Remote Desktop to/from anywhere

 So remote control of desktops/laptops is one of those things that one would expect to be an already solved issue in 2023 - alas this is not the case, at least not if you want something simple and free.

What we really want is to be able to control any device, running any common os, from anywhere, for free.  

Unix systems have long supported remote apps via X-window, but this is a bit out of date and rarely used for remote connections these days for various reasons - mainly that it was designed to run on the local network.  In reality, it usually is only running from the local machine.  

Linux has long had VNC, but there are many versions, such as the original VLC, TightVNC, RealVNC, etc.  Some are not compatible, some are closed source, etc.  On linux, you can have a virtual framebuffer (which has a session not on the physical machine of the device you want to control), or the real framebuffer (which allows you to control the real screen).  This is not set up nicely out of the  box on a lot of linux distributions, though, and only works locally or if you have a public IP - and you know that IP.  That is, in  the best case, it only solves  the "remote desktop" part of the equation, not the "from anywhere" part.  VNC  does have the advantage that it is supported not only on Linux, but on Windows and OS X as well.  

In fact, OS X has its own remote desktop software called "Screen Sharing", which is based on VNC - but to connect with a normal VNC client instead of another mac requires you change some settings to downgrade the security.  It is also very sensitive to latency.  The nice thing about this built in screen sharing is that is will let you log in and control the real screen, but if someone is already logged in, it will ask if you want to control that session.  If not, it automatically give you a virtual session.  But again, it doesn't work through firewalls.  

Neither the standard VNC clients/servers, nor the OS X version support audio.  

Windows ships with "Remote Desktop" (also known as Microsoft Terminal Services), which in the non-server versions is severely gimped, and will only allow one connection.  As soon as you connect via remote desktop, the person in front of the computer will only see a locked screen.  This protocol is only supported out of the box on Microsoft machines, although clients (and even servers!) for OS X and Linux are available.  Again it basically doesn't traverse firewalls, though there are workarounds such as relay servers that are supported - but only if you control the IT infrastructure and invest in expensive Microsoft technology.  Remote desktop does allow forwarded audio, though.  

If you're using OS X, you can use a cheap paid app called "Screens", which will set up a way to traverse firewalls that works in many cases.  Although it's not free, it's an inexpensive one time payment.  

It doesn't work in all cases, though (such as when both client and server are behind firewalls and STUN doesn't work), and basically only works on OS X.  

There are solutions such as TeamViewer and Remotix which have their own protocols and software, and handle traversing firewalls much better.  Remotix in particular is impressive in that it allows remote audio, works relatively well with video,  and handles high latency connections relatively well.  If you don't mind paying, it may be the way to go,  as it supports Windows, OS X, and Linux - although I have had issues with the server side not working reliably on Linux.  You can also use Remotix for free if you accept the 15 minute disconnection.  It isn't perfect, though, and I have known people who's Remotix client keychain got corrupted, and to fix it they had to reinstall Windows.  TeamViewer, well, between security breaches and high pressure sales tactics, I wouldn't recommend them

Both of these (and many others, such as AnyDesk, etc) are cloud services that require a monthly or yearly payment plan.  

There is a software called RustDesk which work similarly to TeamViewer or Remotix, but again it only works locally.  Well, that's only partially true - you can set up relay servers, but this assumes you have a machine with a public IP lying  around that you can use as a relay server.  The RustDesk client looks very similar to Teamviewer in that it gives a numeric ID and a preset password (which you can change) to log in.  There is also a paid cloud plan, but it starts at $19.95 per month for 500 machines - so obviously it is aimed at businesses or rather extreme enthusiasts.

One possible solution is the VPN Plus software that comes with Synology WiFi routers - this allows web SSL VPN access, ans also includes  basic remote desktop.  This is a rather specific use case, however, and requires you to have a Synology Router.  

So it would seem that you can get either a free solution (with VNC, Screen Sharing, or Remote Desktop) that doesn't work well across firewalls, or a paid cross-platform solution that works through firewalls (with Remotix, etc).

At some level this makes sense, since relay servers need to be maintained and do cost some money to run - but if they are just negotiating TURN or STUN, then they should be rather low cost to run. Charging for a cloud service to manage remote desktop seems like charging for basic DNS service.   I wouldn't even mind if it were something like $1 per month for up to 5  users 10 machines or something - but it's not.  

But then it occurred to me - What if you could use a VPN to  make the remote machines seem local so that the local solutions could be used?

Not the kind of VPN where they just exit you somewhere, like NordVPN, etc. - but an actual VPN designed to make your machines that are on different networks appear as if they are on the same network.  

Normally, real VPNs have either been site to site VPNs, which require special hardware and/or complex server setup.  Synology makes this easy with their VPN Plus software, but again what if you don't have expensive Cisco routers or Synology WiFi routers and don't want to spend all day tinkering with obscure VPN settings?  

One of the first easy to use options I was aware of was Hamachi.  Hamachi works well enough, but the free account limits you to a relatively small number of machines.  (5 last I checked).  I also haven't found it very reliable in practice.  

More recently, though, I found TailScale and ZeroTier.  These services are peer to peer VPN systems, which means there is no server that needs to be set up by you.  You just install the VPN client on each machine and log in, and then all of your machines appear to be on the same local network.  That means basically everything works.  For example, you can print, use SSH, share music in Apple's Music app (previously known as iTunes), whatever.  And screen share.  

So if you have a Windows machine at home you want to connect into with your windows laptop from Starbucks, so long as they both have TailScale running, you can easily connect using the standard remote desktop software built into Windows.  The same thing is of course true of Screen Sharing or vanilla VNC.  

TailScale is free for up to 100 users, and in fact faster than normal legacy VPN.  (as ZeroTier).  

If you use RustDesk, you can easily connect across platforms, including mobile, and I've found that sharing the physical frame buffer on Linux works reliably.  

Installing and setting up ZeroTier or TailScale is certainly an extra step, but it's a relatively painless one that enables more possibilities than just screen sharing.  

It's also possible to share your machines with others using TailScale, so that you can allow friends to connect to your machines if need be.