# Tunneled RDP Connections
Remote Desktop Protocol (RDP) is a standard for using a desktop computer remotely. It was released by Microsoft and is most commonly used to access Windows systems, but can be used for macOS and Linux systems as well.
# Basic Connection
Create a TCP tunnel, using either
pomerium-clior the Pomerium Desktop client:
Initiate your RDP connection, pointing to
localhost. This example uses the Remmina (opens new window) client, but the procedure should be similar for other tools:
The first connection attempt will initiate a redirect to authenticate you in the browser. Once you're signed in, subsequent connections will succeed. If your client isn't configured to retry the connection, you may have to reconnect manually.
# Always Tunnel through Pomerium
Some clients, like Remmina, support running commands before and after connection. The script below (adopted from this example (opens new window) using SSH tunnels) starts and stops an instance of
#!/bin/bash scriptname="$(basename $0)" if [ $# -lt 3 ] then echo "Usage: $scriptname start | stop POMERIUM_ROUTE LOCAL_PORT" exit fi case "$1" in start) echo "Starting Pomerium Tunnel to $2" pomerium-cli tcp $2 --listen $3 & ;; stop) echo "Stopping Pomerium tunnel to $3" kill $(pgrep -f "pomerium-cli tcp $2 --listen $3") ;; *) echo "Did not understand your argument, please use start|stop" ;; esac
Save the script above to your home folder (
~/), and make it executable:
cd ~/ wget https://github.com/pomerium/pomerium/blob/master/examples/tcp/pomerium-tunnel.sh chmod +x pomerium-tunnel.sh
Update your client profile to execute the script before and after the connection:
Flatpak versions of client software may not be able to read external scripts or programs.