RDP as an alternative to Teamviewer

schnackenpfefferhausen · Thursday at 8:10 PM

Just wanted to follow up on my previous thread (I presume closed because it's too old?)

I've switched to using RDP. This meets my most common use cases, which is for convenience on my home network. I haven't taken any explicit steps to make my machine accessible/inaccessible over the Internet (port forwarding, firewall rules or the like..), and I'm not actually sure if it's accessible that way.

It strikes me as curious why no one suggested this in the earlier thread. Is there any particular reason why using RDP is a bad idea (security?)?

Ardax · Thursday at 8:29 PM

There's two main reasons that RDP might not have been suggested. First, while it can be secure, it really hinges on your user passwords. Since they're likely to be MS account passwords these days, that might be less of an issue than before. I'm not sure what its attack surface looks like online, since many will use it in conjunction with VPNs professionally.

Note that if you haven't taken any steps to expose RDP to the rest of the internet, this should only work on your LAN.

The more pressing reason is that it only works with Pro SKUs of Windows, so most users don't have access to it since they're running Home SKUs.

Oddabe19 · Thursday at 9:17 PM

I'm not entirely sure what you're asking, but exposing 3389 to the internet is bad. Very, very bad. Outside of SSH and Telnet, I believe it's one of the most attacked protocols. Keeping it internal is fine.

Exposing RDP should only really be done if:
1. You're using VPN to your network (OpenVPN; Wireguard; Unifi; Cisco; etc...), which effectively makes it local
2. A remote desktop gateway, with MFA and still locked down to only allow certain IPs. Should be in combination with #1.

Lord Evermore · Thursday at 9:21 PM

It (probably) wasn't closed because it's old. Years-old threads get replies out of the blue, usually from spammers.

RDP probably wasn't suggested because you started out saying it needed to to work between Mac, PC and iOS. RDP isn't available as the host on anything except Windows Pro and you wanted something like TeamViewer. It wasn't said specifically that you only needed to log into a single Windows Pro machine from those devices, all of which do have RDP clients, including non-Pro Windows. Since you've been using TeamViewer for years, one would also presume you wanted many of the same features, and RDP doesn't support many of those, such as being able to access it from outside your house (using built-in and automatic functionality) or having it work as if you were sitting in front of the computer itself (RDP has limitations due to the protocol NOT being "console" access). And you never replied to any of the suggestions or provided any further information.

Skoop · Thursday at 9:26 PM

Lord Evermore said:
old threads get replies out of the blue, usually from spammers.

In this forum especially, why I don't know. That's why I lock them at about 3 months.

schnackenpfefferhausen · Friday at 2:08 AM

Ardax said:
There's two main reasons that RDP might not have been suggested. First, while it can be secure, it really hinges on your user passwords. Since they're likely to be MS account passwords these days, that might be less of an issue than before.

Thankfully I have one machine that I managed to setup with a local account

I think if I ever have the need to expose it to the broader Internet, I'll set up a 127 character password (longest Windows supports) before I depart..

schnackenpfefferhausen · Friday at 2:10 AM

Oddabe19 said:
I'm not entirely sure what you're asking, but exposing 3389 to the internet is bad. Very, very bad. Outside of SSH and Telnet, I believe it's one of the most attacked protocols. Keeping it internal is fine.

Exposing RDP should only really be done if:
1. You're using VPN to your network (OpenVPN; Wireguard; Unifi; Cisco; etc...), which effectively makes it local
2. A remote desktop gateway, with MFA and still locked down to only allow certain IPs. Should be in combination with #1.

I tried enabling the VPN built into my router (Netgear R7000) a while ago to test this.. but I found it unbearably slow. I don't know why..

continuum · Friday at 9:59 AM

R7000 is pretty old and its VPN performance is not good compared to more modern, higher-end routers.

View: https://www.reddit.com/r/DDWRT/comments/i3nk2h/r7000_speeds_compared_to_no_vpn/

Netgear R7000 and OpenVPN speed?

