x11vnc
x11vnc is a free and open-source VNC (Virtual Network Computing) server that enables remote viewing and interaction with existing, real X11 display sessions on Unix-like operating systems, corresponding to physical monitors, keyboards, and mice, using any compatible VNC viewer.[1] Developed initially by Karl J. Runge starting in 2002, x11vnc functions as the Unix/X11 equivalent to WinVNC for Windows, allowing users to share and control a live desktop environment without requiring a separate virtual session.[1] After Runge's final release (version 0.9.13) around 2010, the project transitioned to community maintenance under the LibVNC umbrella, with subsequent community releases, the latest being version 0.9.17 as of May 2025.[1][2] It is licensed under the GNU General Public License version 2 or later, with an exception permitting linkage to the OpenSSL library.[3] Among its notable features, x11vnc supports robust security options including built-in SSL/TLS encryption, 2048-bit RSA authentication, VeNCrypt protocol integration, and UNIX account/password logins to protect remote connections.[1] It offers practical enhancements such as server-side scaling for varying client resolutions, single-port HTTPS/HTTP tunneling for VNC traffic, IPv6 compatibility, and file transfer capabilities compatible with TightVNC and UltraVNC viewers.[1] Additionally, x11vnc extends usability to diverse environments, including Mac OS X (Aqua/Quartz), embedded Linux systems, and non-X devices like webcams or TV tuners, while advertising services via Zeroconf for easier discovery.[1] As of 2025, the project remains available through major Linux distributions and is noted for its reliability in providing headless or remote desktop access, though it currently seeks a new maintainer due to limited ongoing development.[4][1]Overview and History
Description
x11vnc is a VNC server program designed for remote access to existing X Window sessions on Unix and Linux systems.[1] It enables users to view and interact with a physical display from a remote location using standard VNC client software, effectively mirroring the local monitor, keyboard, and mouse inputs over the network.[1] At its core, x11vnc operates by continuously polling the X11 framebuffer to capture display changes in real time and transmitting these updates to connected VNC clients.[1] Developed originally by Karl J. Runge starting in 2002, it is distributed as part of the LibVNCServer project under the GNU General Public License version 2 or later (GPL-2.0-or-later).[1] The software primarily supports Unix-like systems including Linux and Mac OS X, with a focus on X11 displays but also extending to non-X framebuffer devices, featuring an English-language interface.[1]Development and Releases
x11vnc was initially developed by Karl J. Runge in 2002 as a standalone VNC server designed to provide remote access to existing real X displays, addressing limitations in earlier tools like x0rfbserver on platforms such as Solaris.[1] Written in plain C for wide Unix compatibility, it quickly evolved from a proof-of-concept into a feature-rich application through Runge's enhancements, focusing on performance improvements and broad platform support.[5] Over the years, x11vnc integrated with the LibVNCServer project, leveraging its core VNC server library to facilitate broader development within the VNC ecosystem and enabling easier maintenance and extensions. Runge maintained the project until releasing version 0.9.13 in December 2010, after which the LibVNC community assumed responsibility, marking a shift from individual to collaborative development. The project's repository is hosted at github.com/LibVNC/x11vnc, with the official website available at libvnc.github.io, serving as hubs for source code, documentation, and issue tracking.[1][5] Community efforts continued post-2010 with version 0.9.14 (first community release, adding X Composite Extension support and Wayland support via deskshot), 0.9.15 (buffer overflow fixes, OpenSSL 1.1.0 support), culminating in version 0.9.16 on January 5, 2019, which included build fixes and documentation updates, followed by version 0.9.17 on May 1, 2025, adding support for multi-touch, additional mouse buttons, and OpenBSD compatibility.[2] This progression reflects x11vnc's transformation into a highly configurable VNC server sustained by ongoing community contributions, despite ongoing calls for a new dedicated maintainer as of 2025.[6]Core Features
Remote Display Access
x11vnc enables remote access to real X11 displays by continuously polling the framebuffer to mirror the content of physical hardware screens, allowing users to view and interact with the desktop as if present locally.[1] This mirroring targets existing X sessions on displays such as :0, using efficient mechanisms to detect and transmit only changed regions of the screen.[7] Beyond standard X11 environments, x11vnc extends support to non-X11 devices, including webcams for video capture via the-rawfb video option, Mac OS X Aqua/Quartz displays with native handling, and various frame buffers like those in embedded Linux systems or TV tuners.[1] For instance, frame buffer access can be configured with -rawfb map:/dev/fb0@1024x768x32 to share console or raw video output remotely.[7] These capabilities allow x11vnc to serve as a versatile tool for displaying diverse visual sources over VNC connections.
