Jeff, you say "CGNAT" a couple of times, but do you perhaps mean NAT hole punching? I could be wrong but I don't think CGNAT is related. Further, I think that the relay servers *do* forward all of the traffic, and the documentation is just trying to clarify that the Connect service doesn't see/retain the actual remote desktop traffic which is encrypted end-to-end with tunneled DTLS. This line you highlight: "In such cases, Raspberry Pi only retains the metadata required to operate Connect." doesn't seem to contradict this; it's only specifying what data is retained, not what data is transmitted. FWIW, I think this is fine, assuming they did their cryptography right a relay service like this is trustworthy (though it might be expensive to run.) If they aren't trying to NAT holepunch then they ought to add that. If they wanted to monetize it while still keeping community goodwill, I honestly think all they need to do is add a self-host option.
I meant that when the connection uses CG-NAT, then Connect would need to punch through that, though I worded it a bit funky. And in hindsight (I wrote this script late Sunday night, heh), I think the way I described the relay was a bit off (I think I had just read over the docs but was not relying on some older notes I had when I asked Pi about it a few weeks ago). Going to pin your comment as it adds that clarification nicely!
imho @@JeffGeerling meant to say STUN, also * Why let your poor dad use VNC not only is VNC's encryption lacking you show wireguard later on so know of way better ways, subnet for each station, etc. * Don't drive somewhere killing penguins to demonstrate poor connectivity - comeon iptables time
@@john__ I'm stuck with CGNAT but I have IPV6 and it's a fibre optic connection, but if I want a static ipv4 I'd need to pay extra, which is not really viable considering the internet price already.
Wait, "create a Raspberry Pi ID"? D: I get that it is kinda necessary for a relay service like RealVNC's but that sentence still made me die inside a little
Luckily it's not necessary for anything else-and the second anyone ever considers it necessary for anything that's not a connected web service, I'm out ;) Could you imagine having to have a Raspberry Pi ID to download Imager, or a Pi OS ISO? :D
I'm just getting flashbacks to when Windows started adding the option to log in with a Microsoft account, then slowly made it harder and harder to not use that
For exactly that reason did I create the vircon kernel module many years ago. to just get a simple virtual console, keyboard and mouse that can be forwarded by a simple libvnc tool. It didn't make the mainline kernel, but it made it into many virtualisation guests and micro distros.
I'm sure others have mentioned this, but Gnome 42 introduced RDP. You can install it using the "gnome-remote-desktop" package. Bookworm is on Gnome 43, which includes the prior package.
I am going to India for 3 months in just 2 days, and leaving my Pi 5 in the US, at my house. I was planning to just use SSH, since RealVNC was nearly impossible to work properly with. But Raspberry Pi Connect (and your video) saved the day at the last minute! Now, I just need to wait for my Alexa smart plug to arrive, so I can turn on my shut-down Pi manually, from my phone's Alexa app. Thank you, Jeff, and the Raspberry Pi Team!!
I am installing a headless Pi Allsky Camera at an observatory. I plan on using Pi Connect to manage it unless the school's router firewall blocks it. I am using rclone to upload images to Dropbox for public sharing of images. I think I am going to add a local Pi server with the Pi NVME SSD as a redundant backup in the observatory. Every night the camera takes a little over 1000 images. It takes a couple hours to upload to Dropbox. I really enjoy your videos and learn a lot from you. Thanks. I think next to you, I am probably Brentwood, Microcenter's best customer for Raspberry Pi's. I buy a Pi everytime I walk in the door. You can never have too many duct tape, zip ties or Pis.
Hehe but it was only text, and back then developers cared about bits and bytes, and wouldn't gobble up 1,000,000,000,000 of them with a single web page!
I once ssh'd into my server trough a, felt like, 2400 baud connection with lag galore from an airport terminal where the folks who had configured their paid wifi forgot to fully close it in unpaid login mode. Good enough to start BitchX and chat with the homies so i didn't complain. 😁
Relying on a third party to proxy administrative connections is totally unacceptable for any real sysadmin needs. You’re just begging for a horrific outage or worse, a shell compromise.
@@JeffGeerling indeed. I don’t begrudge you letting people know about this functionality, of course. I just wanted to emphasize that this approach has major downsides which make it only suitable for casual users. Have a great week!
I think if someone has a mission critical device/system/platform it has to have multiple ways to connect to. Even in the 'tailscale era' it's nice to have a backup plan if something goes wrong 😊
@@AlexandrShut multiple ways never includes relying on additional third parties beyond unavoidable ones. Good backups: Backup internet connection. Backup modem. Backup serial connection to another device. Backup cellular modem.
I've always hated RealVNC because its proprietary, I've long gotten over VNC in general and use SSH, Wireguard and XRDP/ FreeRDP. Debian + Gnome Wayland support RDP natively, its just a switch in the settings menu.
@nnthepirateI used to use that before xrdp and freerdp with mremoteng/remmina, it was fairly good but still proprietary. It sometimes used to mess up on the host side with X doing funny things like opening a new session for every connection but it was ok, definitely a lot better than vnc.
You know Jeff, you have the perfect last name. I mean if you simply replace one of the 'e' characters with an 'a' (as in "Gearling") it creates a word defined as "a junior engineering minion". So hopefully if/when you get to a spot where you can hire people to help you, this would be an appropriate title. Who knows, might even be a good monicker for your kids depending on technical aptitude.
