Learn Some Linux Series - AWS, OpenVPN and NoMachines - Part 3

This is our final part of this tutorial. We want to be able to use a light weight GUI interface into each of our RPi and the server, to support a browser launch from these devices to go behind to any of our IOT or such devices. So our RPi devices act like a http jump server.

From my research and experimentation, I found that NoMachine is a GUI frontend that works for our needs.

For the RPis, I installed NoMachine using dietpi-software. You will also need to install LXQT or LXDE or XFCE display (as needed by NoMachine as a GUI environment) when asked. I then also installed the required fonts, else NoMachine session will show gibberish. Depending upon your device and what all is installed on it, you may already have required fonts, but just in case, you do run into issues, install fonts.

apt install fonts-dejavu-core
apt install fonts-dejavu-extra

For AWS Ubuntu, since it is an instance without GUI, we also need to installed a minimal GUI for Nomachine to work.

sudo apt install lxqt

Then we download the package from NoMachine for our Server side install. The downloaded file will go into the directory you have the prompt in.

wget https://download.nomachine.com/download/7.10/Linux/nomachine_7.10.1_1_amd64.deb

Check for latest one and adjust above link accordingly from the page below:


and then install it. Note the ./ and that implies current directory and the file under that.

sudo dpkg -i nomachine_7.10.1_1_amd64.deb


sudo apt install ./nomachine_7.10.1_1_amd64.deb

I had some errors of missing some dependencies, so then I used the command below:

sudo apt install -f ./nomachine_7.10.1_1_amd64.deb

The flag f (or can also use --fix) automatically downloads(most of the time) required missing dependencies.

Another command to keep in mind is that when we install packages and then uninstall, like for displays, that we don’t like, we then remove those via

sudo apt remove packagename

it may leave behind some dependencies that were installed with the installation of package. So we can use command below to clear those. I sometimes do it after everything is working for my needs.

sudo apt autoremove

Once we have the no machine package installed, we need to make some minor configuration changes.

By default NoMachine installation process will open the NX port 4000 on all network interfaces thru the firewall. You may want to control that manually.

sudo nano /usr/NX/etc/server.cfg

Towards the end, uncomment the line below and change 1 to 0.

EnableFirewallConfiguration 1


EnableFirewallConfiguration 0

Also towards beginning, uncomment line

NXPort 4000

For headless server like at AWS, with no VGA/HDMI port, we need to stop the display manager and instead use a virtual display. NX should automagically create a virtual display on next restart.

sudo systemctl stop display-manager

sudo systemctl disable display-manager

sudo /etc/NX/nxserver --restart 

Restart of NX MAY take 10 minutes or so in certain situations.

We can check if NX services are running by

sudo /etc/NX/nxserver --status

If we need to uninstall NoMachine,

sudo /usr/NX/scripts/setup/nxserver -- uninstall 
sudo rm -rf /usr/NX /etc/NX /var/NX .nx

For windows machines, download from below and choose all defaults for click thru install.


No port opening will be needed via firewall, as required tcp/4000 port is already open for block between our RPi, windows machines and AWS server which becomes available after our OpenVPN / PiVPN connections come live. In other words, we are not coming directly via internet, but thru VPN sessions. If you really need to login using NoMachine to any such machine using the Public IP, then only open port 4000/tcp using UFW

sudo allow tcp/4000

We are anyway opening all ports and protocols form

sudo allow from 

This assumes that ufw is installed, if not use command below to install it.

sudo apt install ufw

and then after the changes,

sudo ufw reload

To show what all rules / port forwardings are done to the machine,

sudo ufw status numbered

To login from Windows machine into RPis or our server using GUI, in search bar, type NoMachine to open the program, then click New at top right, leave protocol at default NX, for host, type in (for sever) and leave 4000 as port, next, next screen asks us to choose between password and Private key or Kerberos (for windows AD) authentication. Kerberos name comes from the 3 headed dog guarding the gates of Hades in Greek mythology.

Since we are logging in after VPN in (and there is no access outside VPN), I left it as password authentication, then skip past next no proxy and then save the launcher. Similarly set your other locations launchers.

if you followed all above to a tee, then everything should work and you have beautiful RDP (remote desktop protocol as they call it in windows) into any of your remote devices any time. All these devices are on always-on VPN connection to server, so all these devices can ping and RDP Into each other using 10.8.0.x VPN IPs. We also covered assigned static IPs for VPN for RDP purposes as we don’t want them to change.


I noticed that you mentioned “NoMachine session will show gibberish.”, i tried your steps and did not have any issue, as well I think that these fonts where automatically installed for me.

As well
“Restart of NX may take 10 minutes or so.”. Did you mean 10 seconds or 10 minutes 10 min looks really long. I see on my side 8 sec.

Hi @ngo-max,

Good to hear that most of these steps worked for you without any issues. For me, I may have lots of things installed / uninstalled and that may have caused loss of these fonts, but I had to really install them manually after installation.

And yes, it took long time at my end to restart NX services. I may have exaggerated but it looked like few minutes at least, if not 10 minutes. And I may have mixed up between RPI, PCEngines APU and AWS instance. I had taken brief notes when I installed on these devices couple of weeks ago. I also had much older version of DietPi on my test RPi and I just brought it up to latest and greatest just couple of days ago. Hopefully the new OS / updates may have resolved the long time that NX service may have taken. I will suitably update this tutorial based on your feedback.


1 Like