How to Configure Remote Desktop with a VPN

WireGuard UDP NAT Traversal
Setup remote desktop securely without exposing RDP port to Internet

Introduction to Remote Desktop

One of the best features of Windows is its remote desktop functionality. Remote desktop allows you to access your Windows machine remotely. However, without a VPN, accessing your machine remotely has become a risky proposition.

In the early days of the Internet, it was no problem configuring your home PC to be accessible from anywhere. Enable it, open some ports on your router, and you were done. However, these days securely configuring remote desktop is more difficult. Bots are constantly probing for an open port 3389 (the port used by RDP), and chances are your ISP will automatically block the port when a bot has been detected, defeating the whole purpose of having the port open. Security bugs have also been discovered in RDP, which has made running RDP on an open port dangerous. A VPN solves the problem.

Nettica addresses these concerns and makes it once again safe to connect back to your home PC with remote desktop. Nettica allows you to create a lightweight, secure VPN connection to your home. And it’s free! Once you see how useful we are, you may be interested in one of our paid plans that really lets you take control of your network.

Why is using a VPN better? Good question. Not all VPNs are created equally. Nettica uses WireGuard, a secure UDP-based protocol. TCP-based VPNs have to respond when someone initiates a connection with them. With WireGuard, if the connection isn’t from someone with the right key, it doesn’t respond, which keeps you safe. WireGuard is also the fastest, most secure VPN protocol available.

Enable Remote Desktop

The first thing you need to do to set up a remote desktop is to enable it. On a Windows Pro machine, go to Settings, System, and then scroll the right-hand pane to find and click on Remote Desktop.

Settings System Remote Desktop on Windows 11 Pro
Enabling Remote Desktop on Windows 11 Pro

Toggle “Remote Desktop” using the switch. Now it’s time to set up the VPN.

Create a Network

Login to the Nettica Admin. Note that you can log in using your Google or Microsoft account rather than storing credentials with us. Managing your credentials is not our business. You can use your own identity provider and get all their benefits, such as multi-factor authentication. After logging in, click on Networks, then click the blue banner. It will automatically create your first network.

Nettica Admin networks tab

Add a Windows Host

After creating the network, let’s add your computer to it. For this download the Nettica Agent for Windows, then follow the instructions and install the client.

Launch the Nettica Agent and then click the Login button. A browser window will pop up to assist you with the login. Log in the same way you originally logged into the admin. After successful login, click “Join Network”.

Join Network on Nettica Agent

Enter the public IP address as shown above. Check the boxes for Sync Endpoint, UPnP, FailSafe (optional), Nettica DNS, and Remote Desktop, then click “Submit”. After a few seconds, the network will install and you’ll receive a window notification. The endpoint IP address will update to your real external IP address with Sync Endpoint, and the port will be opened by UPnP. The name of the machine, in the case “desktop.nettica”, is now registered with Nettica DNS. You’ll be able to use it from your laptop.

You have now successfully configured your home desktop to be securely accessible from the internet. Repeat the process of installing the Nettica Agent and adding a Windows host for your laptop. It’s not necessary to specify the external IP address in this case. Now go test your connection at a coffee shop. Enjoy!

Coffee Shop

To start the remote desktop client on your laptop, in the search bar enter “remote desktop” or “mstsc.exe” (Microsoft terminal services client) and you’ll find it.

Microsoft Remote Desktop Client
Windows Remote Desktop client

When starting remote desktop client on your laptop remotely, use the VPN IP address ( in this example) or the Nettica DNS name you assigned to it.


If you can’t connect to the machine, and it won’t even ping, the likely culprit is the firewall. To disable the Windows firewall, type “firewall” into the Windows search bar and hit enter. Disable all the firewalls listed. If you find your connection then works, re-enable the firewalls. This needs to be done on your desktop, not your laptop.

Adding an application through the Windows firewall

Type “firewall” into the search bar again, and this time select “Add an app through the Window Firewall”. Scroll down and find Remote Desktop, and allow it for both Private and Public connections. If you’re using another firewall product, consult with their documentation on how to allow apps or ports through. The RDP port is TCP 3389.

Related Services

If the above doesn’t work for you, then you’re probably behind a carrier-grade NAT. In that case, check out our relay services below, which will allow you to connect regardless of your carrier or ISP. If you have any issues, just reach out to our support team; they’ll be happy to help!

Nettica Relay and Tunnel Services

Related Reading

Use Docker & WSL2 to access your home network with WireGuard

Easily Create a VPN with a Raspberry PI and WireGuard

WireGuard NAT Traversal Made Easy

WireGuard Cheatsheet