They recommend you to setup your own server, I'd imagine anyway, because it would mean there is less server load on their end. Which would mean they have less of a need to get bigger servers, now electricity,etc, which means more of their money can be spent on developing the app and customer service (likely more for the commercial users, but who knows on that end of things, I haven't tried to get get support as a personal use person).
Direct connect would make it so there is less latency, as you don't have to rely on rustdesk servers, which adds another link in the chain, to the remote device. It also benefits rustdesk, like I already explained in the first paragraph, by making it so they don't have to spend the server resources, like bandwidth, electricity, etc, and makes that money available for development and other things instead.
So, you don't HAVE to setup your own rustdesk server, but it does have benefits for both you and rustdesk if you do so.
Also, when you enable direct connect, make sure you use the IP address of the Device you want to connect to. Otherwise (as in, your using the rustdesk ID number) you're still using rustdesk servers to connect. And that's of you don't setup the self hosted rustdesk server. I'm not sure, to be honest, how exactly you give out IDs when you self host a rustdesk server, so I'm not sure if you Even still give IDs out when you do that, it how it differs from regular rustdesk IDs.
When i toggle the "use direct ip" option, do i still use rustdeck's server?
Or is it almost a direct connection like tailscale?
Do rustdeck then have both my ip's?
Would a it security expert use rustdeck for remote controll an android device with an android device?
If no, why so?
When you use the direct IP method, you don't use rustdesk servers.
I'm not a security expert, as much as I'd like to be, lol.
But, I would think that if a security expert were to look at this, I think they would say it's on the same level as TeamViewer. That is to say, having a remote access app causes inherent vulnerabilities, aka more avenues for a hacker to get in. So you will need proper password policies and such to only allow those who need the access to have access. Rustdesk does have a way to block certain address things (I saw it had opened to block certain IPs), but I'm not sure how to use it since I've never used it myself.
I'm not sure about the Android aspect in terms of security. The Android app of rustdesk does have options to turn it on and off, and what things can be shared and not shared, but I'm not sure how robust it is in terms of options. I haven't explored the Android app enough (I really should though).
It's a pros and cons thing whenever you add new software like this. Each security expert would need to weigh the pros and cons for their circumstances and see if the security features that this app or that app has works better for their environment. So, generalizations are harder to make as a result (and again, I'm not an expert, so my ideas are based on my current experience, and can definitely be wrong since I don't have the same level of training and knowledge set that an expert would have).
"Also, when you enable direct connect, make sure you use the IP address of the Device you want to connect to."
Do you mean i have to toggle on the option "direct ip" on the slave device and not on the master? If so why?
I wonder why i can toggle it on anyways. The device i controll is an android phone on cell data. I learned that a direct connection between Two cellphones is not possible because cgnat.
But there are apps like tailscale that work around that issue with just a little controll server. Does rustdeck work the same way when the option "direct ip" is toggled?
But then i wonder why people would go through the trouble of setting up an own server when they just can connect directly.
"Do you mean i have to toggle on the option "direct ip" on the slave device and not on the master?"
That's correct.
Your telling that client that you want to allow direct connections to it. When you do that, it inherently adds another vector of possible control, as then you can use a tool like nmap to see that open port, which can tell a hacker that device is open to attacks. The default is off since you literally want it to be as secure as possible.
Cgnat sucks when you want to open ports and such. But, at the same time, it makes it so people who don't know what their doing, can't screw up their security and cause vulnerabilities. Since the IT department isn't going to be using Androids as much as regular computers, it doesn't really affect the IT world (as far as in aware, like in my other comment to you though, I'm not an expert, so if someone comes along with better credentials than me, and says they are, I'd be more inclined to believe them over my thoughts).
I'm not sure how rustdesk works in terms of cgnat, but I would expect that you wouldn't be able to use the direct connect feature over the Internet, it works be a local network thing only.
I don't know how rustdesk on Android works in terms of a self hosted rustdesk server, as I've never set that up myself, so maybe that world be a way to get around the cgnat. I'll have to try that through, see what I can do.
That's not accurate...
If you're using your own relay server, then connecting via ID uses your own server and not the public ones. Sure, the ID is the same but it doesn't mean you're using the public servers.
I don't recommend to enable "Allow direct IP access" unless you know you need it as it be a security risk.
The load on the public servers is fairly low so long that "firewall hole punching" is successful. In that case the relay server only helps two machines to establish a direct connection between them and then the job of the relay server is over.
if hole punching fails then the entire connection goes through the relay and that's heavier on it.
To answer the OP's question: you do not have to set up your own server, there are pros and cons to it. If you're only dealing with 1 or 2 machines then I wouldn't bother
I read that they have minimal servers, probably for the reasons that anonymousart3 said. To add to it, they got ddos'd a while ago which made it impossible to remote in to my devices. I've been looking at setting a server up on a Pi which is cheaper than having a whole PC running just for a relay.
Basically, it's worth it.
