Chapters: 
Networking

Greetings… you have arrived at the Sacred Scroll of Remote GUI! πŸ˜„
Yes β€” if you want to see the full desktop environment of Camelot (not just individual X apps), then VNC or RDP is the way.

Here’s your overdue answer, polished and complete:

πŸ–₯️ CHOOSE YOUR PATH: VNC vs RDP

Option

Works Well On

Pros

Cons

VNC

Linux-to-Linux, Linux-to-Windows

Native to Linux, persistent sessions

Less performant

RDP

Windows-to-Linux, Linux-to-Windows

Smooth, better compression

Needs xrdp (Camelot), config

βœ… OPTION A: VNC (easiest if Camelot stays Linux)

1. Install a VNC server on Camelot 

sudo dnf install tigervnc-server

2. Set a VNC password 

vncpasswd
[CML] tux@camelot …/home/tux $ sudo dnf install tigervnc-server
Updating and loading repositories:
Fedora 42 - x86_64 - Updates           100% | 105.7 KiB/s |  26.5 KiB |  00m00s
Repositories loaded.
Package "tigervnc-server-1.15.0-10.fc42.x86_64" is already installed.
Nothing to do.
[CML] tux@camelot …/home/tux $ vncpasswd
Password: no
Verify:
Would you like to enter a view-only password (y/n)? y
Password: camelot
Verify:

3. Start a session 

vncserver :1
# This gives you DISPLAY=:1, port 5901
[CML] tux@camelot …/home/tux $ vncserver :1

WARNING: vncserver has been replaced by a systemd unit and is now considered deprecated and removed in upstream.
Please read /usr/share/doc/tigervnc/HOWTO.md for more information.

New 'camelot:1 (tux)' desktop is camelot:1

Creating default startup script /home/tux/.vnc/xstartup
Creating default config /home/tux/.vnc/config
Starting applications specified in /home/tux/.vnc/xstartup
Log file is /home/tux/.vnc/camelot:1.log

4. Connect from Frodo

Install a VNC client: 

sudo dnf install tigervnc
vncviewer 10.20.30.1:1

βœ… OPTION B: RDP (more Windows-friendly, even from Linux)

1. Install xrdp on Camelot 

sudo dnf install xrdp
sudo systemctl enable --now xrdp

2. Check it’s listening 

sudo ss -tulpn | grep xrdp
# Should show port 3389

3. Connect from Frodo

Install and run: 

sudo dnf install freerdp
xfreerdp /u:tux /v:10.20.30.1

From Windows? Use the built-in Remote Desktop Connection app: 

mstsc β†’ 10.20.30.1

✨ Bonus: Persistent VNC Sessions

Want to reconnect later exactly where you left off? VNC wins here β€” RDP sessions tend to reset unless you configure Xvnc as the backend.

🎬 For Watching Movies or Streaming

If the goal is to stream:

  • Just use VLC + network share from Frodo or Camelot.
  • Or set up KDE Connect, Samba, or even NFS.

πŸ§™β€β™‚οΈ

🎬 RDP with Xvnc backend β€” popcorn-safe edition 🍿

Yes, it’s totally doable β€” and even ideal for a clean remote desktop experience without interrupting the physical display. Here’s your fast-path setup on Camelot (assuming Fedora/RHEL-based):

βœ… STEP 1: Install xrdp and tigervnc-server 

sudo dnf install -y xrdp tigervnc-server

βœ… STEP 2: Enable and start the xrdp service 

sudo systemctl enable --now xrdp

Verify it's listening: 

sudo ss -tulpn | grep xrdp
# Should show :3389

βœ… STEP 3: Tell xrdp to use Xvnc (not Xorg)

Edit the session config: 

sudo nano /etc/xrdp/xrdp.ini

Look for this block: 

[xrdp1]
name=sesman-Xvnc
lib=libvnc.so
username=ask
password=ask
ip=127.0.0.1
port=-1

If it's already present, you're good β€” that's your VNC-based RDP backend.

You can force this to be the default or leave both options available at login.

βœ… STEP 4: Allow firewall (if needed) 

sudo firewall-cmd --add-port=3389/tcp --permanent
sudo firewall-cmd --reload

βœ… STEP 5: Test from Frodo or Windows

On Linux: 

xfreerdp /u:tux /v:10.20.30.1

On Windows:

Use Remote Desktop Connection (mstsc)

  • Target: 10.20.30.1
  • Username: tux (or yours)
  • Password: your user login

🟒 When using the sesman-Xvnc session, it creates a new desktop environment separate from the one on the console. Clean and isolated.