x11vnc integrates several UltraVNC extensions to enhance remote sessions, including file transfer enabled by -tightfilexfer or -ultrafilexfer for secure data exchange, text chat for communication between client and server, and single-window mode via -id windowid to focus on specific application windows.[1] These features, compatible with viewers like SSVNC, provide additional utilities without disrupting the core display mirroring.[7]
For efficient frame buffer access, x11vnc employs the XShmGetImage function via MIT-SHM extension to quickly retrieve screen data, minimizing CPU overhead during polling.[7] It further leverages the X DAMAGE extension to receive notifications of modified screen regions, reducing unnecessary full-screen scans and improving update responsiveness.[1] Cursor display is handled accurately using the XFIXES extension for shape rendering, with options like -cursor most to include various cursor types, and scaling via -scale_cursor to adapt to remote resolutions.[7]
Performance tuning options include the -wireframe mode, which outlines moving windows with wireframes instead of full redraws to accelerate interactions like dragging, and brief polling in 32-pixel increments for incremental updates.[1] These mechanisms ensure smooth transmission of screen updates, with compression handled by the underlying libvncserver library to optimize bandwidth usage.[7]
As of version 0.9.17 (released May 2025), x11vnc has added support for the X Composite Extension to enable off-screen window sharing and experimental double-buffered framebuffer and rawfb DRM/shm support, further improving remote display capabilities.[8]
Security Mechanisms
x11vnc provides several built-in security mechanisms to protect remote access to X11 displays, including authentication, encryption, and access controls, which help mitigate risks associated with exposing VNC sessions over networks.[1][7] For authentication, x11vnc supports Unix username and password verification using the-unixpw option, which prompts for credentials and switches to the authenticated user for either view-only or full-control access depending on the configuration.[7] This method leverages the system's native authentication, such as su or NIS, ensuring that only valid Unix users can initiate sessions.[7] Additionally, standard VNC password protection is available via the -rfbauth or -passwdfile options, where passwords are stored in an obfuscated file created with tools like vncpasswd or -storepasswd.[1] View-only modes can be enforced with -viewonly to restrict clients to observation without input, or a separate view-only password can be set using -viewpasswd for differentiated access levels.[7]
Encryption is supported through SSL/TLS via the -ssl option, which enables secure communication using OpenSSL and a PEM certificate, defaulting to a self-signed one if none is provided.[7][1] This integrates with the VeNCrypt protocol, allowing encrypted VNC connections that combine TLS with standard VNC authentication subtypes like Plain or TLSVnc.[7] For added flexibility, x11vnc can use external tools like stunnel with the -stunnel option to wrap non-SSL VNC servers in an SSL tunnel.[7]
Access control features include the -allow and -deny options, which restrict connections to or from specified hosts, IP addresses, or networks (e.g., -allow 192.168.1.0/24), providing IP-based filtering.[7][1] Reverse connections are facilitated by the -connect option, enabling the server to initiate outbound connections to clients, often combined with SSH for security.[7] SSH tunneling is recommended for enhanced protection, such as running ssh -t -L 5900:[localhost](/page/Localhost):5900 user@host 'x11vnc -localhost' to forward traffic securely without exposing the VNC port directly.[7][1]
x11vnc integrates with external tools like SSVNC, an enhanced TightVNC viewer that supports SSL/TLS encryption, VeNCrypt, and automatic SSH tunneling, allowing secure viewer-side connections to x11vnc servers with features like certificate management and proxy support.[9][1]
Technical Implementation
Polling Algorithm
