Raspberry Pis get a built-in remote access tool: Raspberry Pi Connect
- Thread starter JournalBot
- Start date
Thanks for this. RealVNC recently tightened up their licensing and the free license is not what it used to be. It used to be three users and five machines per account. Now it's one user and three machines. Not useful for sharing access.
Upvote
46
(46
/
0)
Interesting, I've been happy with a free Tailscale account for ages, but additional options are nice. This looks to be pretty seamless on newer RPis. For the less-technical users who are learning (y'know, the original target audience) this is perfect.
Upvote
34
(35
/
-1)
Upvote
66
(74
/
-8)
Why is this not supported on the rPi 3's? They support the 64-bit bookworm OS noted in the reqs.
Upvote
24
(24
/
0)
One of the first things I do on the RPi is uninstall RealVNC and install TigerVNC in its place. Of course, I already have dyndns and a client VPN set up so I'm good to go for remote access.
Last edited:
Upvote
58
(58
/
0)
I agree with you and the comment from "The Jester of darkness". I have TigerVNC installed on all my Pi's..there are other options for sure!
Upvote
23
(23
/
0)
Remote desktop via a third party (RPi foundation or RealVNC)? Gross. I cannot imagine giving that kind of access to anyone.
Upvote
58
(73
/
-15)
I, for one, see no possible way for remote access credentials to be taken in mass from a 3rd party website whom you provide your ip, username, and password to. No sir!
Upvote
54
(63
/
-9)
Sure but there's no "free for a limited time" noted for the supported units or option to pay a small subscription fee for support on the 3. In fact the article notes the opposite.
It looks like Wayland isn't supported on the 3. It might be possible to enable it with some config editing or might be enabled by default at some point in the future if things improve.
Upvote
18
(18
/
0)
i just configured this and now i can't connect via realvnc viewer locally. it immediately connects then drops the session
Upvote
2
(4
/
-2)
Well considering this is Wayland focused .. it makes sense I guess ?
Upvote
5
(7
/
-2)
Yes. That seems to be the technical explanation. This is tied to wayland and the rPi 3 waylad support isn't good enough yet to be enabled by default so it isn't supported. The way they phrased the message it does sound like they would be happy to support the rPi3 if wayland support improves to the point where that is used.
Upvote
18
(18
/
0)
Bookworm has gnome 43, which includes RDP via the "gnome-remote-desktop" package.
Cool feature, but not what I'd be using.
You can also self host with Guacamole.
Cool feature, but not what I'd be using.
You can also self host with Guacamole.
Upvote
9
(9
/
0)
I have to admit that the Pi4 shortages turned into a blessing. Now that 5 is readily available, I need to make time to grab one (or two) and start scheduling fun again.
Great article to get me over to Micro Center next weekend. Let's hope my credit card doesn't overheat with everything else I end up buying while I'm there!
Great article to get me over to Micro Center next weekend. Let's hope my credit card doesn't overheat with everything else I end up buying while I'm there!
Upvote
9
(10
/
-1)
I checked out Tailscale and I think it’s super well done, from a technical and from an ease of use point of view. But I don’t have great ideas to use it at the moment. I’ve been trying to come up with one.
I also don’t have great ideas to buy a Raspberry Pi at the moment but I keep trying to come up with one so I can play.
Huh. Wait a minute…
Upvote
4
(5
/
-1)
Pr
Serious question: I'm not familiar with TigerVNC. Does it have a "Cloud Connect" option like RealVNC. It's really the "Cloud Connect" option that the licensing restricts, not local connections. But I'm not super savvy about the security of port forwarding, so I'm leary of that option. I'm open to suggestions.
Upvote
2
(2
/
0)
Based on the comments so far, I'd say they're going to get more traffic from people using the information in the article than otherwise.
Upvote
1
(1
/
0)
You should always carefully consider poking holes in your firewall. But using a third party that your sevice reaches out to that you then also connect to is still poking a hole in your firewall (it's actually called hole punching). You're trusting that third party with access through your firewall, direct desktop access to your device, and access to anything that device has access to or that you do on that device. That's a shitload of trust I certainly don't have for anyone.
Upvote
28
(30
/
-2)
Kind of like Apple’s Back To My Mac from the old days. (Does that even exist anymore?)
I imagine I’m like most here who have a “no thanks” reaction to this from a security perspective, but I also know how to set up my own VPN and manage local DNS. For new entrants to the SBC/Linux world, this is great.
