We can switch the driver by going to Software & Update app, select Additional Drivers and change to driver. Perform a reboot first before we continue.

After reboot, open a terminal and edit the file

sudo nano /etc/gdm3/custom.conf

Uncomment WaylandEnable=false. Save the file and reboot Ubuntu.

Install RealVNC Connect Server in Ubuntu 18.04

To install RealVNC Connect, double click on the downloaded file in the download folder. Ubuntu Software will take over the file, click Install to proceed with the installation.

 Once installation is completed, we should have the screen below.

Start VNC Server

To start RealVNC server, use the command below:

sudo systemctl start vncserver-x11-serviced.service

Setting Server Start on Boot

Next, we need to set the server such that the service will start on reboot. Use the following command:

sudo systemctl enable vncserver-x11-serviced.service

We should have the following response:

Created symlink /etc/systemd/system/ → /usr/lib/systemd/system/vncserver-x11-serviced.service.

Server Configuration

Once the server is started, a VNC icon will appear near the top right corner. Click on the icon and the following screen will appear.

The screen shows that it has not been configured. Click on the red X and the following screen will pop up.

Click Resolve on the lower right corner to resolve the license issue. The following screen appear.

Since we are using the home used license, we just need to sign in the RealVNC account. Click Next.

Enter the email address and the password. Once the email and password field is populated, we should be able to sign in. Click Sign In.

Once the sign in is successful, we need to set VNC password for every client to login. Please note that this is not the password of RealVNC account. This password is required when any other workstation need to connect this VNC server. Set and confirm the password. Click Next.

This box will present the server information including your RealVNC account information. Click Apply. Once it is completed, click Done

The server message will disappear.

On the main server page, there will be a green tick sign showing configuration is done.

Launching VNC Client

To launch VNC Client, we need to download RealVNC Viewer. RealVNC Viewer is available in Windows, Mac and Linux. Once we install the viewer, there will be no configuration required.

We just need to login our RealVNC account and the viewer will automatically populate the remote station.

We just need to launch the pre-configured remote station and enter the VNC server password we have are set.

Removing RealVNC

To uninstall the server, we need to use the following command:

apt-get purge realvnc-vnc-server 

Please note that to completely remove any related data please follow the advise on the following post.

We also need to remove the computer information on the RealVNC account. To do that, please login to RealVNC using your account. Under your login name, select Computer. In the computer page, it will contain the VNC server information which we previously setup. We can remove any remote workstation we want.

Installing RealVNC with Linux Mint

Installing RealVNC with Linux Mint is much easier. Please note that we only tested Linux Mint on Cinnamon, so we do not need to disable Wayland. However, if you install Linux Mint with Gnome, you might also need to disable Wayland.

Using Linux Mint with Cinnamon, installation process is straight forward. Configuration is also the same as above. The only caveat is that Nvidia driver is not recommend when using with RealVNC. This is because, during boot up, if no monitors are detected, the system will not start X window. RealVNC server will be running but it could not show desktop since no windows was started.

We would recommend to use the default nouveau driver. The system could boot up without monitor attached.

Installing RealVNC with Fedora

Please note that Fedora is also not compatible with RealVNC server. We need to disable Wayland. The location of the file is at /etc/gdm/custom.conf.

In addition, we need to remove tigervnc using the command below:

sudo dnf remove tigervnc-server-minimal

Download the rpm package such as VNC-Server-6.3.1-Linux-x64.rpm

Install the package as shown below:

Refer to the note on top to start and launch the services. Please also note that Fedora need to be run with monitor attached. RealVNC will not work well if Fedora was booted headless (with monitor connected).


Unable to Set License

If for some reason, you are not able to login your RealVNC account and configure the license, you can activate the license wizard using the command below:

sudo vnclicensewiz

You can also use the above command when you have difficulties in completing the wizard due to insufficient privilege. Once we login with our RealVNC ID and the wizard completed its configuration, the VNC service will be available.


For any further question, pease refer to the following post: