Orange Pi Zero Remote Desktop

Setting up a remote desktop node using a SoC is all fun until you notice there is no HDMI output. I had one such board laying around: Orange Pi Zero (512MB). Below are the steps I took to prepare an Xorg + Openbox + Tint2 + Firefox + remote desktop to manage/use my homelab resources.

See bottom for sources.

Install Armbian

Select your board at Armbian download page. Here is the Orange Pi Zero’s page. There, download Debian or Ubuntu based version, I prefered “Armbian 22.05 Bullseye”.

Burn the image using balenaEtcher.

Now to complete installation, connect the board to a computer via USB micro B cable. This particular board has OTG serial support, so you can get TTY over the USB cable.

On Linux

In case the terminal is laggy, try disconnecting (^A+D) and reconnecting. If you must reboot the board.

1

sudo screen /dev/ttyACM0 115200

On Windows

Use Putty with serial option instead of the default SSH. You will need to know the COM port for that. If you couldn’t quite grasp what I wrote, check Adafruit’s guide.

The rest is trivial, user creation and passwords.

Let there be mouse!

On the Orange Pi

Install the bare minimum for X11-Openbox GUI

1

sudo apt install xorg openbox xdm

Now let’s get a virtual display, install VNC server and start it

1

$ sudo apt install tightvncserver

Below command will asks for a normal login password and then whether one would like to create a view-only pasword as well. I created a normal password only. This password is then stored and not asked again for future server instances.

1

$ vncserver :1

On workstation (Linux)

Make sure you have Remmina (recommended) or any other VNC client installed:

1

sudo dnf install remmina  # workstation was Fedora in this case

Above command most certainly will not work for non-RedHat-family distros, use your distro’s package manager.

On workstation (Windows)

Go install mRemoteNG or TightVNC. Whatever floats your boat.

Either way, learn your board’s IP address (tip: look for a Private IP Address, e.g. “192.168.0.107”)

1

ip a  # on Orange Pi Zero

Make VNC connection to <ip_address_orange_pi>:5901. VNC uses ports (5900 + k) where k is the virtual display number. And, we have started our VNC server with :1 so it is 5901.

Now an ❌ should welcome you, that is your lovely little rodent friend.

Make VNC persistent across reboots

Following Lee Sir’s tutorial to a T for this systemd service aproach. One exception is I will not be creating the vnc user but use the user I created at the beginning, cbugk.

1. Get terminal access to the board and paste below to /usr/local/bin/tightvncserver. Feel free to change resolution (GEOMETRY).

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25

#!/bin/bash
PATH="$PATH:/usr/bin/"
DISPLAY="1"
DEPTH="16"
GEOMETRY="1280x720"
OPTIONS="-depth ${DEPTH} -geometry ${GEOMETRY} :${DISPLAY}"

case "$1" in

start)
/usr/bin/vncserver ${OPTIONS}
;;

stop)
/usr/bin/vncserver -kill :${DISPLAY}
;;

restart)
$0 stop
$0 start
;;

esac

exit 0 

1

sudo nano /usr/local/bin/tightvncserver

2. Make executable

1

sudo chmod +x /usr/local/bin/tightvncserver

3. Copy below into the systemd unit file to be created. Must change cbugk to name of the user you have created at the beginning!

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12

[Unit]
Description=Manage tightVNC Server

[Service]
Type=forking
ExecStart=/usr/local/bin/tightvncserver start
ExecStop=/usr/local/bin/tightvncserver stop
ExecReload=/usr/local/bin/tightvncserver restart
User=cbugk

[Install]
WantedBy=multi-user.target

1

sudo nano /lib/systemd/system/tightvncserver.service

4. Enable the service

If you want to test if VNC can indeed survive reboots, reboot after below commands.

1
2

sudo systemctl daemon-reload
sudo systemctl enable tightvncserver.service 

1

sudo reboot

Essential utilities

Web browsers

This will not get you far, let’s install some useful programs onto Orange Pi.

1

sudo apt install netsurf-gtk firefox-esr

Netsurf is there for when Firefox gets heavy. However, I could not use it with my Pi-KVM, so use for StackOverflow and such sites which work with JS disabled (I did enabled it at prefences). For Midori lovers out there, it did not open a self-signed HTTPS certificate so it is out. Lastly, chromium could not keep itself open, did not bother to debug it.

Desktop sugar

Get the packages

1

sudo apt install tint2 conky

Ensure the Openbox config directory exists, not created by default.

1

mkdir -p ~/.config/openbox

Start tint2 panel and conky widget whenever openbox starts

1
2

echo 'tint2 &' >> ~/.config/openbox/autostart
echo 'conky &' >> ~/.config/openbox/autostart

As of this writing I am not an Openbox/tint2/conky guru, and their configuration would be one hell of a rabbit whole. Dive at your own will and risk.

Punching firewalls and carrier-grade NATs

It is time for the remote desktop access. One could of course try setting fancy networking rules on their infrastructure, but not everyone digs that nor does most people have a public IPv4.

The board I have is in armv7 architecture, so supposedly does support TeamViever. I installed https://download.teamviewer.com/download/linux/teamviewer-host_armhf.deb, however, it did not seem to work. Anydesk support is neither here.

1
2
3
4
5
6

# Did not work, do not run
curl -OL https://download.teamviewer.com/download/linux/teamviewer-host_armhf.deb
sudo apt install -y ./teamviewer-host_armhf.deb
rm teamviewer-host_armhf.deb

teamvier

So let’s install ZeroTier, as of this writing they provide a free tier but the software is opensource and can be self-hosted on a VPS if one desires so.

Just follow their installation and installer will print an ID onto terminal. Register that to your (presumably) private ZeroTier network on their website so that the client is whitelisted.

Then join

1

sudo zerotier-cli join <network-id>

Do this for upto 50 devices and you can VNC from them into the Orange Pi. It is a poor man’s VPN and Armbian alternative for Anydesk/ TeamViewer/ RealVNC.

Considerations

I could use earlier mentioned remote desktop services if I had chosen to use my Raspberry Pi Zero 2 W, yet this way I had come across ZeroTier.

Having a single node accessible behind a CG NAT is enough for my use case, but I could add more nodes into the virtual VPN.

I could have used other protocols/ programs rather than TightVNC. Such as:

• X2GO (only one I could install back when I was a total noob, works with any Desktop Environment, uses SSH tunnel too)
• XRDP (out-of-box support on older Windows clients, still easy on newer ones)
• SSH with X11 forwarding (might actually convert to this)

The thing is, this blog was written on-the-go and with TeamViewer in mind. So will probably evolve a bit.

Hopefully this process could spark a novel idea for your situation, it’s all that matters. That and documantation, cheers!

Bibliotheca:

• How to assemble a fast and minimal Debian Desktop using Openbox (2016)
• Install/Setup Xfce and TightVNC to Armbian OrangePi (Lee Sir, 2019)
• Any remote desktop solution working over Internet? (NicoD, 2019)