Good luck asking for that and actually getting it... Raspberry went all commercial during Covid, expect everything we see from big players like HP, Dell ect... If it can be monetized, then for sure it will; the only question is how well disguised it'll be...
@@JeffGeerling And I need a healthy amount of this and tequila when I have to setup a keyboard from a german macbook running OpenSUSE so it will be somewhat usable with guacamole.
From my experience, it's not the easiest thing to setup, especially for someone with no previous experience with Apache/Tomcat. I never could manage to get OIDC auth working with it.
This is a nice idea, but there's a lot I don't like. Running through a third party server isn't ideal, but it being Pi proprietary is the bigger sin. It's especially vexing when (1) solutions like NoVNC already exist for VNC in a browser, (2) they already have to use WayVNC as a VNC server as you mentioned, so why not move to that and (3) we could be moving to more modern protocols (RDP isn't ideal, but has advantages; NoMachine supports Wayland (via GLCapture?), but the open source X2Go does not appear to yet). I'd have just loved to see some NoVNC contributions and something usable on any machine.
I agree in principle; however I think Raspberry Pi's goal with this service is to only serve a small niche market-people who bought Raspberry Pis, and want to be able to access them from any device, anywhere. It's not a service I think meant to compete with RealVNC or other more generalized solutions (open source or not), just a convenience for people who buy Pis.
I use Apache Guacamole for all my remote desktop needs. It's free, you can self host it, and it supports VNC and RDP (you can also enable file sharing really easily). It's also nice having all of my VNC/RDP servers listed in a single easy to manage interface (and you can setup user accounts with permissions so only certain users can access specified resources). I haven't found another remote desktop that is even nearly as good and free in the browser. Also VNC/RDP authentication is pretty awful so it's nice to have Apache Guacamole as a proxy because it has better security.
I'm living in a fully open source X11 world where x11vnc, tigervnc and kasmvnc are my go-to remote desktop apps. Many other things I also use such as sunshine also support Wayland, but if the cutting edge of Wayland remote desktop is closed-source software, it looks like i'll be sticking with X11 for a while.
Why you mean by "cutting edge" ? Both Wayfire and Wayvnc are open source and open source TigerVNC works fine as a client. Using noVNC as a frontend is also an option. Just because the Pi Foundation is promoting closed source software for some reason doesn't mean you have to use it.
@@povilasstaniulis9484 i'm super anti-closed-source so my comment is just kinda passive-aggressively complaining about the content of the video for no other reason. but i respect jeff geerling even though he uses mac so i criticize the software not the person
I think if you don't already use RealVNC or TigerVNC, the service is probably not going to move the needle for you; I still use WireGuard for my own needs.
@@crackedEgg It's worse for education. This is solely for Raspberry Pi where they can ultimately start to charge for "cloud connectivity" as a subscription service.
We thought about adding this shirt to the online store (working on relaunching it), but the expense for decent quality embroidery would make that a bit insane, cost-wise. But I would love to have a couple 80s/90s-vibe shirts that I could put up on RedShirtJeff.com (mostly so I could wear them myself lol).
RealVNC is working fine for me with the March 2024 raspios bookworm release with the Pi in Wayfire mode. They fixed it, at least as far as using RealVNC client to connect to a default Pi (not sure if other use cases might still have a problem)
I recently sold half my tech stock holdings due to all-time highs, leaving me with $400k. Should I invest in ETFs now or wait for a market correction considering potential inflation?
Remember when we just ssh’d into our systems with X11 forwarding enabled? Thank goodness for Wayland and progress. Actually, I did this with my Pi5 just the other day and it mostly “just worked.”
Waypipe works pretty well too, not as integrated in SSH as X11 forwarding would but it works well. Can even play video is in Firefox on another machine over WiFi and it's pretty smooth.
Looks like a decent replacement for RealVNC, although I'll be sticking with Mesh Central - still free but massively powerful and also does console and file transfer. Works cross platform too 👍
Kinda forgot about RealVNC after using NoMachine for a while, although never tested it with a Raspberry Pi before. Still this Raspberry Pi Connect looks very sleek and easy to use.
Being a security engineer IRL, not a fan of cloudification of this, free or not. If you're really in a situation where you want to have always-on connectivity to a remote Pi, you're probably a engineer/tinkerer type anyway, and then you'd probably have enough skill to set up your own VPN or mesh VPN (like ZeroTier or Tailscale) to handle the network traversal, and then setup whatever you like on top for the remote desktop part.
I think for many of us on this channel (you and me included), that holds true. I think this service is more geared towards a school that wants to give the students easy remote access (and might not have even an IT person on staff), or for beginners who just bought a Pi and want a way to get at it from elsewhere, and might not be comfortable with the command line. It has a place, and I see it as useful in that place. But most of the people who will comment on this video (myself included) are probably not the target audience.
Yea, video streaming is far far far superior to jpeg streaming. tightvnc is the best vnc, better then realvnc and tigervnc.. but they are all bad. vnc is bad. rustdesk (video), rdp (redraw), x2go (redraw) all better
I use RDP even between 2 linux machines. More work to install en configure but i like the overall performance of the connection compared to VNC. And i automatically have the option to use Windows devices without installing anything on those.
It would be great if they added in ssh2 for those of us who have headless clients too; so that we can keep all our clients in the same place for easy management.
I think it wouldn't be too much hassle for them to add a "pop On screen keyboard" button. it's a hacky workaround but a necessary one. also it may be possible to turn off animations on the desktop environment settings. you don't need animations anyways and I wonder why they even bothered to enable them by default to begin with, especially considering most of the clientele use these for.
