NOMACHINE on OpenSUSE Tumbleweed

A little bit of diagnosing and following up and all is fine.

Switched recently to OpenSUSE Leap on my backup laptop. Then found the simplest solution for me to sync Google Drive with OpenSUSE was to change to OpenSUSE Tumbleweed. Great. Done. Now time to get Tumbleweed to be a remote client to my Debian primary laptop.

For years, the primary laptop has run Ubuntu. Recently switched it to Debian 12 bookworm for the reasons documented here, From Ubuntu/Zorin to Debian/OpenSUSE. The remote solution to connect to the primary laptop has been RealVNC.

Debian 12 bookworm is using Wayland, and the latest Ubuntu is using it too. RealVNC isn’t compatible with Wayland so isn’t compatible with the latest Ubuntu or Debian. For myself, remote control hasn’t been a need for a few years so I didn’t realize RealVNC wasn’t Wayland compatible. As soon as I wanted remote control again, Wayland compatibility became an issue.

Do a little digging and find NOMACHINE works with Wayland. Install NOMACHINE on the Debian primary laptop, client and server running, no problems.

Install on the OpenSUSE Tumbleweed laptop, install fails. Server service isn’t found and client won’t start. 🫤

Check out NOMACHINE compatibility, it includes OpenSUSE 15.x. Leap is 15.x, current Tumbleweed is 20250714. Tumbleweed is on the backup laptop to make Google Drive work. I NEED Google Drive syncing between the primary and backup laptop. Can I get NOMACHINE working on Tumbleweed?

First, let’s see what NOMACHINE looks like when it’s running. Spin up an OpenSUSE Leap 15.x virtual machine and install NOMACHINE. It works fine, can connect to Wayland displays from X11 virtual machine. Now to troubleshoot the installation on OpenSUSE Tumbleweed.

Spin up a Tumbleweed virtual machine and do a NOMACHINE installation. (virtual machines are indispensable and readily available troubleshooting and simulation tools)

Terminal output during installation on Tumbleweed is brief and indicates nxserver.service can’t be loaded.

Check the installation log, /usr/NX/var/log/install.log, find an error earlier than nxserver.service . The error, “execstack can't be run.” Check what is exestack and find execstack isn’t installed. Install it and run NOMACHINE installation again. Terminal output remains the same and nxserver.service can’t be loaded.

Back to the log and find a message, Warning: SELinux userspace will refer to the module from /usr/NX/scripts/selinux/nx-unconfined.pp as nx rather than nx-unconfined. Since nxserver.service won’t run and there’s a Warning that SELinux has a problem with something NX related I turn to finding out how to understand the SELinux problem.

Aside from knowing SELinux enforces access control policies on OpenSUSE Linux, I haven’t been aware of it before. Digging around to get an idea of what the warning means I find a tool called SELinux Troubleshooter. It’s in Tumbleweed’s Discovery app library, so I install it.

So, now, the execstack problem has been handled and a way to diagnose the possible SELinux issue installed. Time to run the NOMACHINE installation again.

Bingo!

The Troubleshooter provides two SELinux command recommendations. I apply the commands and NOMACHINE is now running on OpenSUSE Tumbleweed just fine. (At least on Tumbleweed 20250714.)

I still like RealVNC’s interface and modes of operation better. I’ll continue to watch it for Wayland compatible releases and continue to upgrade NOMACHINE with new releases, especially if they include better access to controls, something like a pop up tool bar attached to the host’s window border.

The “page peel,” NOMACHINE’s toolbar, isn’t always available depending on the Display option selected. Knowing the keyboard option, Ctrl+Alt+0, to call the NOMACHINE control center before selecting a display option that can’t display the “page peel” is a real panic avoidance tip.

NOMACHINE client window with “page peel” displayed.

The Ctrl+Alt+0 shortcut displays the NOMACHINE control center that fills the entire client window.

