If you often Remote Desktop in to Windows servers over a Broadband connection, this might help you out a bit.  Or if you look after various clients and have only key-based SSH access to their network (as you should), this will also be handy.

Sometimes you might find your RDP session a bit sluggish, and having RDP open to the Internet isn't really such a great idea.  You might also need to administer many Windows servers, but naturally you don't want to port forward for different servers.

If you've got a Unix box on the inside, here's what you do.

Let's assume your Unix box has SSH set up for key based auth, because it is most secure and easily automatable.  And, of course, SSH is forwarded in through the firewall.

Edit your local .ssh/config file:

ServerAliveInterval 30

CompressionLevel 5

ServerAliveInterval means that the connection will have some data passed across it in each direction every 30 seconds.  This is especially useful for me because my cheap ISP supplied router likes to randomly drop connections it thinks are idle.  Every.  Five.  Minutes.  

CompressionLevel is the "gzip" compression applied, 0-9.  5 is a good compromise between CPU cycles and a responsive session.  Compression is the key to this.

Now, set up your SSH connection to forward:


What does this do, exactly?  It SSH's in to $UNIXBOX and sets up a forward, so any locally generated traffic to $LOCALPORT is pushed down the SSH connection and forwarded to $TARGETIP on port 3389.

-C turns on Compression. -N tells it to not bother starting a remote shell on $UNIXBOX - it is a forwarding connection only.

Now to see how well a remote desktop session responds running over this SSH VPN:

rdesktop -g 1680x950 -z localhost:$SOURCEPORT

-g sets up the size (geometry) of the window.

-z tells it to compress the connection.  To be honest, I've never noticed a difference using this or not.  In theory, it is compressing everything twice which shouldn't help.  But overall, using this article, your rdesktops will be more responsive, and this option seems harmless.

Now, what if you want to connect to more than one RDP server at a time?  Simply use a different $SOURCEPORT in the above two lines.

You can easily script these things together, and even use netstat cleverly to pick a random and unused $SOURCEPORT.


...Click for More
Port forward