I wish they had like GNOME RDP, I think it already supports a bunch of the things they want, better latency/low bandwidth support, and the GNOME 46 version also supports remote login screen.
I use pivpn to connect to a proxmox environment to control different VM's. It's way faster, but not the purpose of this video. It's good to see that the OS is getting more mature.
I dont know why more Cli users dont use screen. All your tty sessions stay up when you drop off and after you reconnect you can just attach to the session stack and keep working. You can even attach to the session stack from multiple places at once and all of them will get updates. All sessions can automatically be logged to independent files showing all characters typed, they have up to 9999 lines of scrollback, independent command histories, CnP between windows and various split window options.
I'd prefer it to work like syncthing with public relays and local endpoint ids that need to be manually added to list of known peers on each endpoint. This way with Ids held by central authority they can always switch to monetized access. Having relay software being public would let people host their own relays (reducing costs for RPi org) either for themselves or for rest of community to use.
I think I'm more inclined to run a netbird server which connects out to all of my pi's then connect to vnc over that - that way it has the opportunity to traverse without needing to go via another service, and give you far more features/access... That said, it's still a good 'simple' solution. (you could also use zerotier, nebula to another mesh-vpn, but yeah, would be pretty darn useful either way
This is the first time I've heard that real vnc doesn't work on the pi5 but I've used it for one or two month on my pi5 without any issue. Was it fixed shortly before I began to use real vnc? (I'm new to SBC's) I'm very confused right now...
Or ... or ... you could use X11 for literally its intended purpose -- if you can SSH to a machine you get a remote desktop. Anyone developing a VNC application for X11 has entirely missed the point of the last 40 years of Unix development.
My collecting of one of every generation of Pi is not just retail therapy, I rationalize it as supporting the pi foundation. The release of the firs pi was surreal already. But their product offering just got better and better. And for their low margins the keep up with demand pretty well. You can really just rely on them just keep on producing. So the scalpers will eventually lose. Pretty good track record so far.
Tailscale and Wireguard are a game changer for me. I still need a VNC/RDP but at least it's behind my router. I still hate setting up a OpenVPN.. HATE IT!
@@povilasstaniulis9484 I didnt mean to say it was hard, I meant to say that I hate it.. I have been using it in my AWS VPC's for years and just switched to tailscale and never looking back!
Bookworm is a real slouch on my Pi4 -- even moving the mouse quickly chews up CPU cycles on a fresh install. I've gone back to the older (non-Wayland) version and it is *much* faster.
4:32 Only 1M... We get accustomed to good things very quickly. I remember monitoring ptp towers and SCADA with RS-232, or several units with RS-485!!, BAUD rate 1200, phone-modem connections, remember the pih-roh-pih-roh-riiii ?
For me this only works after a user logged in to the pi with a monitor connected. Not very useful for a remote headless server. Have I missed something ?
Yep they have the light plan now but it is very limited. "Lite plans reduce you from three users on Home to one and five devices to three, with no perks like file transfer or remote printing" from arstechnica
Shame Pi Connect can’t run on a Raspberry Pi 3, I have a few of them which I use for light weigh things and don’t see a need to upgrade them to a Raspberry Pi 4 or 5. Guess I’ll just keep using Real VNC for them, I do like to keep as much software as I can as in-house as possible so would have been nice to use a first party VNC.
For someone with pretty rudimentary understanding of most of this linux/networking stuff, is this like SSH'ing into a headless pi, except you're going into the graphical environment of a big install? For someone who just does simple *very* simple console stuff over SSH and then uses a browser to fool around with Jupyter over my local network, would this be useful? Would this let me do the SSH/Jupyter level stuff when I'm visiting places far away?
Do you think you could have your dad make a video on how he uses PIs to monitor remote radio towers? I'd love to incorporate that into some of my equipment and would like to see a setup.
I think if both have IPv6 and IPv6 at Pi side allow incoming would give Peer 2 Peer. Question is do Pi Connect support IPv6? Many Remote Desktop software doesn't support IPv6 like AnyDesk, TeamViewer.
The first thing I do after installing any distro on any architecture is to disable Wayland. Maybe some day it or something else will replace X11, but not today. Maybe I'm stuck in the mud because I've been using X11 since it was in beta, but I think right now Wayland is not ready for prime time.
Does that connection work with Twingate? I don't have a VPN because my provider won't give me a public IPv4 address. But Twingate runs on a Pi in my home network and gives me full speed access to everything on my network. You can configure it down to only allow certain ports, too - it's a great tool!
But doesnt RealVNC just work on the pi5? granted file transfer isnt supported and you sometimes get warnings, but i dont remember ever switching from wayland to x11
So is it in any way useful for local connections, and does it do anything beyond wayvnc locally? This video is really light on details for those more common use cases
@@JeffGeerling so it isn't better than wayvnc? Kinda disappointing, considering how unresponsive even local vnc over Ethernet tends to be. I'm hoping KDEs krdp turns into something useful.
I actually asked about that on the Pi Forums-right now it looks like the answer to that is 'no', unfortunately. It may be possible but definitely not now in the beta. Would be neat if you could self-host a relay (and would save Raspberry Pi's own resources/bandwidth).
I'm a little confused - I use RealVNC Viewer with my RPi 4s and 5s which are running Bookworm and Wayland (wayvnc). I am using this locally on my LAN, so I'm not using RealVNC Connect. I will sometimes have VNC drop the initial connection, but I retry and then it works. I don't recall doing anything special to get it to work. What am I doing wrong/right?
