·Guides

Remote desktop connection from outside the network

How to set up RDP access to a home or office PC without a static IP, using Cloudflare DNS and a PowerShell DDNS script.

Since you don't have a static public IP, direct RDP from outside your network isn't straightforward. This guide uses Dynamic DNS (DDNS) with Cloudflare to keep a domain name synchronized with your changing public IP — so you can always connect via rdp.yourdomain.com.

What You Need

  • A domain registered and managed through Cloudflare
  • Access to your router's admin panel
  • A Windows PC to connect to (the "host")
  • RDP client on your remote device

Step 1 — Port Forwarding on the Router

In your router admin panel, create a forwarding rule:

  • External port: 3389 (or a custom port — recommended)
  • Internal IP: the local IP of your host PC
  • Internal port: 3389
  • Protocol: TCP

Assign your host PC a static local IP (via DHCP reservation) so this rule doesn't break when the router reassigns IPs.

Step 2 — Cloudflare API Token

In the Cloudflare dashboard:

  1. Go to My Profile → API Tokens → Create Token
  2. Use the Edit zone DNS template
  3. Scope it to your specific domain
  4. Save the token securely

Step 3 — DDNS PowerShell Script

This script fetches your current public IP and updates the Cloudflare A record:

$token    = "YOUR_CLOUDFLARE_API_TOKEN"
$zoneId   = "YOUR_ZONE_ID"
$recordId = "YOUR_DNS_RECORD_ID"
$name     = "rdp.yourdomain.com"
 
$currentIp = (Invoke-RestMethod -Uri "https://api.ipify.org?format=json").ip
 
$body = @{
    type    = "A"
    name    = $name
    content = $currentIp
    ttl     = 60
    proxied = $false
} | ConvertTo-Json
 
Invoke-RestMethod `
  -Uri "https://api.cloudflare.com/client/v4/zones/$zoneId/dns_records/$recordId" `
  -Method PUT `
  -Headers @{ "Authorization" = "Bearer $token"; "Content-Type" = "application/json" } `
  -Body $body

Step 4 — Schedule the Script

Run the script every 5 minutes via Windows Task Scheduler:

  1. Open Task Scheduler → Create Basic Task
  2. Trigger: On a schedule → Daily, repeat every 5 minutes
  3. Action: Start a program → powershell.exe
  4. Arguments: -ExecutionPolicy Bypass -File "C:\Scripts\update-dns.ps1"

Step 5 — Connect

From any remote device, open Remote Desktop Connection and enter:

rdp.yourdomain.com:3389

(Or whatever custom port you chose.)

Security Recommendations

  • Change the RDP port from 3389 to something non-standard to reduce automated scan noise
  • Enable Network Level Authentication (NLA) in System → Remote Desktop settings
  • Use a strong password — RDP with a weak password exposed to the internet is a liability
  • Consider a VPN (WireGuard, Tailscale) instead of raw RDP exposure for higher security environments

Reference

Video walkthrough