Remote access windows server

1clo1

New Member
Jul 30, 2022
4
0
1
Can anyone tell me how I can set up my server to be accessed from computers in the field.
 

Stephan

Well-Known Member
Apr 21, 2017
483
289
63
Germany
Don't open any ports in your router to forward RDP to the inside. Port will be scanned, found and exploited in no time. Always keep attack surface minimal. For starters, keep only one UDP port open, that for VPN. I got a couple systems on the internet that I watch very closely and not a minute in the whole year goes by where I am not scanned or attacked.

For that you need a firewall with VPN capabilities, I prefer OpenVPN. Computer in the field connects to that and is pushed a network route to the internal network, over VPN. Then you can securely access your stuff.

If you have never done this you are looking at a steep learning curve and about 4 weeks investment to get from understanding word salad to first good working VPN. In the case of OpenVPN, do not stop before you learned why tls-auth or tls-crypt is necessary as added protection, and have implemented it.
 

1clo1

New Member
Jul 30, 2022
4
0
1
Ok, so do I get open VPN installed and follow instructions? How would I set that up?
 

gregsachs

Active Member
Aug 14, 2018
488
155
43
I would also suggest softether server, it works well and is a nice alternative to openvpn
 

gregsachs

Active Member
Aug 14, 2018
488
155
43
Softether looks easier how do I deploy it on my system.
Download and install the server package for os of choice. Download and install the client for os of choice on clients.
Setup a dynamic dns pointer to use, and make sure that you forward one of the softether ports to the server from your router/firewall. 443 is likely not blocked by your provider.
 

gea

Well-Known Member
Dec 31, 2010
2,810
970
113
DE
I forward the Wireguard port from my Telekom router to a gl.Inet Router (up from 30 Euro/$) where I enable the Wireguard VPN server. This is ultrafast (propably the fastest vpn protokol) and ultra easy to setup (just enable and copy the client passphrase over to a Wireguard client).

After connecting, a laptop or smartphone via a DynDNS hostname (provided by gl.inet) behaves like it would do on your lan directly. You can securely use smb or rdp or any other way to access home lan devices. When using an open insecure hotel wlan, everything is encrypted over your home internet access,

I use an AX 1800. Today I would buy the 1300 due newest Openwrt support with features like Mesh,

 
Last edited:
  • Like
Reactions: dswartz