Ive given up on raspberry pis with the price increase the benefits of using a mini pc at this point outway having to put a few more bucks anyway. By the time you get the RPI accessories the price will be really similar so id rather buy something that runs x86 and has more compatible at that point. The whole point of RPI was it was a small cheap alternative and its not that anymore for larger projects. Smaller projects yes its great but i am not really into electronics so its something i have given up on.
Well I've never used a raspberry pi or any DIY ARM device for that matter. But... Chrome remote access sounds better to me. It bypasses ANY network configuration as long as your device can reach the internet by implementing webRTC. And it uses RDP on windows and X11 on linux. Almost no delay at all, feels native, and connection is peer to peer.
Oh man, im really glad i never update stuff now, because the only way really have into my Pi is VNC, mostly from mobile stuff. I never encountered the problem with Bookworm because I never had it. This sucks.
I'm confused. I JUST set up a brand new PiOS on my Pi4 yesterday, did and update and upgrade to everything, and installed RealVNC and had no issues at all. Does the Raspberry Pi Imager not install the latest version of PiOS?
There are other VNC options still, they all work. This is just a handy way to let Raspberry Pi handle the complexity of the backend if you don't have a way to get at the VNC session remotely.
@@JeffGeerling I see. So RealVNC specifically doesn't work, but other options still exist. I actually never used the default VNC except to connect through LAN. Thanks for the explanation. Cheers.
Useful in an emergency, but too many gaps for long term use. Is there any MFA? Don't like the auto-login. I tend to use shell access for most things, and either Google Remote Desktop or Parsec for remote control (the latter not supporting Linux hosts yet).
I so much miss the days when remote desktop meant tiny update packets bc the the remote tool could watch for window updates at the lowest level. Now every remote tool is taking a picture of the screen and then sending as many compressed pictures as possible over the network (understandable with GPU rendering but still sucks). What used to be
Jeff, you say "CGNAT" a couple of times, but do you perhaps mean NAT hole punching? I could be wrong but I don't think CGNAT is related.
Further, I think that the relay servers *do* forward all of the traffic, and the documentation is just trying to clarify that the Connect service doesn't see/retain the actual remote desktop traffic which is encrypted end-to-end with tunneled DTLS. This line you highlight: "In such cases, Raspberry Pi only retains the metadata required to operate Connect." doesn't seem to contradict this; it's only specifying what data is retained, not what data is transmitted.
FWIW, I think this is fine, assuming they did their cryptography right a relay service like this is trustworthy (though it might be expensive to run.) If they aren't trying to NAT holepunch then they ought to add that. If they wanted to monetize it while still keeping community goodwill, I honestly think all they need to do is add a self-host option.
I meant that when the connection uses CG-NAT, then Connect would need to punch through that, though I worded it a bit funky.
And in hindsight (I wrote this script late Sunday night, heh), I think the way I described the relay was a bit off (I think I had just read over the docs but was not relying on some older notes I had when I asked Pi about it a few weeks ago).
Going to pin your comment as it adds that clarification nicely!
imho @@JeffGeerling meant to say STUN, also
* Why let your poor dad use VNC not only is VNC's encryption lacking you show wireguard later on so know of way better ways, subnet for each station, etc.
* Don't drive somewhere killing penguins to demonstrate poor connectivity - comeon iptables time
@@JeffGeerling Ahhhh, now I get what you meant. My condolences if you are stuck with CGNAT and no IPv6 with your mobile carrier, quite a pain!
@@john__ Definitely :D
@@john__ I'm stuck with CGNAT but I have IPV6 and it's a fibre optic connection, but if I want a static ipv4 I'd need to pay extra, which is not really viable considering the internet price already.
Whenever you say "Until next time, I'm Jeff Geerling" always makes me wonder if you'll decide to be someone else next time.
You never know...
Next time: Geer Jeffling.
Red Shirt Jeff can strike at any moment
Hmm... 🤔
Jane Geerling? Not that i would mind, but it would be the second UA-camr to pull that off from the selection i follow. 😅
Oh wow - that works really well ! And realvnc just emailed me to stay that I need to start paying for it. Thank you, Jeff 🙂
Wait, "create a Raspberry Pi ID"? D:
I get that it is kinda necessary for a relay service like RealVNC's but that sentence still made me die inside a little
Luckily it's not necessary for anything else-and the second anyone ever considers it necessary for anything that's not a connected web service, I'm out ;)
Could you imagine having to have a Raspberry Pi ID to download Imager, or a Pi OS ISO? :D
@@JeffGeerling >Could you imagine having to have a Raspberry Pi ID to download Imager, or a Pi OS ISO? :D
Sounds like something Broadcom would do :)
I'm just getting flashbacks to when Windows started adding the option to log in with a Microsoft account, then slowly made it harder and harder to not use that
@@RaduTek Heh, or netgate, most recently!
@@YonatanAvhar The amount of time humans have wasted getting around Microsoft's login nags...
For exactly that reason did I create the vircon kernel module many years ago. to just get a simple virtual console, keyboard and mouse that can be forwarded by a simple libvnc tool.
It didn't make the mainline kernel, but it made it into many virtualisation guests and micro distros.
I'm sure others have mentioned this, but Gnome 42 introduced RDP. You can install it using the "gnome-remote-desktop" package. Bookworm is on Gnome 43, which includes the prior package.
