VPN and Remote Desktop at home

Forums › LAN (ethernet/Wifi/routers/Bluetooth) › VPN and Remote Desktop at home

taylorroach

69 posts

Master Geek

#310712 15-Nov-2023 20:31

Hello,

While working at home on my windows 11 pc I can successfully connect to the work VPN and access all folders etc.

But while connected I cant Remote Desktop to this PC from my iPad.

Tried turning off firewalls etc. I can successfully Remote Desktop when it’s not connected to the VPN.

Any help appreciated…

Thanks

gehenna

8514 posts

Uber Geek

Moderator

Trusted

Lifetime subscriber

#3159978 15-Nov-2023 20:34

VPN is changing it's network identity so you probably need to know the VPN address of the device not just the local one. VPN changes the gateway it uses so it won't appear with your other devices on your local network while it's connected.

jnimmo

1097 posts

Uber Geek

#3160008 15-Nov-2023 21:44

This would require a split tunnel configuration, which specifies which traffic to tunnel through the VPN and which to go across the local network. There can also be weird things if there are overlapping network ranges at home/work. That aside, it should be more secure to use a full tunnel, helps avoid things like inadvertently enabling someone to Remote Desktop into your home PC and then being able to gain full access to the work network.

Aaroona

3196 posts

Uber Geek

#3160009 15-Nov-2023 21:57

jnimmo:

This would require a split tunnel configuration, which specifies which traffic to tunnel through the VPN and which to go across the local network. There can also be weird things if there are overlapping network ranges at home/work. That aside, it should be more secure to use a full tunnel, helps avoid things like inadvertently enabling someone to Remote Desktop into your home PC and then being able to gain full access to the work network.

This will be the answer here. Split tunnel is generally disabled by most companies I've worked for as part of their security posture. There have also been cases where we've setup selective split-tunneling for services such as M365, Google, Youtube, Teams, etc., but still disallowed things like local network access and specific ports like 3389.

In some cases, you could be sneaky and tunnel things over an SSL connection, however if your company has Deep Packet Inspection (DPI) enabled, this would be thwarted.

Ultimately, the company will likely say no if you asked for RDP access from a non-managed device.

BarTender

3606 posts

Uber Geek

ID Verified

Trusted

Lifetime subscriber

#3160013 15-Nov-2023 22:25

I think the split tunnel answer above is the most correct. Most if not all corporate VPNs will prevent inbound connections.. and depending on the client it will list the routed and non routed addresses.

If you know that a target IP isn’t going to be used and it’s one of the Microsoft split tunneled IPs then you could do a sneaky where you setup a home router and then take just one IP from Microsoft’s range and route it locally on your network… as that works but requires a more advanced router than an standard one, and being able to have VLANs or multiple IP addresses on the local network.

I personally wouldn’t recommend it as your work may get grumpy if they catch you out doing dodgy stuff and look at the logs and see an inbound RDP connection from a Microsoft IP. Depends on how large your employer is. If it’s a big company or international.. then just don’t do it.