# Should I use OpenVPN for remote desktop GUI access?



## nx (Feb 4, 2013)

Hi,

 I need some help choosing the right way to remotely view the GUI of a PC-BSD desktop box running VM (virtualbox) servers.

 I've set up a server for a group to use for learning (including myself  and we have mac and windows laptops. 
 I chose PC-BSD with desktop (lxde) because although the box is normally headless, and the VM servers are accessed via a public IP address (web server etc), it would be useful for members of the group to sometimes access a GUI when learning.

 I've never setup a vpn and have found a lot of tuts - some using mdp and pptp, which I've read isn't the best option, and others using openvpn, which seems to have a better reputation. I'm probably confusing these... so please point that out if so.

 The box has 2 nics, one that is currently cabled to a gateway router, which port forwards to the box so the web servers are visible on the web.

 My questions are:

 - Am I choosing the right tech - openvpn?

 - I'm wondering if it is best to use the unused nic no.2 for vpn access?
   Does this save bandwidth congestion (increase security too?) if (a few) people are accessing the web servers via the web via nic no.1, and others are accessing the box's desktop GUI via vpn on nic no.2?

 - Can vpn be used internally - on the same nic - so if we are on-site with the box, but don't have a monitor to it, we can still vpn to it from laptops and view the desktop GUI?

 - Can you point me to a simple tutorial to set one up, preferably using private/public certs for server/client if vpn uses them?

 Lots of questions - but I want to learn to do this right and save time fixing stuff later.

 Thanks


----------



## wblock@ (Feb 5, 2013)

For just a remote GUI, X forwarding through ssh(1) is much simpler.


----------



## nx (Feb 5, 2013)

Thanks wblock, that looks a good idea!
I guess it can be used with public/private ssh keys for security. 
The only downside is I'd prefer users not to have to install X on their macs/windows laptops. It seems a bigger over-head than the openvpn client?

I will probably try your suggestion first - but I'm still keen to set up openvpn if anyone else takes the bait and helps in that regard. It will come in useful in the future and I'll learn new stuff along the way.

Thanks
nx


----------



## wblock@ (Feb 5, 2013)

ssh(1) can tunnel other things.  VNC, for instance.  You'll have to have some kind of client on the remote machines to show the bitmap display.

I've been meaning to set up OpenVPN, but trying to figure out security/ssl-admin delayed it, and then other things got in the queue.


----------