RDP is the best
I am going to India for 3 months in just 2 days, and leaving my Pi 5 in the US, at my house. I was planning to just use SSH, since RealVNC was nearly impossible to work properly with. But Raspberry Pi Connect (and your video) saved the day at the last minute! Now, I just need to wait for my Alexa smart plug to arrive, so I can turn on my shut-down Pi manually, from my phone's Alexa app.
Thank you, Jeff, and the Raspberry Pi Team!!
Thanks for the video Jeff!
I personally like NoMachine for connecting to all of my machines. It seems to work fine on my Pi5 and 4.
I am installing a headless Pi Allsky Camera at an observatory. I plan on using Pi Connect to manage it unless the school's router firewall blocks it. I am using rclone to upload images to Dropbox for public sharing of images. I think I am going to add a local Pi server with the Pi NVME SSD as a redundant backup in the observatory. Every night the camera takes a little over 1000 images. It takes a couple hours to upload to Dropbox.
I really enjoy your videos and learn a lot from you. Thanks. I think next to you, I am probably Brentwood, Microcenter's best customer for Raspberry Pi's. I buy a Pi everytime I walk in the door. You can never have too many duct tape, zip ties or Pis.
Patience...
I used to shell into systems using 9600 baud dial up...
Hehe but it was only text, and back then developers cared about bits and bytes, and wouldn't gobble up 1,000,000,000,000 of them with a single web page!
@@JeffGeerling A 1 Tb web page would be kind of impressive
@@CutoutClips DON'T GIVE THE WEB DEVS IDEAS!
I once ssh'd into my server trough a, felt like, 2400 baud connection with lag galore from an airport terminal where the folks who had configured their paid wifi forgot to fully close it in unpaid login mode.
Good enough to start BitchX and chat with the homies so i didn't complain. 😁
9600, luxury…
Relying on a third party to proxy administrative connections is totally unacceptable for any real sysadmin needs. You’re just begging for a horrific outage or worse, a shell compromise.
That's why I said if you're like you or me, you'll still have your own VPN, not rely on a service like this :)
@@JeffGeerling indeed. I don’t begrudge you letting people know about this functionality, of course. I just wanted to emphasize that this approach has major downsides which make it only suitable for casual users. Have a great week!
I think if someone has a mission critical device/system/platform it has to have multiple ways to connect to. Even in the 'tailscale era' it's nice to have a backup plan if something goes wrong 😊
Yeah. Tailscale is nice but I'm definitely busting out openvpn again if things go south with them
@@AlexandrShut multiple ways never includes relying on additional third parties beyond unavoidable ones. Good backups:
Backup internet connection.
Backup modem.
Backup serial connection to another device.
Backup cellular modem.
I've always hated RealVNC because its proprietary, I've long gotten over VNC in general and use SSH, Wireguard and XRDP/ FreeRDP. Debian + Gnome Wayland support RDP natively, its just a switch in the settings menu.
@nnthepirateI used to use that before xrdp and freerdp with mremoteng/remmina, it was fairly good but still proprietary. It sometimes used to mess up on the host side with X doing funny things like opening a new session for every connection but it was ok, definitely a lot better than vnc.
You know Jeff, you have the perfect last name. I mean if you simply replace one of the 'e' characters with an 'a' (as in "Gearling") it creates a word defined as "a junior engineering minion". So hopefully if/when you get to a spot where you can hire people to help you, this would be an appropriate title. Who knows, might even be a good monicker for your kids depending on technical aptitude.
Would be interesting to see a threat model on this service.
Good luck asking for that and actually getting it... Raspberry went all commercial during Covid, expect everything we see from big players like HP, Dell ect... If it can be monetized, then for sure it will; the only question is how well disguised it'll be...
The threat model is "yes".
I thought Watson moved to Redmond and became a doctor there or something.
Ultimately, once it became legal he married BoB.
He turned into an app crash logger, it was a good gig.
I think Watson moved to Ithica, and got really good at Jeopardy
"what should we call you?" "ishmael"
nice lol
Ha! You win the comment section for today, sir. I was wondering when someone would pick up on that :D
Why not use Guacamole? This way you are in full control and not reliant on the proxy service being in another country and increasing your latency.
I do enjoy the taste of mashed up avocados
@@JeffGeerling And I need a healthy amount of this and tequila when I have to setup a keyboard from a german macbook running OpenSUSE so it will be somewhat usable with guacamole.
@@JeffGeerling cute
From my experience, it's not the easiest thing to setup, especially for someone with no previous experience with Apache/Tomcat.
I never could manage to get OIDC auth working with it.
Tomcat is a nightmare
This is a nice idea, but there's a lot I don't like. Running through a third party server isn't ideal, but it being Pi proprietary is the bigger sin. It's especially vexing when (1) solutions like NoVNC already exist for VNC in a browser, (2) they already have to use WayVNC as a VNC server as you mentioned, so why not move to that and (3) we could be moving to more modern protocols (RDP isn't ideal, but has advantages; NoMachine supports Wayland (via GLCapture?), but the open source X2Go does not appear to yet).
I'd have just loved to see some NoVNC contributions and something usable on any machine.
I agree in principle; however I think Raspberry Pi's goal with this service is to only serve a small niche market-people who bought Raspberry Pis, and want to be able to access them from any device, anywhere. It's not a service I think meant to compete with RealVNC or other more generalized solutions (open source or not), just a convenience for people who buy Pis.
Does tigervnc not work with wayland? Also remote connection through a cloud based access is a no go for me
It does for me. I run TigerVNC from my OpenSuse Tumblweed laptop with no issues.
