GO Remote Desktop Gateway

⭐ Star us on GitHub — it helps!

RDPGW is an implementation of the Remote Desktop Gateway protocol. This allows you to connect with the official Microsoft clients to remote desktops over HTTPS. These desktops could be, for example, XRDP desktops running in containers on Kubernetes.

AIM

RDPGW aims to provide a full open source replacement for MS Remote Desktop Gateway, including access policies.

How to build

cd rdpgw
go build -o rdpgw .

Configuration

By default the configuration is read from rdpgw.yaml. Below is a template.

# web server configuration. 
server:
 # TLS certificate files (required)
 certFile: server.pem
 keyFile: key.pem
 # gateway address advertised in the rdp files
 gatewayAddress: localhost
 # port to listen on
 port: 443
 # list of acceptable desktop hosts to connect to
 farmHosts:
  - localhost:3389
 # Allow the user to connect to any host (insecure)
 enableOverride: false
 # Set the desktop host to connect to filled in by the claims from oidc
 hostTemplate: my-{{ preferred_username }}-host:3389

# Open ID Connect specific settings (required)
openId:
 providerUrl: http://keycloak/auth/realms/test
 clientId: rdpgw
 clientSecret: your-secret

# enabled / disabled capabilities
caps:
 SmartCardAuth: false
 tokenAuth: true
 # connection timeout in minutes, 0 is limitless
 idleTimeout: 10
 DisablePrinter: true
 DisablePort: true
 DisablePnp: true
 DisableDrive: true

Use

Point your browser to https://your-gateway/connect. After authentication and RDP file will download to your desktop. This file can be opened by one of the remote desktop clients and it will try to connect to the gateway and desktop host behind it.

TODO

• Integrate Open Policy Agent
• Integrate GOKRB5
• Integrate uber-go/zap
• Integrate prometheus
• Research: TLS defragmentation