The polling algorithm in x11vnc is designed to detect changes in the X11 display efficiently by continuously monitoring the framebuffer for updates that need to be transmitted to remote VNC clients. The primary method involves real-time polling of the X11 framebuffer using the XShmGetImage function, which leverages shared memory extensions for faster access to pixel data compared to standard XGetImage calls. This approach allows x11vnc to retrieve rectangular regions of the screen and compare them against a locally maintained copy to identify differences, encoding only the modified areas for transmission.[1] To optimize performance and reduce computational overhead, x11vnc employs a row-based scanning technique, reading full horizontal scanlines that are one pixel tall but separated vertically by increments of 32 pixels. This sparse sampling method scans the entire screen in a top-to-bottom fashion, restarting at the top upon reaching the bottom, and proves effective for detecting most visual changes without examining every pixel. By focusing on these spaced rows, the algorithm minimizes the amount of data processed per polling cycle while still capturing significant updates, such as window movements or text insertions.[1] When the X DAMAGE extension is available on the display—which x11vnc enables by default since version 0.9.10—it integrates this protocol to receive notifications from the X server about damaged (changed) regions, further refining the polling process. These notifications provide bounding rectangles that serve as hints, allowing x11vnc to skip scanlines that do not intersect recent DAMAGE areas and prioritize polling within affected zones, thereby reducing unnecessary framebuffer reads and accelerating change detection. The extension requires the libXdamage library and can be disabled via the -noxdamage option if compatibility issues arise.[1][10] x11vnc distinguishes between full-screen updates and incremental changes in its polling strategy to balance completeness and efficiency. Upon initial connection or significant events like screen resizing, it performs a full framebuffer poll and transmission to ensure the client receives the complete display state. For ongoing operation, the algorithm focuses on incremental updates by polling only suspected changed regions, using the row scans and DAMAGE hints to limit data to small rectangles, which are then encoded (e.g., via Tight or ZRLE) before sending. This selective approach prevents redundant full updates during typical interactive use.[1] Despite these optimizations, the polling mechanism can impact performance on high-latency networks, where the local polling remains fast but the transmission of even small incremental updates may introduce delays due to round-trip times exceeding 20 ms. In such scenarios, x11vnc's bandwidth-efficient encoding helps mitigate issues, but users may experience lag in responsive applications; options like -defer 100 (ms) can throttle update frequency to better suit constrained connections without overwhelming the network. Additionally, on systems with high screen update rates, the CPU overhead from frequent XShmGetImage calls may rise, though DAMAGE integration typically keeps it under 5-10% utilization for standard desktops.[1][11]Input Injection
x11vnc simulates user inputs from remote VNC clients to the local X session primarily through the XTEST extension of the X Window System. This extension enables the injection of synthetic events directly into the X server without requiring physical hardware input. Specifically, keyboard events are handled via XTestFakeKeyEvent, mouse button events via XTestFakeButtonEvent, and pointer movements via XTestFakeMotionEvent.[1][12] The tool supports both relative and absolute pointer movements to accommodate different client behaviors and multi-monitor setups. Absolute movements set the pointer to specific screen coordinates using XTestFakeMotionEvent, while relative movements compute deltas from the current position, often leveraging mouse acceleration parameters via uinput-based injection (e.g.,accel=f in -pipeinput UINPUT) for finer control in Linux environments.[7][1]
For complex input scenarios beyond standard XTEST capabilities, x11vnc allows custom injection through external programs using the -pipeinput option, which pipes keystroke and mouse events to user-specified commands or devices such as /dev/input/uinput for direct event writing. This enables tailored handling, for instance, in embedded systems or when emulating specific input devices.[7][13]
Keyboard mappings and modifiers are managed to ensure compatibility across layouts, with options like -modtweak adjusting for differences in AltGr and Shift behavior between client and server keyboards, and -xkb utilizing the XKEYBOARD extension for accurate modifier state tracking. Remapping is supported via -remap for custom keysym translations, while lock keys like Caps Lock can be skipped or emulated as needed. In multi-monitor configurations enabled by -xinerama, inputs are directed appropriately across screens, potentially switching to XWarpPointer for reliable pointer relocation instead of XTEST.[7]