I use tigervnc. Have found no issues with anything
@@mikeburke7028 Ah cool thanks. then the only question remaining is; "is it available on the pi?". :)
TigerVNC works fine too
I believe it is, haven't tested on my Pi though.
I use Apache Guacamole for all my remote desktop needs. It's free, you can self host it, and it supports VNC and RDP (you can also enable file sharing really easily). It's also nice having all of my VNC/RDP servers listed in a single easy to manage interface (and you can setup user accounts with permissions so only certain users can access specified resources). I haven't found another remote desktop that is even nearly as good and free in the browser.
Also VNC/RDP authentication is pretty awful so it's nice to have Apache Guacamole as a proxy because it has better security.
I'm living in a fully open source X11 world where x11vnc, tigervnc and kasmvnc are my go-to remote desktop apps. Many other things I also use such as sunshine also support Wayland, but if the cutting edge of Wayland remote desktop is closed-source software, it looks like i'll be sticking with X11 for a while.
Why you mean by "cutting edge" ? Both Wayfire and Wayvnc are open source and open source TigerVNC works fine as a client. Using noVNC as a frontend is also an option.
Just because the Pi Foundation is promoting closed source software for some reason doesn't mean you have to use it.
@@povilasstaniulis9484 i'm super anti-closed-source so my comment is just kinda passive-aggressively complaining about the content of the video for no other reason. but i respect jeff geerling even though he uses mac so i criticize the software not the person
Learnt about this for the first time on Toms Hardware. No review yet. Oh and just spotted the Dalek behind you :-)
The last thing I want is my Pis accessible from the web and/or calling home with a unique id. I'll stick to tailscale.
I think if you don't already use RealVNC or TigerVNC, the service is probably not going to move the needle for you; I still use WireGuard for my own needs.
Remember that the last thing you want might be the first thing I want of course. Everyone has different use cases.
@@JeffGeerling i think he is more concerned about more nefarious possibilities with a remote control system baked in as default.
Its great for education
@@crackedEgg It's worse for education. This is solely for Raspberry Pi where they can ultimately start to charge for "cloud connectivity" as a subscription service.
Love the shirt! Real oldschool chic
We thought about adding this shirt to the online store (working on relaunching it), but the expense for decent quality embroidery would make that a bit insane, cost-wise. But I would love to have a couple 80s/90s-vibe shirts that I could put up on RedShirtJeff.com (mostly so I could wear them myself lol).
RealVNC is working fine for me with the March 2024 raspios bookworm release with the Pi in Wayfire mode. They fixed it, at least as far as using RealVNC client to connect to a default Pi (not sure if other use cases might still have a problem)
Financial planning, akin to navigation, requires knowing your destination. James Clark's guidance provides clarity in uncertain markets 🇺🇸
I recently sold half my tech stock holdings due to all-time highs, leaving me with $400k. Should I invest in ETFs now or wait for a market correction considering potential inflation?
Celebrating a $30k stock portfolio today from a $6k start. Investing wisely has given me time for family and future plans.
I will leave his info below this comment
ON TELEGRAM
@Clark325
Remember when we just ssh’d into our systems with X11 forwarding enabled? Thank goodness for Wayland and progress. Actually, I did this with my Pi5 just the other day and it mostly “just worked.”
sshed? I regretably remember doing it way less securely. :D
Waypipe works pretty well too, not as integrated in SSH as X11 forwarding would but it works well. Can even play video is in Firefox on another machine over WiFi and it's pretty smooth.
Thanks for the video Ishmael
Looks like a decent replacement for RealVNC, although I'll be sticking with Mesh Central - still free but massively powerful and also does console and file transfer. Works cross platform too 👍
Kinda forgot about RealVNC after using NoMachine for a while, although never tested it with a Raspberry Pi before. Still this Raspberry Pi Connect looks very sleek and easy to use.
No machine is life
Being a security engineer IRL, not a fan of cloudification of this, free or not. If you're really in a situation where you want to have always-on connectivity to a remote Pi, you're probably a engineer/tinkerer type anyway, and then you'd probably have enough skill to set up your own VPN or mesh VPN (like ZeroTier or Tailscale) to handle the network traversal, and then setup whatever you like on top for the remote desktop part.
I think for many of us on this channel (you and me included), that holds true. I think this service is more geared towards a school that wants to give the students easy remote access (and might not have even an IT person on staff), or for beginners who just bought a Pi and want a way to get at it from elsewhere, and might not be comfortable with the command line.
It has a place, and I see it as useful in that place. But most of the people who will comment on this video (myself included) are probably not the target audience.
I love RustDesk FWIW.
Yea, video streaming is far far far superior to jpeg streaming.
tightvnc is the best vnc, better then realvnc and tigervnc.. but they are all bad. vnc is bad.
rustdesk (video), rdp (redraw), x2go (redraw) all better
I use RDP even between 2 linux machines. More work to install en configure but i like the overall performance of the connection compared to VNC. And i automatically have the option to use Windows devices without installing anything on those.
oh wow, you whipped out an old mac-ism :) I remember watson!
It would be great if they added in ssh2 for those of us who have headless clients too; so that we can keep all our clients in the same place for easy management.
I think it wouldn't be too much hassle for them to add a "pop On screen keyboard" button. it's a hacky workaround but a necessary one.
also it may be possible to turn off animations on the desktop environment settings. you don't need animations anyways and I wonder why they even bothered to enable them by default to begin with, especially considering most of the clientele use these for.
