pass in on $ext_if inet6 proto tcp from any to 2001:<IPv6 address of VNC host> port 5900
ssh -L5900:localhost:5900 me@myhost.example.com
then connect your VNC viewer to localhost:5900.Alright, so your LAN hosts get a proper global IPv6 address too?
Then something as simple as this would do:
Code:pass in on $ext_if inet6 proto tcp from any to 2001:<IPv6 address of VNC host> port 5900
But I would advise against opening VNC to the Internet though, not on IPv4 or IPv6. It's not the world's most secure protocol. You're better off logging in via ssh and tunneling VNC over SSH;ssh -L5900:localhost:5900 me@myhost.example.com
then connect your VNC viewer to localhost:5900.
I use VNC via VPN
What else is in /etc/pf.conf? And how is the traffic actually flowing? You mentioned you used a VPN then VNC. How's the VPN set up? Where does it terminate? How's your network set up?That's the mystery, it doesn't work with this rule
solved
Yes, it is IPv6, but I use VPN to be safer. I connect to the network via VPN, but the machine with VNC is on the remote client's local network.you have to let the traffic on the vpn to pass. Does the vpn subnet is also ipv6 ?