Remote Desktop Solutions Over VPN

changer591

Member
SoSH Member
Jul 19, 2005
968
Shrewsbury, MA
So my company has gone remote-first permanently, and as part of this policy, we are essentially losing our physical offices. What I have been doing was connecting to the VPN on my home desktop and then remoting into my desktop that was sitting in my physical office, which is connected to the office network. However, because of the loss of the physical offices, I now have the option of bringing my work desktop home...which is all fine and dandy, but I don't actually want to use my work desktop...I don't have enough room nor do I want to deal with KVM switches, etc. So I want to just have it squirreled away in some dark corner (similar to what it's been doing at my company's office for the past year). So I plan on continuing to remote into it from my home desktop because I have a nice setup with a standing desk and two monitors and all the fixins...however, from what I have heard, I may have issues with these steps:
  1. Plug work desktop in, connect to VPN
  2. Connect to VPN on home desktop
  3. RDP into work desktop, which will start a new session, in which case, I will drop off the VPN that I connected to in step 1
  4. Try to connect onto VPN on work desktop, which will drop me off the RDP session.
Now, someone from work has suggested using something like TightVNC, but now I have a second problem, which is if I travel, what do I use then? Currently, if I travel, I do exactly what I do at home which is connect to VPN and RDP into my work desktop...but that won't work either anymore once I bring my work desktop home and have it on my home network.

Anybody have any neat ideas? I'm really looking for a short term solution possibly, because I also have a work laptop, but my job does such a poor job with providing images for clean installs, that it was straight from Dell and I have to do all kinds of set up (like setting up a Hyper-V VM just to have a Windows install on that to get it on the right domain because of reasons, reasons, blah blah).

It's quite fascinating how hard my job is making it for me to actually get work done because of this office move.
 

EddieYost

is not associated in any way with GHoff
SoSH Member
Jul 15, 2005
10,746
NH
Why not just hookup your work desktop to you fancy workstation and take your home desktop out of the picture?
 

changer591

Member
SoSH Member
Jul 19, 2005
968
Shrewsbury, MA
Because I want to use my work desktop just for work...and I don't intend on installing Steam on it if I feel like playing a round of Hades.
 

gtmtnbiker

Member
SoSH Member
Jul 15, 2005
1,725
I was going to suggest TeamViewer but I realize that you're trying to connect to a work computer for which you will need the paid (expensive) license and not get away using the free/personal version. I have used TeamViewer to connect to my home server from the office. I've heard of people using it to connect to their office computer without using the VPN.
 

Max Power

thai good. you like shirt?
SoSH Member
Jul 20, 2005
7,878
Boston, MA
When the work desktop and your personal computer are both on your home network, there shouldn't be any issue. You can RDP to it directly without any VPN, by hostname if your router is doing its job or by IP address if it's not. At that point you can establish the VPN connection on the work computer to your office to get to whatever resources you're looking to access there. It shouldn't drop your RDP session because changing the default router is irrelevant for addresses on the same local network.

Traveling is a harder problem to solve. You'd need to get into your home network from outside somehow. Teamviewer or LogMeIn would work, but you'd have to pay for it and you might not be allowed to install software on the computer. You could do some port forwarding or run your own VPN. That would require a dynamic DNS service so you'd know your public IP and a router that would support those options.

Ironically, losing your office has made working remotely more restrictive since you're stuck at home and nowhere else.
 

jercra

No longer respects DeChambeau
SoSH Member
Jul 31, 2006
3,147
Arvada, Co
When the work desktop and your personal computer are both on your home network, there shouldn't be any issue. You can RDP to it directly without any VPN, by hostname if your router is doing its job or by IP address if it's not. At that point you can establish the VPN connection on the work computer to your office to get to whatever resources you're looking to access there. It shouldn't drop your RDP session because changing the default router is irrelevant for addresses on the same local network.

Traveling is a harder problem to solve. You'd need to get into your home network from outside somehow. Teamviewer or LogMeIn would work, but you'd have to pay for it and you might not be allowed to install software on the computer. You could do some port forwarding or run your own VPN. That would require a dynamic DNS service so you'd know your public IP and a router that would support those options.

Ironically, losing your office has made working remotely more restrictive since you're stuck at home and nowhere else.
I hate to be the bearer of bad news but the first paragraph isn't necessarily true. It depends on how your VPN is configured, but the client can be set by your IT dept to not route to local subnets. If that's the case, then you will get kicked off of your RDP as soon as you connect to the company VPN.

Is there a reason not to just spin up an image of your work desktop as a VM on your home machine or even a cloud instance if the company will pay for it?
 

bowiac

Caveat: I know nothing about what I speak
Lifetime Member
SoSH Member
Dec 18, 2003
12,945
New York, NY
Because I want to use my work desktop just for work...and I don't intend on installing Steam on it if I feel like playing a round of Hades.
So I have a very similar setup to you, except reversed. I have a nice home setup with dual monitors, a fancy keyboard I like, etc... And I have a fairly restrictive work computer which can't install stuff, and then a fancy personal desktop on which I do various NBA projects. My solution is to use my work laptop as an RDP terminal, and then constantly be connected to my personal computer via RDP. Is there a reason that setup wouldn't work? I do my work on my work computer, and I do NBA work on my home computer, and I control both via the same keyboard/mouse without a KVM switch.
 

Humphrey

Member
SoSH Member
Aug 3, 2010
3,163
In your "old" setup, who is responsible for maintaining your work desktop? If it's not you, will that person/department still exist in the "new" setup?

What I'm driving at is; if there's going to be a bunch of computers running your company somewhere; why not let them have that desktop (i.e., have it sit in a room with the rest of them) and life will go on for you the way it has? Seems like you are taking on a headache that's avoidable. Especially if, as you stated, you're not using the work desktop.
 
