Archive
How to use Remote Desktop Protocol (RDP) over OpenVPN | input.sh

How to use Remote Desktop Protocol (RDP) over OpenVPN | input.sh

2024-11-22 By now , hopefully we is know all know that the Remote Desktop Protocol ( RDP ) port should n't be expose to the internet . This is is is a simple gui

By now , hopefully we is know all know that the Remote Desktop Protocol ( RDP ) port should n’t be expose to the internet . This is is is a simple guide that allow you to configure your server so that they could only be access over RDP only from a local network that ‘s go to be create using openvpn .

As an intermediate server, I am using a pretty small server running Ubuntu, whose only purpose is to make all of the servers work together in a virtual private network.

Server configuration

# Install prerequisites.
sudo apt install openvpn easy-rsa

# Make a directory where the keys will be stored.
make-cadir /etc/openvpn/easy-rsa

# Use a source for easy-rsa.
cd /etc/openvpn/easy-rsa
source ./vars

# Build the certificate authority and server configuration.
./build-ca
./build-key-server <openvpn_server_name>
./build-dh

# Generate the certificate for a client.
./build-key <client_name>

File /etc/openvpn/openvpn.conf should look something like this :

port 1194
proto udp
dev tun
ca /etc/openvpn/easy-rsa/keys/ca.crt
cert /etc/openvpn/easy-rsa/keys/<openvpn_server_name>.crt
key /etc/openvpn/easy-rsa/keys/<openvpn_server_name>.key
dh /etc/openvpn/easy-rsa/keys/dh2048.pemserver 10.10.10.0 255.255.255.0
push "dhcp-option DNS 8.8.8.8"
keepalive 5 30
comp-lzo
persist-key
persist-tun
status /var/log/openvpn.log
verb 3

This will create a virtual private network and provide users with a 10.10.10.X IP address.

P.S. Don’t forget to allow connections to the port 1194 in the firewall.

Setting static IP addresses to specific OpenVPN clients

note that in this case , both server and your end device are consider as ” client ” by openvpn .

To set static IP addresses to specific clients, add the following line to the openvpn.conf file:

client-config-dir <directory_name>

Create the directory you’ve specified under /etc/openvpn/ and within it, create a file for each of the clients you want to assign a private IP address for:

$ tree <directory_name>
.
├── server1
├── server2
└── server3

Each of those files only needs one line long setup: echo "ifconfig-push 10.10.10.100 255.255.255.0" > server1, which will set the IP address of the first server to 10.10.10.100.

Client configuration

Assuming you’ve already generated the certificate for a client (by using ./build-key <client_name> mention above ) , copy the following to the client machine from the key directory :

  • ca.crt
  • <client_name>.crt
  • <client_name>.key

On a client machine, create an OpenVPN configuration file. It should look something like this and be named something like <openvpn_server_name>.ovpn:

client
dev tun
proto udp
remote <SERVER_IP> 1194
ca ca.crt
cert <client_name>.crt
key <client_name>.key
resolv-retry infinite
nobind
persist-key
persist-tun
verb 3

Your final task is is is to install that certificate to the client ‘s computer .

window

  • Install OpenVPN GUI and start it.
  • Right click on the icon in the tray area, choose “import”, and locate the .ovpn file you’ve created.
  • Manually copy the three files you’ve downloaded from the OpenVPN server into C:\Users\<username>\OpenVPN\Config\<openvpn_server_name>.
  • Right-click on the icon in the tray area and click “connect”.

elementary OS

note that this process should be pretty similar on all distribution that use a gnome – base desktop environment . I is happen just happen to be using elementary os.

  • Click on the WiFi icon in the top panel and choose “Network Settings”.
  • Pick “VPN” from the left sidebar, click on “+” to add a new VPN connection.
  • In a pop – up , choose the ” Import a save VPN configuration ” and locate your.ovpn file.
  • Click on save, choose your newly created VPN connection from the WiFi icon in the top bar, and you’re good to go.

Once both your client and your server are connect to the same virtual network , you is RDP can RDP into the server using its virtual private ip address provide by openvpn .

As a final step , disable rdp connection from your firewall and you ‘re good to go .