With the control center filling the entire client window the mouse can move outside the client window and interact with other applications on the client pc. In the control center, navigating the menu requires clicking an icon to reveal the icons in the next sub menu and click again and again until the target operation is reached.

Once the operation is completed each menu must be clicked to return to the menu above until reaching the top menu, the control center, and finally close the control center to display the remote control session. That’s really cumbersome navigation.

The “page peel” only has controls for the video connection and causing the “page peel” to appear doesn’t release the mouse to leave the window. The only way I’ve found to leave the NOMACHINE remote client window is to use Ctrl+Alt+0 to bring up the NOMACHINE window overlay/control center, at that point the mouse can leave the window boundaries.

If the machine hosting the NOMACHINE server has multiple monitors an option to display all monitors can be selected. However all remote monitors are squished into a single NOMACHINE client window instead of having one window for each monitor. Not very useful.

If the client and server BOTH have two monitors the “Fullscreen on all monitors” option can be selected. In this configuration one each of the remote system’s monitors fills one each of the client system’s monitors. This feels very much like sitting at the remote system as opposed to controlling it remotely. However, again, there is no way to leave the remote control session’s window and interact with the client system without first displaying the top level NOMACHINE window to then be able to navigate around the client computer.

Blocking, blocking, blocking

No visitors, so why not?

This site has been up for a few years now. Very few (hardly any) visitors. That’s fine. This is really just a place for me to make notes about tech that’s on my mind. Without a job there’s fewer situations that I find myself having to resolve so less to write about.

wp.boba.org is on the Internet though, so of course it gets hit by bots. And since commenting without creating a login is permitted the bots attempt to post spam. Comments need to be approved before they’re displayed so I see, and reject, all of the spam. Source IP is usually Russia but spam comments also come from Kazakhstan, Belarus, Iran, Amsterdam, Saudi Arabia, Kuwait, Dubai, China, and VPNs that originate in Stockholm and London, among other places.

For a while I didn’t bother about it and simply marked those comments as spam so they never show up on the site. Lately though I’ve changed my approach a bit. Since I’m not trying to make a popular site, and I realize the likelihood of getting real comments from any of the networks spam comes from is infinitesimal, I decided to start blocking networks that spam comments are coming from.

The interesting thing is that once I began blocking networks, spam comments became a bit more frequent. Each time from a new network, of course, because the firewall was updated for each new spam source.

The spam being more frequent is a subjective measure but when the first block rule went in it was a while before another spam comment showed up. After that new network was blocked the interval to the next spam comment was less than the interval from the first to the second. It seems as if once a site is detected where spam can be posted that IP or URL is shared among spammers so they can all take a crack at it.

I’ve also found how to add Internet block lists to the firewall. There’s hundreds of thousands of IPs that are blocked and the lists are updated daily. Even so, and much to my surprise, after adding the block lists, the only blocks I see in the log are from the spammer networks. That is honestly a surprise to me. With hundreds of thousands of IPs in the block lists I would have thought some would show up in the log. None have so far. That’s a good thing, but still a surprise.

Today’s blocked networks follow below. It will probably be a day or two before there will be others to add. Don’t expect updates. Hmmm…….

37.99.32.0/20
37.99.48.0/20
37.99.80.0/21
37.221.0.0/24
45.88.76.0/22
46.8.10.0/23
46.151.28.0/24
46.161.11.0/24
62.113.118.0/24
77.238.237.0/24
80.239.140.192/27
84.17.48.0/23
84.38.188.0/24
87.249.136.0/22
91.84.100.96/27
91.201.113.0/24
93.183.92.0/24
178.172.152.0/24
178.217.99.0/24
179.43.128.0/18
183.0.0.0/10
185.173.37.0/24
188.126.89.64/27
192.42.116.192/27
194.32.122.0/24
195.2.70.0/24
195.181.174.0/23
212.34.128.0/24
212.34.141.0/24
212.34.148.0/24