I’ve been using Tomato, Advanced Tomato, and now Fresh Tomato for a long time, but my old Linksys e4200v1 just can’t provide the speed I need as a VPN client. I’ve noticed the most popular Tomato router is the Netgear R7000. Can anyone on the forum tell me about using this router as a VPN...

www.linksysinfo.org

R7000 VPN

I have been searching for for a few weeks. I am frustrated so hopefully someone can answer this for me once and for all. If I am running a VPN (OpenVpn) with the R7000 - what kind of speeds should I be getting? Does 25Mbps down max sound normal? Thank you.

community.netgear.com

Try Wireguard on it instead of OpenVPN if you want to see if you can get better performance, but it's still going to be best described as not very fast.

Andrewcw · Friday at 11:42 AM

schnackenpfefferhausen said:
Thankfully I have one machine that I managed to setup with a local account
I think if I ever have the need to expose it to the broader Internet, I'll set up a 127 character password (longest Windows supports) before I depart..

It doesn't matter how long your password is. The problem is someone finds a major exploit. You're always way better off creating a VPN on your router if you use Microsoft RDP.

Or use one of the many Semi-replacements of TeamViewer when you're out and about.

schnackenpfefferhausen · Friday at 1:47 PM

continuum said:
R7000 is pretty old and its VPN performance is not good compared to more modern, higher-end routers.

View: https://www.reddit.com/r/DDWRT/comments/i3nk2h/r7000_speeds_compared_to_no_vpn/

Netgear R7000 and OpenVPN speed?

I’ve been using Tomato, Advanced Tomato, and now Fresh Tomato for a long time, but my old Linksys e4200v1 just can’t provide the speed I need as a VPN client. I’ve noticed the most popular Tomato router is the Netgear R7000. Can anyone on the forum tell me about using this router as a VPN...

www.linksysinfo.org

R7000 VPN

I have been searching for for a few weeks. I am frustrated so hopefully someone can answer this for me once and for all. If I am running a VPN (OpenVpn) with the R7000 - what kind of speeds should I be getting? Does 25Mbps down max sound normal? Thank you.

community.netgear.com

Try Wireguard on it instead of OpenVPN if you want to see if you can get better performance, but it's still going to be best described as not very fast.

I’ll have to try tinkering with it later, but I’m not sure I was even getting the speeds noted in the links you provided. Running the stock firmware.

schnackenpfefferhausen · Friday at 1:49 PM

Andrewcw said:
It doesn't matter how long your password is. The problem is someone finds a major exploit. You're always way better off creating a VPN on your router if you use Microsoft RDP.

Or use one of the many Semi-replacements of TeamViewer when you're out and about.

There could just as easily be an exploit in any of the other remote software out there.

Post I was replying to specifically mentioned passwords.. so that’s why I focused on that portion.

schnackenpfefferhausen · Friday at 2:54 PM

schnackenpfefferhausen said:
There could just as easily be an exploit in any of the other remote software out there.

Post I was replying to specifically mentioned passwords.. so that’s why I focused on that portion.

Coincidentally, just saw this on /.

Slashdot

m.slashdot.org

pasorrijer · Saturday at 3:50 PM

Oddabe19 said:
I'm not entirely sure what you're asking, but exposing 3389 to the internet is bad. Very, very bad. Outside of SSH and Telnet, I believe it's one of the most attacked protocols. Keeping it internal is fine.

Exposing RDP should only really be done if:
1. You're using VPN to your network (OpenVPN; Wireguard; Unifi; Cisco; etc...), which effectively makes it local
2. A remote desktop gateway, with MFA and still locked down to only allow certain IPs. Should be in combination with #1.

Yeah, even if you do expose it to the internet, choose a different external port. But agree with the others... VPN.

Entegy · Saturday at 11:47 PM

VPN.

Even if you use a different port, it's trivial to find. On e it's eventually found, even if you use a long, complex password, your computer will be hammered at 100% CPU with brute force attacks.

Paladin · 2024-06-30T01:55:48-0400

If you really want to expose RDP to the internet, you can implement an IP banning feature that will block IPs that fail login. I posted about it in the neat application thread a while back. If you can't work out a good VPN option, that can help a lot with securing RDP.

RDP as an alternative to Teamviewer

Ars Centurion

Ars Legatus Legionis

Ars Praefectus

Ars Scholae Palatinae

Ars Legatus Legionis

Ars Centurion

Ars Centurion

Ars Legatus Legionis

Ars Legatus Legionis

Ars Centurion

Ars Centurion

Ars Centurion

Ars Scholae Palatinae

Ars Legatus Legionis

Ars Legatus Legionis