I wish they had like GNOME RDP, I think it already supports a bunch of the things they want, better latency/low bandwidth support, and the GNOME 46 version also supports remote login screen.
I use pivpn to connect to a proxmox environment to control different VM's. It's way faster, but not the purpose of this video. It's good to see that the OS is getting more mature.
I dont know why more Cli users dont use screen. All your tty sessions stay up when you drop off and after you reconnect you can just attach to the session stack and keep working. You can even attach to the session stack from multiple places at once and all of them will get updates. All sessions can automatically be logged to independent files showing all characters typed, they have up to 9999 lines of scrollback, independent command histories, CnP between windows and various split window options.
Just install a MeshCentral docker instance and never look back. Best docker that I have!
I'd prefer it to work like syncthing with public relays and local endpoint ids that need to be manually added to list of known peers on each endpoint. This way with Ids held by central authority they can always switch to monetized access. Having relay software being public would let people host their own relays (reducing costs for RPi org) either for themselves or for rest of community to use.
I think I'm more inclined to run a netbird server which connects out to all of my pi's then connect to vnc over that - that way it has the opportunity to traverse without needing to go via another service, and give you far more features/access... That said, it's still a good 'simple' solution. (you could also use zerotier, nebula to another mesh-vpn, but yeah, would be pretty darn useful either way
Zerotier for the win. Specifically with a self hosted 'moon'. Works every time and has no issues with CgNat
This is the first time I've heard that real vnc doesn't work on the pi5 but I've used it for one or two month on my pi5 without any issue. Was it fixed shortly before I began to use real vnc? (I'm new to SBC's)
I'm very confused right now...
Or ... or ... you could use X11 for literally its intended purpose -- if you can SSH to a machine you get a remote desktop. Anyone developing a VNC application for X11 has entirely missed the point of the last 40 years of Unix development.
Best vpn experience that I’ve had was with KasmVNC, though no wayland support yet and only web interface (which is not a big issue honestly)
Interesting. I would use dwservice since it can work on windows, mac, and Linux. Still good for many people
Every 10 or so comments I'm seeing another new remote access tool I hadn't heard of. Interesting!
Interestingly, raspberry pi and realvnc (and arm) are headquartered in Cambridge.
I love using RealVnc
My collecting of one of every generation of Pi is not just retail therapy, I rationalize it as supporting the pi foundation.
The release of the firs pi was surreal already. But their product offering just got better and better.
And for their low margins the keep up with demand pretty well. You can really just rely on them just keep on producing. So the scalpers will eventually lose. Pretty good track record so far.
did they ever apologise for hiring a cop who shit-talked people on social media
Tailscale and Wireguard are a game changer for me. I still need a VNC/RDP but at least it's behind my router. I still hate setting up a OpenVPN.. HATE IT!
OpenVPN really ain't that hard to setup and has clients for pretty much everything.
@@povilasstaniulis9484 I didnt mean to say it was hard, I meant to say that I hate it.. I have been using it in my AWS VPC's for years and just switched to tailscale and never looking back!
Bookworm is a real slouch on my Pi4 -- even moving the mouse quickly chews up CPU cycles on a fresh install. I've gone back to the older (non-Wayland) version and it is *much* faster.
4:32 Only 1M... We get accustomed to good things very quickly.
I remember monitoring ptp towers and SCADA with RS-232, or several units with RS-485!!, BAUD rate 1200, phone-modem connections, remember the pih-roh-pih-roh-riiii ?
For me this only works after a user logged in to the pi with a monitor connected. Not very useful for a remote headless server. Have I missed something ?
RealVNC just sent out an email announcing the end of the free Home account for non commercial users.
Yep they have the light plan now but it is very limited. "Lite plans reduce you from three users on Home to one and five devices to three, with no perks like file transfer or remote printing" from arstechnica
Shame Pi Connect can’t run on a Raspberry Pi 3, I have a few of them which I use for light weigh things and don’t see a need to upgrade them to a Raspberry Pi 4 or 5. Guess I’ll just keep using Real VNC for them, I do like to keep as much software as I can as in-house as possible so would have been nice to use a first party VNC.
For someone with pretty rudimentary understanding of most of this linux/networking stuff, is this like SSH'ing into a headless pi, except you're going into the graphical environment of a big install? For someone who just does simple *very* simple console stuff over SSH and then uses a browser to fool around with Jupyter over my local network, would this be useful? Would this let me do the SSH/Jupyter level stuff when I'm visiting places far away?
I never used VNC (except for passthrough for xRDP one time), and never will. Moonlight + sunshine combo works way better in every occasion i had.
weird question, (I don't live in the US so I don't know) doesn't AT&T provide IPv6 to prevent CG-NAT limitations?
It does not seem that way.
@@JeffGeerling thank you for responding !!
A lot of folks don't like RealNC for a number of reasons, I'm glad to see it's no longer the "preferred" solution.
Do you think you could have your dad make a video on how he uses PIs to monitor remote radio towers? I'd love to incorporate that into some of my equipment and would like to see a setup.
I think if both have IPv6 and IPv6 at Pi side allow incoming would give Peer 2 Peer. Question is do Pi Connect support IPv6? Many Remote Desktop software doesn't support IPv6 like AnyDesk, TeamViewer.
I’ve honestly had better luck using xrdp instead of any of the vnc servers. Seems to be much faster, less lag, etc.
what about wayland
The first thing I do after installing any distro on any architecture is to disable Wayland. Maybe some day it or something else will replace X11, but not today. Maybe I'm stuck in the mud because I've been using X11 since it was in beta, but I think right now Wayland is not ready for prime time.
