How to Configure Remote Desktop with a VPN

Setup remote desktop securely with Nettica VPN services
Setup remote desktop securely with Nettica VPN Services

Introduction to Remote Desktop

One of Windows’s best features is its remote desktop functionality. Now called the “Windows App,” remote desktop allows you to access your Windows machine remotely. However, without a VPN, accessing your machine remotely has become a risky proposition.

In the early days of the Internet, it was no problem configuring your home PC to be accessible from anywhere. Enable it, open some ports on your router, and you were done. However, these days securely configuring remote desktop is more difficult. Bots are constantly probing for an open port 3389 (the port used by RDP), and chances are your ISP will automatically block the port when a bot has been detected, defeating the whole purpose of having the port open. Security bugs have also been discovered in RDP, which has made running RDP on an open port dangerous. A VPN solves the problem.

Nettica addresses these concerns and makes it once again safe to connect back to your home PC with remote desktop. Nettica allows you to create a lightweight, secure VPN connection to your home. And it’s free! Once you see how useful we are, you may be interested in one of our paid plans that really lets you take control of your network.

Why is using a VPN better? Good question! Not all VPNs are created equally. Nettica uses WireGuard, a secure UDP-based protocol. Traditional TCP-based VPNs have to respond when someone initiates a connection with them. With WireGuard, if the connection isn’t from someone with the right key, it doesn’t even respond, which keeps you safe. WireGuard is also the fastest and most secure VPN protocol available.

Enable Remote Desktop

To set up a remote desktop, you first need to enable it. On a Windows Pro machine, go to Settings, System, scroll to the right-hand pane, and then find and click on Remote Desktop.

Settings System Remote Desktop on Windows 11 Pro
Enabling Remote Desktop on Windows 11 Pro

Toggle “Remote Desktop” using the switch. Now, it’s time to set up the VPN.

Create a Network

Login to the Nettica Admin. You can log in using your Google or Microsoft account rather than storing credentials with us. Managing your credentials is not our business. You can use your identity provider and get all their benefits, such as multi-factor authentication. After logging in, click on Networks, then click the blue banner. It will then automatically create your first network.

Nettica VPN Service
Nettica Admin networks tab

Add a Windows Host

After creating the network, let’s add your computer to it. To do this, download the Nettica Agent for Windows, then follow the instructions and install the client.

Launch the Nettica Agent and then click the Login button. A window will pop up to assist you with the login. Log in the same way you originally logged into the admin. After successful login, click “Join Network.”

Join Network on Nettica Agent

Enter the public IP address as shown above. Check the boxes for Sync Endpoint, UPnP, FailSafe (optional), Nettica DNS, and Remote Desktop, then click “Submit”. After a few seconds, the network will install, and you’ll receive a window notification. The endpoint IP address will update to your real external IP address with Sync Endpoint, and UPnP will open the port. The name of the machine, in the case “desktop.nettica”, is now registered with Nettica DNS. You’ll be able to use it from your laptop.

You have now successfully configured your home desktop to be securely accessible from the Internet. Repeat the process of installing the Nettica Agent and adding a Windows host for your laptop. It’s not necessary to specify the external IP address in this case. Now test your connection at a coffee shop. Enjoy!

Remote Desktop from the Coffee Shop

To start the remote desktop client on your laptop, in the search bar, enter “remote desktop” or “mstsc.exe” (Microsoft terminal services client) and you’ll find it.

Microsoft Remote Desktop Client
Windows Remote Desktop client

When starting remote desktop client on your laptop, use the VPN IP address (10.10.10.1 in this example) or the Nettica DNS name you assigned to it.

Troubleshooting

If you can’t connect to the machine, and it won’t even ping, then the likely culprit is the firewall. To disable the Windows firewall, type “firewall” into the Windows search bar and hit enter. Disable all the firewalls listed. If you find your connection then works, re-enable the firewalls. This needs to be done on your desktop, not your laptop.

Adding an application through the Windows firewall

Type “firewall” into the search bar again, and this time select “Add an app through the Window Firewall.” Scroll down and find Remote Desktop, and allow it for both Private and Public connections. If you’re using another firewall product, consult with their documentation on how to allow apps or ports through. The RDP port is TCP 3389.

Related Services

If the above doesn’t work for you, then you’re probably behind a carrier-grade NAT. In that case, check out our relay services below, allowing you to connect regardless of your carrier or ISP. If you have any issues, contact our support team; they’ll be happy to help!

Nettica Relay and Tunnel Services

Related Reading

Use Docker & WSL2 to access your home network with WireGuard

Easily Create a VPN with a Raspberry PI and WireGuard

WireGuard NAT Traversal Made Easy

WireGuard Cheatsheet