🧹 Optional: Tweak session startup

Edit your .xsession or .Xclients in ~ to specify a desktop: 

echo "exec startxfce4" > ~/.xsession
chmod +x ~/.xsession

You can substitute startkde, gnome-session, etc.

πŸ§™β€β™‚οΈ πŸ§™β€β™‚οΈ

Absolutely β€” here's your Camelot LAN Setup & Access Checklist πŸ›‘οΈπŸ–₯️
This includes all key steps for:

  • nmcli static IP configuration
  • firewalld rule handling
  • SELinux TCP permissions
  • ensuring GUI access (e.g., VLC over LAN)

βœ… Camelot LAN Gateway Checklist (10.20.30.1)

1. Verify and Name the Correct Ethernet Interface 

ip link show

Look for: 

enp3s0f3u2u2

2. Create Static LAN Connection 

sudo nmcli con add type ethernet \
  con-name camelot-clean \
  ifname enp3s0f3u2u2 \
  ipv4.method manual \
  ipv4.addresses 10.20.30.1/23

(Use the exact ifname you see in ip link show)

3. Bring Up the Connection 

sudo nmcli con up camelot-clean

Check: 

nmcli device status

βœ”οΈ enp3s0f3u2u2 should show connected to camelot-clean

4. Optional: Clean Up Old Connections 

nmcli con show | grep camelot
sudo nmcli con delete <uuid or name>

sudo nmcli con delete camelot-clean

5. SELinux: Allow TCP Server Access for User 

sudo setsebool -P selinuxuser_tcp_server on

🚫 Skip selinuxuser_use_x11 β€” not available on this system.

6. Optional: Check SELinux for New Denials

Only if things break again: 

sudo ausearch -m avc -ts recent | audit2allow -M mypol
sudo semodule -i mypol.pp

⚠️ Only if mypol.pp is created!

7. Firewall: Open TCP Ports (e.g., for VLC / VNC / SSH) 

# Allow access permanently
sudo firewall-cmd --permanent --zone=public --add-port=5900-5905/tcp   # VNC range
sudo firewall-cmd --permanent --zone=public --add-port=8080/tcp        # VLC stream
sudo firewall-cmd --permanent --zone=public --add-service=ssh

# Reload the firewall
sudo firewall-cmd --reload

Check open ports: 

sudo firewall-cmd --list-all

8. (Optional) GUI Access from LAN

  • Use x11vnc or vino on Camelot if you want RDP/VNC-like access.
  • Confirm the port is open and reachable from Frodo.

9. Confirm Connectivity

From Frodo: 

ping 10.20.30.1
ssh tux@10.20.30.1

A perfect plan. Here's your quick pre-tea checklist for a final clean xRDP test from Frodo β†’ Camelot with SELinux disabled:

βœ… 1. Temporarily Disable SELinux (non-reboot persistent) 

sudo setenforce 0

You can confirm: 

getenforce
# β†’ should print: Permissive

βœ… 2. Optional: Kill any leftover sessions on Camelot 

sudo loginctl list-sessions
# Find tux's session and:
sudo loginctl terminate-session <session-id>

Or restart xrdp services: 

sudo systemctl restart xrdp xrdp-sesman

βœ… 3. Minimal .Xclients for xrdp session sanity

If not already present: 

echo "exec startxfce4" > ~/.Xclients
chmod +x ~/.Xclients

Or replace startxfce4 with gnome-session, startkde, or even xterm if you're debugging.

βœ… 4. Now retry the RDP login from Frodo 

xfreerdp /v:10.20.30.1 /u:tux /cert:ignore

βœ… 5. Observe logs if crash recurs

On Camelot: 

journalctl -xe | tail -n 50

🍡 When your tea is done, you’ll know definitively if SELinux was the blocker.

If things go well, we can re-enable SELinux and write a tiny allow rule to fix the geoclue nonsense. If not... at least we’ve isolated the beast.

Enjoy your tea, traveler of Camelot.

Β 

Β 

Installation on ServerΒ 

with @xfce-desktop-environment 


  897  sudo dnf install tigervnc-server
  898  vncpasswd
  899  vncserver :1

  906  sudo firewall-cmd --add-port=5901/tcp --permanent
  907  sudo firewall-cmd --reload
  908  ping 10.20.30.1
  909  sudo firewall-cmd --list-ports
  
  910  vncserver :1
  911  sudo ss -tulpn | grep 5901
  912  cat ~/.vnc/camelot:1.log
  913  sudo dnf install -y @xfce-desktop-environment
  
  914  ll .vnc/
  915  vi .vnc/xstartup 
  916  cp .vnc/xstartup .vnc/xstartup-001
  917  vi .vnc/xstartup
  918  vncserver -kill :1

Β 

RDP
xVNC
πŸ§™β€β™‚οΈ