Re: VNC not connecting over SSH tunnel

[Gary Dale <garydale@rogers.com>]

On 10/07/12 04:41 AM, Chris Davies wrote:
> Gary Dale<garydale@rogers.com>   wrote:
> > I can connect to every workstation in a remote office using:
> > ssh -L 5902:<remote workstation's local IP>:5900<remote router's
> > public IP>
> > xtightvncviewer -encodings "tight" localhost:5902
> > However, there is one workstation [...]
> > The ssh session also shows this message:
> >      channel 3: open failed: connect failed: No route to host
> > Indeed, I can't even ping it from the remote ssh server.
> > However, when I went to the office and tried to connect using my laptop,
> > connected into the local network, I was able to connect normally.
> > The ssh server is on the local subnet (a 192.168.x.x non-routable
> > network) as are the workstation I'm trying to connect to and the laptop
> > (when I plugged it into their network). The local forwarding would be
> > handled on the subnet so that if it worked for one station, shouldn't
> > it work for all?
>
> We have four devices to consider:
>
>      homepc              Your own system, outside the office
>      workpc              Your own system, inside the office
>      remote_router       The end-point for the primary ssh transport
>      remote_workstation  The target machine for the VNC session
>
> Homepc and workpc might be the same, but as they have different IP
> addresses I'll name them differently.
>
> At the risk of stating the obvious, I'm going to do it anyway:
>
>   *  There has to be a route between homepc and remote_workstation for
>      the ssh transport to succeed. This works
>
>   *  There has to be a route between workpc and remote_workstation for
>      the native VNC session to succeed. This works.
>
>   *  There has to be a route between remote_router and remote_workstation
>      for the VNC session to succeed. This doesn't work.
>
> The error "No route to host" is often triggered when the source has a
> route to the target but the target is not responding to the arp request.
>
> I initially suggested that there is a routing issue between remote_router
> and remote_workstation, and this was further evidenced by you not being
> able to ping remote_workstation from remote_router. You've then
> explained that the network topology is flat and that the remote_router
> and remote_workstation are on the same subnet.
>
> I can only suggest at this stage that you go back and re-check the IP
> address assigned to the "non-working" remote_workstation.
>
> Chris
Thanks again Chris. If I understand your model correctly, the 
"remote_router" is the ssh server and not the actual router that merely 
forwards port 22 to the ssh server. To put some numbers to the issue, as 
Joseph Loo requested:
homepc is 192.168.1.12
workpc (my laptop) is unknown - I'd have to revisit the office which not 
a short trip. It would be in the 192.168.1.x range.
remote_router is 192.168.1.18
remote_workstation is 192.168.1.20

The office router  (192.168.1.1) confirms the assignments (I connect to 
another remote workstation then log into the office router) as did 
opening a command prompt and running ipconfig on the remote_workstation 
the last time I was there.

I set up Windows 7 on 6 of the remote workstations and am not aware of 
doing anything differently on the non-accessible one.