3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-05-10 15:47:36 +02:00
Code Issues Projects Releases Packages Wiki Activity
pomerium/docs/docs/tcp/rdp.md
Alex Fornuto b2b8c481d5
Refresh and Update TCP documentation (#2627) 
* init client app doc

* init TCP section

* add redirect for TCP client doc

* Redis and Mysql

* finish TCP exampels

* init Draft template

* cleanup whitespace

* escape markdown image in template

* add redirect and update links

* copy edit

* Update readme.md

* fmt

Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>

* optimize png

Signed-off-by: Bobby DeSimone <bobbydesimone@gmail.com>

* header cleanup and child listing

* Update docs/docs/tcp/ssh.md

Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>

Co-authored-by: cmo-pomerium <91488121+cmo-pomerium@users.noreply.github.com>
Co-authored-by: Bobby DeSimone <bobbydesimone@gmail.com>
Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
2021-10-14 09:35:31 -05:00

2.8 KiB
Raw Blame History

title description
RDP Tunnel RDP connections through Pomerium

Tunneled RDP Connections

Remote Desktop Protocol (RDP) is a standard for using a desktop computer remotely. It was released by Microsoft and is most commonly used to access Windows systems, but can be used for macOS and Linux systems as well.

Basic Connection

  1. Create a TCP tunnel, using either pomerium-cli or the Pomerium Desktop client:

    ::::: tabs :::: tab pomerium-cli

    pomerium-cli tcp aService.corp.example.com:3389 --listen :3389

    :::tip --listen The --listen flag is optional. It lets you define what port the tunnel listens on locally. If not specified, the client will choose a random available port. :::

    :::: :::: tab Pomerium Desktop An example connection to a RDP service from Pomerium Desktop

    :::tip Local Address The Local Address field is optional. Using it defines what port the tunnel listens on locally. If not specified, Pomerium Desktop will choose a random available port. :::

    :::: :::::

  2. Initiate your RDP connection, pointing to localhost. This example uses the Remmina client, but the procedure should be similar for other tools:

    A new connection profile in Remmina

    ::: warning The first connection attempt will initiate a redirect to authenticate you in the browser. Once you're signed in, subsequent connections will succeed. If your client isn't configured to retry the connection, you may have to reconnect manually. :::

Always Tunnel through Pomerium

Some clients, like Remmina, support running commands before and after connection. The script below (adopted from this example using SSH tunnels) starts and stops an instance of pomerium-cli:

<<< @/examples/tcp/pomerium-tunnel.sh

  1. Save the script above to your home folder (~/), and make it executable:

    cd ~/
wget https://github.com/pomerium/pomerium/blob/master/examples/tcp/pomerium-tunnel.sh
chmod +x pomerium-tunnel.sh

  2. Update your client profile to execute the script before and after the connection:

    A connection profile in Remmina invoking a custom script

::: warning Flatpak versions of client software may not be able to read external scripts or programs. :::

More Resources