Limitations arise in certain environments, particularly with modern window managers or secure X sessions where input grabbing via -grabkbd or -grabptr may fail due to restricted server access or policy enforcement. Authentication for input permissions is required in protected sessions, as detailed in the security mechanisms section.[7]
Xvnc Emulation
x11vnc interfaces with virtual X servers to enable remote access in headless environments or when no physical display is active, emulating key behaviors of Xvnc for compatibility and seamless integration. This capability allows users to connect to dynamically created sessions without requiring a pre-existing X display, supporting scenarios where traditional real-display access is unavailable.[7] The -create option instructs x11vnc to automatically launch a virtual X server, such as Xvfb, if no suitable display is found. It operates via the FINDCREATEDISPLAY method, probing for free display numbers starting from :20 up to a maximum of 80 attempts, and serves as an alias for the command-display WAIT:cmd=FINDCREATEDISPLAY-Xvfb. This feature ensures session availability by initializing a virtual framebuffer-based X server on demand, facilitating remote interaction in automated setups.[7][1]
In -svc mode, x11vnc activates a terminal services configuration optimized for secure, multi-user access, incorporating SSL encryption and Unix password authentication via the alias -display WAIT:cmd=FINDCREATEDISPLAY-Xvfb -unixpw -users unixpw= -ssl SAVE. This mode supports automatic session attachment by creating a virtual display if needed, allowing integration with service management systems for persistent, on-demand VNC availability without manual port memorization.[7][1]
x11vnc emulates Xvnc behavior through redirection modes, such as -display WAIT:cmd=FINDCREATEDISPLAY-Xvnc.redirect, which forwards connections directly to an Xvnc instance without the overhead of display polling. This approach maintains compatibility with legacy VNC clients and servers expecting Xvnc's virtual screen handling, enabling smoother interoperability in mixed environments.[7]
For multiple displays, x11vnc handles enumeration using the -finddpy option to list active X displays and supports region-specific access via -clip, which limits viewing to sub-areas of a display for targeted session management. Session persistence is ensured by the -forever option, which prevents the server from exiting upon client disconnection, or -loop, which restarts the process cyclically to maintain availability across connections. These mechanisms allow virtual sessions created by -create or -svc to remain active, supporting shared or long-running remote interactions.[7][1]
Common use cases for x11vnc's Xvnc emulation include automated background VNC servers on headless systems, such as those initialized at boot for remote administration or integrated with inetd for on-demand service provisioning. In these scenarios, -svc or -create modes provide virtual desktops to users via encrypted channels, ideal for terminal services-like access in server environments without physical monitors.[7][1]
Client-Side Caching
Client-side caching in x11vnc is an experimental feature designed to optimize remote display performance by storing pixel data on the viewer side, thereby reducing bandwidth consumption and latency for recurring screen elements. Activated through the-ncache n command-line option, where n specifies the cache multiplier (defaulting to 10, with a minimum of 0 to disable), this mode expands the server's framebuffer vertically by creating an off-screen "scratch" region equivalent to n times the display height, resulting in a total height of (n+1) times the original for a display of width W and height H. For instance, at 1280x1024 resolution and 24 bits per pixel, this can allocate approximately 7.5 MB of additional memory for n=2 (total ≈11.5 MB), scaling to approximately 37.5 MB additional (total over 41 MB) for the default n=10, with both server and client requiring substantial RAM to handle the extended buffer.[7]
