Orange Pi (and Raspberry Pi) are mini PCs cards that are very often used remotely without screen (neither keyboard nor mouse). In some cases, or if you start on Linux, you would like with a graphical access to the Linux desktop. In this tutorial we will learn how to install and configure a Virtual Network Computing (VNC) server on the Armbian distribution that is very well suited to Orange Pi.

Install the TightVNC server on Armbian

TightVNC (official project page) is a lightweight VNC server that runs on all Linux distributions as well as on Windows. Before installing it, it is best to update the system.

When finished, install TightVNC.

Create a VNC User

It is possible to connect to your Orange Pi or Raspberry Pi with your usual user but for security, it is better to add a dedicated user to this situation.

Change user to root (if not).

Add a new user to the system with the adduser command and answer questions (password, optional questions).

This user is given the right to use the sudo command (if you want to install new packages remotely).

Start the VNC server manually

Change user

Now we start the VNC server on port 1. On first launch, you will have to specify the password necessary to authenticate you from a client.

Know the settings of the active server

If you need to know the current settings of the active VNC server, run the following command

One can thus know on which port is returned the stream (-rfbport), the resolution of the generated image (-geometry) …

Stop a VNC server

To stop a VNC server, use the following command followed by the screen. 1 by default

Connect from a client

There are many VNC clients for all platforms (macOS, Windows, Linux …) and for smartphones (iOS, Android …). RealVNC (website) is available on all platforms (including mobile). It is free for personal use. If you prefer to stay in projects 100% Open Source and free, pledge of privacy, you can turn to UltraVNC (official page of the project).

Start your client and enter the IP address of your Orange PI (or any VNC server) followed by the port on which it is started. By default it will be 1. By default, the connection is not encrypted. It is not very annoying when you connect to a post on its own network but be careful if you access your office remotely because everything will transit in clear on the internet …

Accept the warning message.

You are now connected to your desktop.

Create a systemd service to start VNC automatically at startup

Let’s start by stopping the server running

We will create a new script that will run at startup like any other service.

Paste the content into the script. This script contains three commands: start, stop and restart the VNC server.

We make this script executable

We can now execute the commands proposed by this script manually like this

Now let’s add a script (Unit file) that will allow to manage VNC as a service with systemd.

And past this script

We restart systemd to take account of the new service. Then you start the VNC server using systemd

Now we have 4 commands to start, stop, re-start and know the status (status) of the VNC service.

Securing the VNC Server with an SSH Tunnel

We will now secure the connection by passing the connection through an SSH tunnel. Let’s go.

We start by stopping the service.

Then we open the configuration file

Modify the OPTIONS line by adding the -localhost option to the end like this

Save with CTRL+X then Y.

And finally we restart the VNC service.

Opening an SSH tunnel

To access securely, we must already create an SSH tunnel through which we will pass all the exchanges between the client and the VNC server. On Windows, you can use Putty, on MacOS or Linux, you will use the Terminal simply.

On Putty, in the left menu, go to Connection -> SSH -> Tunnels.

In the Add New Forwarded Port section, enter 5901 in the Source port field and localhost: 5901 as the Destination. Click the Add button to finish

On macOS or Linux, run the following command and enter your password.

Now, in your VNC client, replace the IP of the VNC server with localhost: 5901. Disregard the warning message, the connection is not secure between your computer and your computer! Everything that comes out (and goes back) now passes through the SSH tunnel.

Orange Pi Comparison Chart

• Install Home Assistant (HASS) on an Orange Pi running under Armbian
• IoT development based on Orange Pi, Arduino (Firmata), Nodejs, Blynk and Johnny-Five
• Blynk + Node.js + Johnny-Five: drive a Pan-Tilt PTZ SG90 kit on Orange Pi with an Arduino / Firmata
• Start programming with Node Js and Johnny-Five: IoT and robotics based on Arduino, Raspberry Pi, Orange Pi
• Orange Pi: test of the OPI.GPIO package for Node-Red (node-red-contrib-opi-gpio)
• Orange Pi (Armbian): replace the GPIO by an Arduino/Firmata, Node-RED and Johnny-Five