VNC Legacy Access

Coming Soon

Access legacy systems, KVM consoles and headless servers via VNC — directly from the browser.

Status: Code written and compiles. Currently in internal testing — not yet available in production builds.

Overview

VNC support in RedFox Bastion covers systems where RDP is unavailable: Linux desktops, BMC/iLO/iDRAC consoles, industrial equipment, and legacy applications. The Rust proxy speaks the RFB protocol and converts frames to WebSocket for browser rendering.

Features

RFB protocol support

Supports RFB 3.3 through 3.8. TightVNC, RealVNC, TigerVNC and libvncserver compatible. Automatic encoding negotiation (Tight, ZRLE, Hextile, Raw).

Clipboard

Bidirectional text clipboard between the browser and the remote VNC server.

Session recording

Full graphical recording with replay in the RedFox UI. Searchable by user, target and date.

Keyboard mapping

Configurable keyboard layout mapping. Send Ctrl+Alt+Del and other special key combinations via the toolbar.

Configuration

  1. Add a target — Navigate to Targets → Add Target, select "VNC" as the protocol, enter the hostname and port (default 5900).
  2. Assign credentials — VNC password from the credential vault or entered directly. RedFox handles VNC authentication (VNCAuth, TLS-VNC).
  3. Set policies — Configure session timeout, clipboard policy and recording preferences.
  4. Connect — Users click "Connect" from the target list. The VNC session opens in the browser.

Security considerations

  • VNC traffic between the proxy and target is optionally wrapped in TLS (VeNCrypt)
  • Browser-to-proxy connection always uses WSS (WebSocket over TLS)
  • VNC passwords are stored encrypted in the credential vault (AES-256-GCM)
  • All sessions are logged in the WORM audit trail
  • VNC is inherently less secure than SSH/RDP — use it only when no alternative exists

Need help configuring VNC access? Contact [email protected]. For pricing, reach out to [email protected].