Last edited:

changer591

Member
SoSH Member
Jul 19, 2005
968
Shrewsbury, MA
So yes, it's all quite a pain in the ass. Because we are getting rid of our physical offices and moving into a new building, my company does not want to move the desktops of the people that chose to just leave them at the old building. So we have been told we are to take the desktops home. However, I was also shipped a new laptop, so it's my responsibility now to get that laptop all set up with the software I need to do my job, but the extra wrinkle is that me and many of my colleagues are technically now employees of the umbrella company (we re-orged last year), but we work on software for one of the sub-companies, but our laptops are on the umbrella company's domain. So the ONLY option we have is to spin up a local VM joined to the sub-company's domain (or spin up on in the cloud). The work desktop is a more elegant solution because it's already on the sub-company's domain.
Either way, I pick up my work desktop next week, so I'll probably just use TightVNC to log into it from my home desktop so I don't lose my VPN connection whenever I remote in. And then I'll spend the next few weeks setting up my laptop and then retire the work desktop when I'm all up and running with the laptop, which will then cover me when I travel, because then I'll just use that laptop instead of my personal laptop.
Yes, my company is great at a number of things, but with the re-org and the pandemic and the move, they sure as hell aren't making it easy for me. I sometimes wish all I needed was Microsoft Office to do my job, but unfortunately, I'm a software engineer, so there are a shit-ton of tools I have to install and get set up to properly work. That being said, I am compensated well for what I do, so I guess I should just suffer quietly.
 

Max Power

thai good. you like shirt?
SoSH Member
Jul 20, 2005
7,878
Boston, MA
If you can connect via VNC, you can connect via Remote Desktop. I can't imagine how a VPN connection would block one but not the other. You'll get much, much smoother graphical performance out of it as well.

Your company's IT department really should have set up a trust relationship between the umbrella company's domain and the sub organization's. Then you'd be able to access resources in the subsidiary's domain using the umbrella company's credentials. Running a VM on a laptop seems way more difficult for everyone involved. Maybe there are some political concerns that make it impossible, but it could have even been a one-way trust if the parent org was concerned about reciprocal access.
 

changer591

Member
SoSH Member
Jul 19, 2005
968
Shrewsbury, MA
So, interestingly enough, I CAN RDP into my work computer from my home computer regardless of what the VPN situation is, but only sometimes with my work computers name, but always with the IP address. It took about an hour of troubleshooting with various combinations, but in the end, it appears as if the only reliable way to do it is with the IP Address. Another interesting thing is that in Windows 10, there are two different Remote Access settings, of which both have to be enabled for some bizarre reason. I only had one of them enabled before (which was perfectly fine from remoting in when my home computer was on the VPN and my work computer was in the office on the company network)...I cannot explain.
TightVNC also is a fairly reliable solution, but is kind of a pain with sharing two monitors, where you either still have to physically have two monitors plugged into the work computer, or have two headless adapters.
Either way, I've got something that works now, just curious why sometimes my computer name is usable, and sometimes it isn't...but that's all networking stuff which I'm very unfamiliar with (networking was never a strong suit of mine). At the end of the day, I still have to set up a work laptop for when I travel, but I have a few months to handle that.
 

jercra

No longer respects DeChambeau
SoSH Member
Jul 31, 2006
3,147
Arvada, Co
So, interestingly enough, I CAN RDP into my work computer from my home computer regardless of what the VPN situation is, but only sometimes with my work computers name, but always with the IP address. It took about an hour of troubleshooting with various combinations, but in the end, it appears as if the only reliable way to do it is with the IP Address. Another interesting thing is that in Windows 10, there are two different Remote Access settings, of which both have to be enabled for some bizarre reason. I only had one of them enabled before (which was perfectly fine from remoting in when my home computer was on the VPN and my work computer was in the office on the company network)...I cannot explain.
TightVNC also is a fairly reliable solution, but is kind of a pain with sharing two monitors, where you either still have to physically have two monitors plugged into the work computer, or have two headless adapters.
Either way, I've got something that works now, just curious why sometimes my computer name is usable, and sometimes it isn't...but that's all networking stuff which I'm very unfamiliar with (networking was never a strong suit of mine). At the end of the day, I still have to set up a work laptop for when I travel, but I have a few months to handle that.
It could be for a number of reasons, but the most likely that when you connect to the VPN, your name resolution (DNS or NetBios) "server" changes and doesn't have a way to resolve from hostname to IP. In reality, you never connect by name and always connect by IP. In the cases where name works, the computer/network has just done a lookup of name to IP. If you always want to use the name, you can just add it to your hosts file, but it really makes no difference.
 

changer591

Member
SoSH Member
Jul 19, 2005
968
Shrewsbury, MA
Good to know...I generally wish I had more time to learn more about networking, especially security as I have to defer to others much smarter to me in those areas for my job, but I'd like to think I make up for it in other areas. But I've always just plugged in network cables and prayed for things to just work.
 

changer591

Member
SoSH Member
Jul 19, 2005
968
Shrewsbury, MA
Now that I'm on travel to visit my ex/daughter, I have this solution.
Home laptop docked and hooked up to 2 monitors. Work laptop NOT hooked up to dock because stupid dock requires active DisplayPort cables, and Amazon lost my delivery of active adapters that I shipped to where I was going. Home laptop remote desktop into work laptop, which is the remoted into a HyperV VM (on the laptop) which is logged into the work VPN.
Now, to be fair, I only have to do this because I didn't have active monitor cables otherwise I wouldn't have my home laptop in this equation...but still the need to run a VPN that is joined to my sub-company domain as opposed to allowing my laptop itself to be joined to that domain.
Work is a pain sometimes.