rdp over internet

Using Remote Desktop Connection over Internet

Updated on:  

To use Windows Remote Desktop over the Internet you can either use a Virtual Private Network (VPN) or you can configure your router to accept requests from a specific port, and that data is in turn forwarded to a specific private IP address.

There are several steps involved to make Remote Desktop work over the Internet. The very first step to access Remote Desktop over the Internet is to make sure Remote Desktop is set up properly on your computer and that it is accessible over the LAN.

Reminder: Remote Desktop Connection is not available on Windows 10 Home by default.

Option One: Using a VPN

Using a Virtual Private Network (VPN) provides a secure way to share your desktop without the risk of exposing your computer to the Internet. A VPN creates a secure tunnel between your local computer and the VPN server, making it possible for the RDP server to connect with the client as if they were a part of the same local network.

No matter where you are located if you connect to the VPN, you will have reliable and secure access to the Remote Desktop and any other remote services not normally available outside the local network.

How to create a VPN Connection

There are many VPN apps available on the market. If your organization has a specific preference, contact your IT support for the required configurations.

If you are running Windows 10, you can use the integrated VPN service. The information you will require to connect includes:

  • • The address/name of the VPN server.
  • • The VPN protocol type (PPTP, L2TP/IPSec, OpenVPN, SSTP, IKEv2).
  • • Login details like the username and password.

How to add VPN connection in Windows

The steps for connecting to the Windows VPN service is as follows:
  1. Open Windows Settings.
  2. Go to “Network & Internet” > “VPN”.
  3. Click the “Add a VPN connection” option.

    add vpn connection
  4. Enter all the required information (VPN provider, server address/name, VPN type, type of sign-in info, user name, and password) and hit “Save”.

    configure vpn connection

Your new connection will be added to the list of available connections.

Remember: Some public networks do not allow connections via a VPN. If that’s the case, you have to change your network, there is no way to bypass that.

Option Two: Port Forwarding

If for whatever reason you can not use a VPN, you can opt to make your Remote Desktop Server directly accessible on the Internet. This is achieved by configuring your router to forward all Remote Desktop traffic to the PC from which the server is being accessed.

Opening remote desktop ports come with security trade-offs that you must be aware of. Since the connection is open to the Internet, the risk of attacks is much higher. Hackers are always searching for remote desktop security weak points like open TCP ports commonly used with Remote Desktop connections.

Ensure that security software is installed and up to date to patch any known vulnerabilities. Make use of strong passwords and ensure your network is secured with a firewall.

How to configure a static IP on Windows 10

By default, computers are assigned a dynamic IP address from the DHCP server. A dynamic IP changes each time a computer reconnects. If you want to configure your router for port forwarding, it is advisable to set a static IP for your computer. This will save you from having to keep changing your router settings.

If your router has an option to make your current TCP/IP configuration static, consult the manufacturer’s website for details on how to do this.

To create a static IP, follow these steps:

  1. Open the Control Panel.

    open control panel
  2. Go to “Network and Internet” > “Network and Sharing Center”.

    open network and sharing center
  3. From the sidebar, select “Change adapter settings”.

    change adapter settings
  4. Open the context menu by right-clicking the active adapter, and select its properties.

    configure adapter properties
  5. Select Internet Protocol Version 4 (TCP/IPv4) from the list and click the Properties button.

    TCP/IPv4 properties
  6. Click on the General tab and select the “Use the following IP address” radio option.

  7. Enter a valid IP address in the field. Make sure it’s outside the local DHCP IP range to avoid any IP conflicts with existing computers on the network.

    configure static ip address
    Tip: If you’re not sure of your DHCP configurations, you can consult the router’s manufacturer website. You can view existing IPs used in your network by opening the command prompt and typing ipconfig /all. This can be a useful starting point.


  8. A subnet mask is usually auto-populated based on the IP address you enter. If this is incorrect, you can change it if needed.

  9. Make sure the Default gateway is configured correctly. This is the address of the router.

  10. In the “Use the following DNS server addresses” section, add your DNS server in the “Preferred DNS server” field.
    A useful tip: If you find you can’t connect to the Internet, use the Google Public DNS address 8.8.8.8 as your Alternate DNS server.


  11. Click OK, then Close to complete the process. Your changes will take effect immediately.

How to determine your network public IP address

Apart from your local computer IP address, you need to know the public IP address of the remote network to connect to the remote device.

You can determine the IP address by following these simple steps

  1. Open your web browser

  2. Using your preferred search engine, type in “What’s my IP address”.

  3. When you press enter your IP will be displayed on the screen.

    what's my ip address

Sometimes an ISP may offer a dynamic public IP address which means your public IP address may change. If this is a problem you can use the “Dynamic Domain Name System” (DDNS) services which will track and identify public IP changes. Some of these services include DynDNS, OpenDNS, No-IP, etc.

You can also request a static IP address from your service provider, but this may incur additional costs.

Configuring your router for port forwarding

To allow remote desktop connection over the Internet, you must forward the default TCP port 3389 on your router to allow remote connections.

Note that the instructions depicted are for Xiaomi Mi Router AX1800 and will likely differ from what you see. The routers’ user interface varies depending on the manufacturer or even the model of the device. However, you can use them as a reference when configuring your router. And do not forget to check the manufacturer’s documentation for more specific steps.

The steps to forward the remote desktop port on your router are as follows:

  1. Open the Command Prompt.

  2. Type ipconfig and press Enter. This will show the current TCP/IP configuration.

  3. Make sure the “IPv4 Address” and “Default Gateway” fields are correct.

    ipconfig output
  4. Open your preferred web browser and type in the IP address of the router (Default Gateway) into the address bar.

    router ip address
  5. Enter your credentials in the login field(s) to sign in to your router admin panel. If it is a new router, the default username and password can usually be found on a sticker on the device.

    router admin panel
  6. Go to the Port Forwarding settings page.

    router port forwarding
  7. Enable the Port Forwarding service (if it’s not enabled).

  8. Create a corresponding rule by selecting “Add rule”, and enter the following information:
    • • The rule’s name
    • • Protocol: TCP
    • • External Port: 3389
    • • Internal Port: 3389
    • • Internal IP Address: Enter the IP address of the computer you want to connect to.

      create port forwarding rules
  9. Click “Add” when you’re done. The port specified will be opened for remote desktop connections through the Internet.