The mechanism operates by having the server copy frequently accessed screen regions—such as static windows or menus—into the off-screen area, then transmitting references or delta updates to the client via VNC protocol extensions like copyrect, allowing the viewer to retrieve and render cached pixels locally without full resends. Compatible viewers, such as SSVNC, conceal the extra cache region to maintain a seamless display, enabling rapid updates when users cycle through multiple windows or revisit unchanged areas. Recommended settings include n=6 to 12 for scenarios involving 4 to 6 large windows, like web browsers, where repeated visibility of elements benefits most from local storage.[7][14]
Benefits include significantly faster response times and lower network usage, particularly for bandwidth-constrained connections, as the client avoids redundant pixel transmissions for persistent or reappearing content. However, the feature remains experimental, incurring high memory overhead that can strain resources on both ends, and it may introduce compatibility issues with unsupported viewers or lead to visual artifacts like painting errors during window drags if -ncache_cr is enabled for optimized copyrect handling of opaque moves. Additional parameters, such as -ncache_pad n (default 0 on Unix systems, 24 on macOS for shadow handling), further tune the caching rectangles around windows, but overall adoption is limited by the need for viewer-specific support and potential inefficiencies on composited desktops like macOS X. This caching approach complements broader performance tuning in remote access but focuses specifically on client-local data retention post-transmission.[7][15]
Usage and Applications
Installation and Configuration
x11vnc can be installed on Linux systems using package managers provided by major distributions. For Debian-based systems such as Ubuntu, the commandsudo apt install x11vnc retrieves and installs the latest packaged version from the repositories. As of November 2025, major distributions package version 0.9.17 or later.[1] On Arch Linux, sudo pacman -S x11vnc performs the installation.[4] For other distributions, equivalent package manager commands like sudo dnf install x11vnc on Fedora or sudo emerge x11vnc on Gentoo are available.[1]
Note: x11vnc requires an X11 (Xorg) session. On distributions defaulting to Wayland (e.g., Ubuntu 24.04, Fedora 41 as of 2025), log in using the Xorg session option at the login screen or configure the display manager to use X11.
To compile from source, download the latest release tarball from the project's GitHub releases page (LibVNC/x11vnc), such as x11vnc-0.9.17.tar.gz (as of May 2025). Extract the archive and run autoreconf -fiv followed by ./configure and make. Dependencies including libvncserver, libjpeg, and zlib must be installed beforehand, with options like --with-jpeg=/usr/local for custom paths on systems like FreeBSD.[1]
Basic startup requires specifying the X display and a password for security. The command x11vnc -display :0 -passwd mypassword launches the server on the default display :0 with the given password.[7] To make the server persistent, add the -forever option, which restarts it after client disconnections: x11vnc -display :0 -passwd mypassword -forever.[7] Passwords can also be stored in a file using x11vnc -storepasswd to create ~/.vnc/passwd, then referenced with -rfbauth ~/.vnc/passwd.[7]
Key command-line options allow customization of server behavior. The -rfbport 5901 option sets the listening port (default is 5900), useful for avoiding conflicts.[7] For multiple simultaneous clients, include -shared.[7] To enable reverse connections where the server initiates to a viewer, use -connect viewerhost:[port](/page/Port).[7] Desktop scaling is achieved with -scale 1/2 to reduce resolution by half, aiding low-bandwidth scenarios.[7]
Common issues often involve X authority and network access. If the X server denies connection due to authorization, specify the authority file with -auth /path/to/.Xauthority or use -auth guess for automatic detection.[7] For display managers like GDM, set -env FD_XDM=1 -auth guess.[1] Firewall setups require opening the chosen port, such as sudo ufw allow 5900 on Ubuntu, to permit incoming VNC traffic.[4]
For secure remote access, integrate x11vnc with SSH tunneling to encrypt connections. On the client side, run ssh -L 5900:localhost:5900 user@serverhost to forward the local port 5900 to the server's localhost:5900, then connect a VNC viewer to localhost:5900.[7] On the server, start x11vnc with -localhost to restrict listening to loopback: x11vnc -display :0 -passwd mypassword -localhost -forever.[1] This method leverages SSH for authentication and avoids exposing the VNC port directly.