david winter

RustDesk direct connections over Tailscale

· tailscale, rustdesk

I use RustDesk to help family with their computers from a distance. Out of the box it routes through the public RustDesk server, which is the path of least resistance when you’re getting started. But, that changed recently; a login is now required for the public server, and that’s because the public server was only ever meant for testing and demonstration apparently, and because of growing botnet and scam abuse.

I didn’t want to have to self-host a relay server for the handful of machines I connect to. All of those machines are already on my Tailscale network, so they can already reach each other. That makes the public server redundant. I can point RustDesk straight at a machine’s Tailscale IP and skip the middleman!

Enabling direct IP access

On the machine you want to control, open RustDesk and click the three-dot menu next to its ID, then go to Settings. Under the Security section, click to unlock it, and tick Enable direct IP access.

This is what lets a RustDesk client connect to this machine by its IP address rather than going via the relay.

Setting a permanent password

While you’re still in the Security section, scroll up to the Password area and set a permanent password. Without one, RustDesk generates a temporary password that rotates, which is no good when you want to connect again later without being sat in front of the machine.

I store the password in 1Password so it’s there whenever I need it. Note: treat this like any other credential, since anyone with the password and network access to the machine can connect.

Finding the Tailscale IP

Each machine on your Tailscale network has its own stable IP in the 100.x.x.x range. You can grab it from the Tailscale client in the menu bar or system tray, or from the machines list in the admin console.

That IP stays the same as long as the device is part of your network, so it’s worth noting down alongside the password.

Connecting

On the machine you’re connecting from, paste the Tailscale IP into the Control Remote Desktop field and connect. Enter the permanent password when prompted, and you’re in.

RustDesk will warn that this is a direct and unencrypted connection. That warning is about RustDesk’s own transport, but the traffic is already running inside Tailscale’s encrypted tunnel, so it’s safe to proceed.

That’s the whole setup. As long as both machines are on Tailscale, I connect directly, with no shared server and no login in the way! Problem solved.