Using Gateway for Windows Remote Desktop

Overview

Gateway.asc.ohio-state.edu allows Microsoft Remote Desktop (also know as RDP) to OSU machines from off campus with Duo two factor authentication.

Usage of Gateway is very similar to connecting via RDP, with just a few changes in the client.

Microsoft Remote Desktop clients are available on Windows, macOS, Linux, iOS, and Android.

On the RDP service side, Windows and Linux machines on campus can host an RDP server.

RDP is only available via Gateway or Guacamole.

Contents

When to use RDP versus Guacamole

Guacamole should be the default for accessing desktops: it's fast and only needs a web browser to connect.

Full RDP does have additional features: ability to cut and paste small files to/from the remote machine, and printer/file sharing.

Windows Settings - Legacy Client

The Windows Legacy Client's icon looks like this: 

Open the Remote Desktop Connection app as normal, where MACHINE is the name of the machine you're connecting to.

Click on "Show Options" then the "Advanced" tab:

Under "Connect from anywhere" click "Settings" and fill in like so:

About "Bypass RD Gateway server for local addresses": this setting does not matter. If checked, Remote Desktop will first try to connect directly to the machine, and if it can reach it it won't use Gateway. This check takes little time.

On Windows the setting applies to all RDP profiles.

When prompted for a username you need to use ASC\lastname.# .

Important: You will get a Duo push to your default Duo push device, so have it handy.

Windows Settings - Microsoft Store Client

The Windows Store Client's icon looks like this: 

Open the Microsoft Remote Desktop app.

Add a Gateway Host

Click on Settings and then click on + next to Gateway heading.

 

 

Enter gateway.asc.ohio-state.edu into the server name field and then click on the + next to the User account.

 

Enter your lastname.# followed by “@asc.ohio-state.edu” to the Username field and fill in the password.
At this time the password field is required as the client will not prompt for gateway authentication.

 

Click Save to save the username, then Save again to save the gateway entry.

Add a PC to Connect To

Click on the + Add button and select PCs to create new host to connect with.
Enter the full host name of the system you are trying to connect with, for example, gemini.asc.ohio-state.edu.
Click on Show more and update the gateway field with the gateway you added in the earlier step.  

Note, on this screen you can create a short name for the connection, add a username if you do not want to be prompted each time, and set/change the resolution

Click Save to save the PC.,

Connecting to a PC

You should now see the connections screen, and your new connection:

 

Double click the connection.

Important: During this screen is when a Duo push happens to your default Duo push device:

 

After the Duo, which can take several seconds, you will be prompted for your username and password.
Use your lastname.# and OSU password.

If this is your first time connecting to a host, you will be asked to accept its certificate.
Click Connect anyway, and check the Don't ask about this certificate again box.

 

You should now be logged into the remote computer.

Macintosh Settings

Open the Microsoft Remote Desktop app as normal:

Hit "+" to add a new PC connection, where MACHINE is the name of the machine you're connecting to:

Click on "No gateway" to add a new one or select an existing one.

Make sure the "Bypass for local addresses" is checked.

On the Mac, each connection will require gateway selection.

Linux

Most Linux clients allow specifying a gateway server.

For xfreerdp: xfreerdp /u:lastname.# /d:asc /g:gateway.asc.ohio-state.edu /v:MACHINE.asc.ohio-state.edu

Optionally, add /gu:gateway-username if you use a different username on gateway than on remote host. (This is unusual.)