Does that connection work with Twingate? I don't have a VPN because my provider won't give me a public IPv4 address. But Twingate runs on a Pi in my home network and gives me full speed access to everything on my network. You can configure it down to only allow certain ports, too - it's a great tool!
I know you're typically a Raspberry Pi /Linux guy, but I'd be interested in hearing your thoughts about the new Arduino PLC modules.
Jerry what's that small keyboard called
But doesnt RealVNC just work on the pi5? granted file transfer isnt supported and you sometimes get warnings, but i dont remember ever switching from wayland to x11
Can you use Chrome Remote Desktop? I tend to use it more than TeamViewer while connecting to my Windows PC from Android.
So is it in any way useful for local connections, and does it do anything beyond wayvnc locally?
This video is really light on details for those more common use cases
It works locally, but no reason to use it if that's your only use case. It's handy for remote connections .
@@JeffGeerling so it isn't better than wayvnc? Kinda disappointing, considering how unresponsive even local vnc over Ethernet tends to be. I'm hoping KDEs krdp turns into something useful.
Can you setup your own relay server and configure to not use the pi relay server at all?
I actually asked about that on the Pi Forums-right now it looks like the answer to that is 'no', unfortunately. It may be possible but definitely not now in the beta. Would be neat if you could self-host a relay (and would save Raspberry Pi's own resources/bandwidth).
I'm a little confused - I use RealVNC Viewer with my RPi 4s and 5s which are running Bookworm and Wayland (wayvnc). I am using this locally on my LAN, so I'm not using RealVNC Connect. I will sometimes have VNC drop the initial connection, but I retry and then it works. I don't recall doing anything special to get it to work. What am I doing wrong/right?
Ive given up on raspberry pis with the price increase the benefits of using a mini pc at this point outway having to put a few more bucks anyway. By the time you get the RPI accessories the price will be really similar so id rather buy something that runs x86 and has more compatible at that point. The whole point of RPI was it was a small cheap alternative and its not that anymore for larger projects. Smaller projects yes its great but i am not really into electronics so its something i have given up on.
why don't just use tightvnc with novnc wrapping up to browser?
Well I've never used a raspberry pi or any DIY ARM device for that matter. But... Chrome remote access sounds better to me.
It bypasses ANY network configuration as long as your device can reach the internet by implementing webRTC.
And it uses RDP on windows and X11 on linux. Almost no delay at all, feels native, and connection is peer to peer.
How does PiKVM remote over a browser so well? Why can you take that feature and implement it for any Pi?
Oh man, im really glad i never update stuff now, because the only way really have into my Pi is VNC, mostly from mobile stuff. I never encountered the problem with Bookworm because I never had it. This sucks.
I'm confused. I JUST set up a brand new PiOS on my Pi4 yesterday, did and update and upgrade to everything, and installed RealVNC and had no issues at all. Does the Raspberry Pi Imager not install the latest version of PiOS?
Wasn't the point of X11 server to be able to log in from a remote terminal and get a desktop environment?
Is Wayland not similarly capable?
I don't use RealVNC on my PI but I do use XRDP.
Wonder if the Bookwork upgrade will still support it?
I don't understand, he says RealVNC doesn't work with Wayland but my Pi 5 is running Wayland and I can use Real VNC without any problems?
Kinda neat, reminds me of guacamole a little bit.
Jeff - does Pi Connect support audiio?
I am struggling with my Pi to get audio working
How do you not pass all of the traffic through the relay? If both clients are behind cgnat...
You do, the way I said it in the video's a bit off-see the top pinned comment :)
Sherlock? 😂 What an ancient reference
It's an older reference, sir, but it checks out!
I'm confused... so now VNC won't work without an account?
There are other VNC options still, they all work. This is just a handy way to let Raspberry Pi handle the complexity of the backend if you don't have a way to get at the VNC session remotely.
@@JeffGeerling I see. So RealVNC specifically doesn't work, but other options still exist. I actually never used the default VNC except to connect through LAN. Thanks for the explanation. Cheers.
Dr. Watson was an app on Windows 98.
Looks very similar to Cloudflare's browser VNC, although presumably it doesn't use Cloudflare's network...
Does xrdp work on wayland?
meshcentral, rustdesk work good too
So whis local or own server optional here?
Jeff, what’s that top looking cli utility?
Useful in an emergency, but too many gaps for long term use.
Is there any MFA? Don't like the auto-login. I tend to use shell access for most things, and either Google Remote Desktop or Parsec for remote control (the latter not supporting Linux hosts yet).
Raspberry Pi ID does support MFA (TOTP), but I don't know if there's any way to require it every time you access a device in a new session.
Why is a cloud service necessary to solve the realvnc wayland issue?
Many thanks Jeff
Is Pi-Connect secure/encrypted?
Yes; see their blog post with a few more details.
I so much miss the days when remote desktop meant tiny update packets bc the the remote tool could watch for window updates at the lowest level. Now every remote tool is taking a picture of the screen and then sending as many compressed pictures as possible over the network (understandable with GPU rendering but still sucks). What used to be
Couldn't they integrate a KVM in the hardware?
I think ZeroTier or TailScale SD-WAN solutions are better than VNC with centralized sever...
Is is possible to get sound passthrough with Raspberry Pi without having to pay?
What's wrong with ssh + X11 forwarding?