A professional was embarking on a multi-month voyage across the Atlantic ocean, and needed secure Remote Desktop Protocol (RDP) access to their computer back at home in the United States.
Initial Connectivity Solution (and its limitations): Starlink
Recognizing the need for internet connectivity in such a remote location, Starlink was chosen. It successfully provided internet access while at sea, a significant improvement over traditional satellite internet options. However, Starlink, by its very nature, presented a significant hurdle for direct RDP access.
Why Starlink couldn't facilitate direct RDP
Starlink, like many modern internet service providers (ISPs), primarily utilizes Carrier-Grade Network Address Translation (CGNAT). This means multiple Starlink customers share a single public IP address. While this conserves IPv4 addresses and enhances network efficiency, it prevents direct inbound connections to individual devices behind the CGNAT.
For RDP to function directly, the RDP server ( on their home computer) needs to be directly addressable from the internet via a unique public IP address. With CGNAT, attempts to connect to the home computer from the internet would effectively be trying to connect to Starlink's broader network, not specifically to the person's device. Furthermore, Starlink often employs strict firewall rules to protect its network, further complicating any attempts to bypass CGNAT for direct inbound connections. This meant that even if the individual knew their home computer's internal IP address, they couldn't "port forward" through Starlink's system to reach it directly.
Security Concerns with Traditional RDP
Beyond the Starlink limitation, the seaman was unwilling to leave open ports on their home RDP server. Opening ports on a home network, particularly port 3389 (the default for RDP), creates a direct pathway for potential attackers to probe and exploit vulnerabilities on the RDP server. This significantly increases the risk of unauthorized access, brute-force attacks, and malware infection. They prioritized the security of their home network and sought a solution that didn't compromise it.
The NoPorts Solution
Enter NoPorts, a solution that overcomes the limitations of CGNAT and the security risks of open ports. NoPorts operates by establishing a secure, outbound-initiated tunnel from both the client's home computer (RDP server) and his onboard computer (RDP client), connecting them securely via NoPorts cloud relay service. This "reverse connection" means that no inbound ports need to be opened on either endpoint.
Here's how NoPorts addressed the challenges:
- Bypassing Starlink's CGNAT - Since the connection is initiated outbound from both the onboard and home computer, it doesn't rely on inbound port forwarding or a public IP address on the Starlink network. The RDP traffic is encapsulated within this secure, outbound tunnel, effectively bypassing the CGNAT limitations.
- Eliminating Open Ports - NoPorts entirely removes the need to open any ports on their home router or computer. This significantly enhances the security posture of their home network, as there are no direct entry points for external threats to exploit.
- Secure, Encrypted Communication - The tunnel established by NoPorts is fully encrypted, ensuring the confidentiality and integrity of RDP sessions.
- Cryptographic Authentication - Every connection and connection request is cryptographically authenticated, ensuring that only authorized and verified devices can establish communication, preventing spoofing and unauthorized access attempts.
Implementation and Results
The NoPorts customer set up NoPorts on their home computer before departing. Once on the ship and connected via Starlink, they were able to seamlessly establish RDP sessions to their home computer. The connection was stable and responsive, allowing them to perform necessary tasks remotely.
Our last communication confirmed the resounding success of NoPorts. The NoPorts customer reported being 800 miles from the Azores, with NoPorts functioning flawlessly. The only issue they ran into was when his Starlink connection experienced some performance degradation during heavy rain. Our client’s workmates on the ship were reportedly highly impressed with NoPorts' ability to provide secure and reliable remote access in such a challenging environment.
