Search This Blog

2025-08-01

OpenVPN: Windows RDC Remote Desktop Configuration

Product: OpenVPN, Windows OS
Software: MS Remote Desktop Services
Version: all

Sharing my experience of configuring OpenVPN that bundled with ASUS router which released in 2015.

  1. Login to ASUS WiFi router as admin
  2. Click on VPN button
  3. Click on tab "VPN Server"
  4. Enable OpenVPN server
    1. For my ASUS access point (I will use AP in later post), it allows me to configure 2 OpenVPN servers
    2. The "Server instance" for them are:
      1. Server 1
      2. Server 2
  5. Under list box "VPN Details", clicks on "Advance" in the list box to show more VPN server configurations
  6. Sets following 3 VPN server parameters
    1. Advertise DNS to clients = Yes
    2. Respond to DNS = Yes
    3. Optionally set Direct clients to redirect Internet traffic = Yes. This will allows other application think your traffic is originating from home computer instead of you current position. E.g. Facebook, YouTube, eBay, Amazon
  7. Following server parameters are optional to change to increase security, and minimize hacker
    1. Server port
    2. Firewall
    3. Username/Password authentication
    4. TLS control channel security
    5. Auth digest
    6. VPN subnet/netmask
  8. Clicks on "Apply" button to start the VPN server
  9. Now the OpenVPN server is completed
  10. Navigate back to the same screen, if it forward you to other page
  11. "VPN Details" will change back to "General" which will then shows button "Export" for you to download .opvn file
  12. The browser will prompt you to save the OpenVPN client config file with .opvn file extension
  13. Inside the browser's file download area, it will ask to reject or keep the file. For me, it doesn't prompt me anything, and I have to click on download button (in Chrome), then I can see it is showing an additional "Keep" button next to the .opvn file
    1. Clicks on "Keep" button next to the .opvn file to confirm file download
  14. Now, distribute the OpenVPN client configuration files to machines, and mobile devices where you want to use OpenVPN client. For examples
    1. Windows PC - copy the file to the copy through file sharing, or USB thumbdrives
    2. Apple iOS such as iPhone, iPad - uses e-mail file attachment to send to the email addresses where your iOS devices (iPhone, iPad) has e-mail configured.  If you have not setup e-mail, please set it up, and you can remove it after you have OpenVPN client setup
    3. Android - I recommend to use e-mail as well, unless you have SD card
  15. For each of the devices or PC you have, install OpenVPN client, which then you can use to import the .opvn file
  16. By now, OpenVPN has been running inside the ASUS AP, and OpenVPN client configuration files are readily to be used (and distributed)
  17. In Windows OS where you want to RDC into it, open "Windows Defender Firewall"
    1. For Windows 11, navigation nis Control Panel > System and Security > Windows Defender Firewall
  18. You should see following 3 network area:
    1. Private network - this is the firewall configuration for machines which has the identical IP address of this Windows OS. For example, if the Windows's IP is 192.168.1.1, then this is for incoming RDC request from 192.168.1.1 - 192.168.1.254
    2. Domain network - this is optional. If it shows up, then typically it is for local LAN but with different IP than 192.168.1.1
    3. Guest or public networks - starting Windows 11, both WiFi and LAN adapters are set to public network, and will block incoming RDC connection
    4. Follows this step if want to change the LAN or WiFi adapter to "Private" network for Windows 11
      1. Click on Start > Your name
      2. Next to your Avator icon, click on "My Microsoft account" to open configuration menu
      3. You should land on Home menu
      4. Look at the 4th menu, called "Network & internet"
      5. Clicks on menu "Network & internet"
      6. You can only change its profile if the network adapter is connected.  So if you want to change
        1. WiFi adapter, then connects your WiFi
        2. LAN adapter, then connects LAN cable
      7. Clicks on WiFi or LAN adapter
      8. Clicks on WiFi SSID which is the 2nd button below WiFi on/off button
      9. For example

      10. Clicks on "Private network" to change its profile to "Private network" which will allow incoming RDC connection
      11. If your computer belongs to a domain, then clicks on "Domain network" instead
      12. Now you are clear which network profile to pick in subsequent step of Windows Defender Firewall when choosing network profile of private, domain, public
      13. Runs "Windows Defender Firewall with Advanced Security"
        1. Clicks on "Inbound Rules"

        2. Scroll down to "Remote Desktop - User Mode (TCP-In)"
        3. Confirms the Profile = All, which means it allows incoming TCP connection to default RDC port 3389 from private, public, and domain profile
        4. Right clicks and select "Enable Rule"
      14. Now your computer will be able to accept incoming RDC connection from any IP in this network adapter/IP
      15. By now, following are done
        1. ASUS AP configured with OpenVPN server
        2. OpenVPN server is running
        3. OpenVPN client configuration .opvn file is distributed
        4. Windows machine configured to accept incoming RDC connection
      16. In each of the device you would like to run OpenVPN client, import the .opvn file
        1. Installs OpenVPN client software
        2. Windows - download from https://openvpn.net/client/
        3. iOS - search and download from Apple Store
        4. Android - search and download from Google Play
      17. Import the .opvn file
        1. Windows - double click on .opvn file
        2. iOS - open the e-mail which contains the .opvn attachment. Touch the .opvn attachment to show various options of opening the file. Choose "OpenVPN" icon
          1. OpenVPN app will run
          2. It will automatically trigger import profile screen
          3. Gives the profile your desire name, if you don't like the default cryptic name
        3. Android - open the e-mail which contains the .opvn attachment. Touch the .opvn attachment to show various options of opening the file. Choose "OpenVPN" icon
          1. OpenVPN app will run
          2. It will automatically trigger import profile screen
          3. Gives the profile your desire name, if you don't like the default cryptic name
      18. If you device and the Windows (RDC target host) are connecting to the same network, then in your OpenVPN client device, disconnect from the LAN/WiFi, and uses the Internet from your cellphone
      19. Turn on the OpenVPN to connect to ASUS AP against the newly imported profile
      20. Now, the device should be able to RDC to the target Windows using mstsc.exe command


Posted by at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)