I imagine I’m like most here who have a “no thanks” reaction to this from a security perspective, but I also know how to set up my own VPN and manage local DNS. For new entrants to the SBC/Linux world, this is great.
Upvote
14
(14
/
0)
Right; you can have unlimited local connections. My simpleton’s view of port forwarding for a home network is basically “don’t, except for single route to your VPN server.” There’s just so much that can go wrong from a security perspective. If a flaw is found in VNC’s local auth, there will be automated port scanners looking to hijack your machine within hours of the disclosure.
Of course that’s true for VPNs, too, but I imagine that if a major Wireguard vuln is discovered, it’ll be all over the news very quickly, and also WG is a small attack service, very well-designed, and would be patched quickly because so much relies on it.
Another problem with opening ports is that you advertise the existence of a service at your IP, and an attacker knows to hammer away at it. One of the neat features of WG is that it just silently drops packets if the remote party doesn’t present an authorized key. Without holding a valid private key, it’s impossible to tell the difference between a failed handshake and a closed port/invalid IP.
Yes, NAT punching like the cloud access VNC offers has its own risks, but really they’re no different than any other web connection: once you’ve made an outbound connection to a server, your firewall lets related traffic back in (otherwise nothing would work).
Upvote
11
(11
/
0)
Wireguard is unique in that it never replies to incorrect connection attempts, to a port scanner it's identical to the port being closed.
Upvote
16
(16
/
0)
I am by no means an expert with Raspberry Pis/Linux ARM SBCs, but why would you need remote desktop access to your device?
The power of Linux ARM SBCs is that you can SSH into it or use service-specific WebUIs to get local services (NAS, Torrenting, Pi-hole, HTPC software etc.) running.
I am just curious if there are use cases that I am not fully aware of.
The power of Linux ARM SBCs is that you can SSH into it or use service-specific WebUIs to get local services (NAS, Torrenting, Pi-hole, HTPC software etc.) running.
I am just curious if there are use cases that I am not fully aware of.
Last edited:
Upvote
-7
(9
/
-16)
Remotely accessing the UI, it's supposed to be a learning tool and so very few users are going to CLI masters or likely know how to setup port forwarding for SSH (not that you can even do that much these days with so many ISPs going full carrier grade NAT).
Upvote
9
(10
/
-1)
Fair. Although I would argue it's best to avoid any sort of full remote access until you're comfortable with SBC/Linux. That's why I was asking about use cases; I would have thought people who are learning would be accessing via local network only, to get DIY NAS or a media server running.
Actual remote access is IMO (especially for learning) is better served by one of the free tiers of the major cloud providers where you can run a cutdown x86 instance on a minimal linux distribution.
I do think CLI is the way to go with something like a Raspberry Pi. There are distribution like DietPI, that allow for a gentle ramp-up curve and offer CLI tools that help automate common tasks; while also offering you the opportunity to learn "unsupervised" CLI linux once you are comfortable with the basics.
Upvote
-8
(4
/
-12)
Upvote
6
(10
/
-4)
RickRoyLeonPrisZhoraRacha
Ars Scholae Palatinae
Pardon, do you have dox on this setup for another to use TigerVNC? or point to a n00b source to setup?
Upvote
1
(2
/
-1)
Unless your Pi has an SSD I can only imagine this being ungodly slow. I mean, it's already horribly slow locally on the little box itself. When I briefly tried using the GUI on my Pi4 it took so long to launch Firefox I thought the thing had crashed.
Upvote
-9
(3
/
-12)
Yes but they've also announced they plan to do an IPO. Changing this from free to paid once investors are involved seems like the obvious path.
Upvote
2
(2
/
0)
Yes, why does this start like an ad for RealVNC?
Does it come preinstalled on Pis? I tend to use mine only through the command line and mostly never install the GUI so I never noticed.
Yea that's a feature in any recent gnome based desktop, works on x86 too.
Upvote
-1
(2
/
-3)
Upvote
8
(10
/
-2)
For some security models this is not a good solution but could become one if they release it as opensource thus allowing on-premises infrastructure deployment of this solution.
Upvote
-3
(0
/
-3)
This is true of any UDP service ports you open, it's something you can't just port scan like TCP. You will need to send valid application traffic and hope you get a response back. I did not know that WG goes a step further and just drops the connection without any error message, that's really neat. In the past, I've set up WG in cloud instances but locked it down to only allow connections from certain IP addresses... I guess that was unnecessary.
Upvote
2
(2
/
0)
Yes, RealVNC is installed in the official images, has been for the last 2 releases at least.
Upvote
2
(2
/
0)