It’s pretty easy to setup remote desktop access to a Raspberry Pi without opening up ports on your router. You can use this approach if you want to access your pi while traveling, or just around the corner at the coffee shop.
- Install xrdp on your pi.
sudo apt-get install xrdp
- Edit the xrdp config file at /etc/xrdp/xrdp.ini and change the setting for crypt_level to ‘high’. xrdp will now use 128 bit encryption. Then restart the service.
sudo service xrdp restart
- Install ngrok. For Raspbian 8 (Jessie), I used the ARM download.
unzip ngrok-stable-linux-arm.zip -d /usr/bin
- Sign up for an account at ngrok. This is required to create a tcp tunnel.
- Create a tcp tunnel for port 3389, which xrdp uses for remote desktop.
ngrok tcp 3389
- In terminal, ngrok will show you the forwarding URL. This URL can also be found in your ngrok account under “Status”. Once outside your home network, you can drop this URL (remove the “tcp://”) into a Remote Desktop client, and you should see the xrdp login window. After logging in, you’ll have access to your pi.
ngrok tunnels can be dropped in the case of loss of connectivity, power outage, etc. So to always have access to your pi, you can use a shell script like this one.
#!/bin/bash output=$(curl -s http://localhost:4040/api/tunnels) #echo "$output" if [ -z "$output" ] then echo "Tunnel down. Starting new tunnel..." nohup ngrok tcp 3389 & echo "Tunnel started." else echo "Tunnel running." fi exit 0