Visitor
•
3 Messages
Enable External RDP Access To One Of My Desktop PCs
Seems more of an administrative rather than technical issue, but I will try asking here anyway.
All I need to do is be able to reach one of my desktop PCs and remote control it using Microsoft Remote Desktop Protocol (RDP).
I am an Xfinity customer based in Grand Rapids, MI and have my own equipment, including:
1. Arris Surfboard SB6183 Cable Modem
2. TP-Link Archer C3200 Internet Router
My desktop is a Dell Inspiron 3880, an i5-based PC running Windows 11 Pro (24GB RAM, 240GB SSD, 5TB HDD).
My main problem seems to be that my external IP address is "hidden" outside my home network. I can ping it from the PC I want to allow RDP access to, but I cannot reach it from anywhere else outside (e.g. at a Starbucks or at a friend's house or anywhere else).
I have already added a port-forwarding rule in my router to the specific PC I need to connect to. I do not, however, use a VPN... I'd rather not go that route if I don't have to.
I tried contacting Xfinity support 5 different times (4 calls and one visit to a nearby store) and no one seemed to even grasp what I just described above.
Any competent help would be greatly appreciated.
NoNoBadPuppy
Problem Solver
•
727 Messages
3 years ago
Please refer to this document from Microsoft: https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/remote-desktop-allow-outside-access
1
0
NoNoBadPuppy
Problem Solver
•
727 Messages
3 years ago
I think that using a VPN may be the only option you have. It adds a layer of protection as well. Good luck. I hope you get it sorted out.
1
0
user_41532b
Visitor
•
2 Messages
3 years ago
Comcast home internet/modem will not allow you to modify the setting. If you need to do any port forwarding you will need to get business class internet. In business class they allow the customer to modify setting and you can setup various port forwarding.
0
0
flatlander3
Problem Solver
•
1.5K Messages
3 years ago
If you open a port to the internet with a port forward, it's going to get hammered. RDP or VNC would be an exceptionally bad service to run 'naked' to the internet.
Better, would be to just run a VPN server yourself inside your network, and open a port forward to that service. Better still is: you run that service on a stand alone box running something other than windows, but also protect it with intrusion detection/throttling to help you mitigate attacks on your open port. It can save you all kinds of misery. That's overkill, but there's nothing wrong with overkill.
Check out https://www.wireguard.com and https://openvpn.net they are both free VPN servers you can run yourself on a variety of platforms. Both have free clients you use to connect to them for devices/phones/PC's/Mac.
When you are remote, switch your client on, it connects to your internal server, and now your device is actually on your internal network with an encrypted tunnel. Now you can use RDP on your device to connect to your desktop machine. What's the difference between the two? Different protocol. Wireguard has less overhead, so data transfer is faster but has no logging. Openvpn has better logging/debugging but it will be slower on the data transfer.
There's a lot of help around for setting up either one, and a small learning curve, but the default setup on either is 'good enough secure'. Much better than just blasting ports open with zero protection.
0
0