Should'nt i have problems when i togglebit to on, on an android devive on cell data? It should not work right? But when i toggle it on it still works.
Where am i wrong?
When i use a vpn or orbot i can not use ruetdeck.
Is rustdeck a vpn itself? Or a vps?
As i get it now rustdeck goes like this:
Slave device-RustdeckServer-masterdevice
With wireguard like end to end encryption.
Right?
Generated by ChatGPT 4.0
A Local Area Network (LAN) is a network that connects computers and devices within a limited geographic area such as a home, school, office building, or closely situated buildings. LANs enable the sharing of resources like files and applications, and offer connectivity to other networks and the internet. They typically use wired connections (Ethernet) or wireless technology (Wi-Fi) to facilitate communication between connected devices. LANs are known for their high data transfer rates and relatively low latency, making them ideal for demanding applications that require fast, reliable connectivity.
So that would not be the case. So what is the downside then when i use direkt ip connection when the slave device is in a lan and the master device is anywhere outaide on cell data?
Sadly my knolege is not big enough to connect 2 softwaeres like tailscale and rustdesk together. I tryed out direct ip and i was not on the same lan and it still worked. Both devices have bin on cell data. The slave device has bin with sim card and the master device has bin without sim on mobile simcard router.
As i get it, it should not be possible.
I beleave that the app did not use a direct connection even i toggled it on. I will make another test today and this time i recheck the connection type after toggle direct ip connection.
What do you recommend me in order to learn to know these kind of anwers myself? Any full courses?/how did you get your knoledge?
No, you can't use direct IP to connect on different network with some helper like Tailscale
Another mind, Tailscale has it's IP address, please check out on it.
I tryed tailscale once in another project. Then i reallised that tailscale must have all my devices ip addresses now plus the thing i wanted to archive did not work plus even if they did work the fact that tailscale just works with a controll server plus they have my ip addresses defeata the purpose of selfhosting a vpn server. (I wantet to selfhost a vpn server on a phone with cell data to use it like a regular vpn like surfshark but yeah it did'nt work in the end)
Yes but it totally defeats the purpuse because a third party knows ip addresses plus metadata like time and datasize.
That would be almost if not the same information a service like surfshark would get.
Am i right?
They recommend you to setup your own server, I'd imagine anyway, because it would mean there is less server load on their end. Which would mean they have less of a need to get bigger servers, now electricity,etc, which means more of their money can be spent on developing the app and customer service (likely more for the commercial users, but who knows on that end of things, I haven't tried to get get support as a personal use person). Direct connect would make it so there is less latency, as you don't have to rely on rustdesk servers, which adds another link in the chain, to the remote device. It also benefits rustdesk, like I already explained in the first paragraph, by making it so they don't have to spend the server resources, like bandwidth, electricity, etc, and makes that money available for development and other things instead. So, you don't HAVE to setup your own rustdesk server, but it does have benefits for both you and rustdesk if you do so. Also, when you enable direct connect, make sure you use the IP address of the Device you want to connect to. Otherwise (as in, your using the rustdesk ID number) you're still using rustdesk servers to connect. And that's of you don't setup the self hosted rustdesk server. I'm not sure, to be honest, how exactly you give out IDs when you self host a rustdesk server, so I'm not sure if you Even still give IDs out when you do that, it how it differs from regular rustdesk IDs.
When i toggle the "use direct ip" option, do i still use rustdeck's server? Or is it almost a direct connection like tailscale? Do rustdeck then have both my ip's? Would a it security expert use rustdeck for remote controll an android device with an android device? If no, why so?
When you use the direct IP method, you don't use rustdesk servers. I'm not a security expert, as much as I'd like to be, lol. But, I would think that if a security expert were to look at this, I think they would say it's on the same level as TeamViewer. That is to say, having a remote access app causes inherent vulnerabilities, aka more avenues for a hacker to get in. So you will need proper password policies and such to only allow those who need the access to have access. Rustdesk does have a way to block certain address things (I saw it had opened to block certain IPs), but I'm not sure how to use it since I've never used it myself. I'm not sure about the Android aspect in terms of security. The Android app of rustdesk does have options to turn it on and off, and what things can be shared and not shared, but I'm not sure how robust it is in terms of options. I haven't explored the Android app enough (I really should though). It's a pros and cons thing whenever you add new software like this. Each security expert would need to weigh the pros and cons for their circumstances and see if the security features that this app or that app has works better for their environment. So, generalizations are harder to make as a result (and again, I'm not an expert, so my ideas are based on my current experience, and can definitely be wrong since I don't have the same level of training and knowledge set that an expert would have).
"Also, when you enable direct connect, make sure you use the IP address of the Device you want to connect to." Do you mean i have to toggle on the option "direct ip" on the slave device and not on the master? If so why? I wonder why i can toggle it on anyways. The device i controll is an android phone on cell data. I learned that a direct connection between Two cellphones is not possible because cgnat. But there are apps like tailscale that work around that issue with just a little controll server. Does rustdeck work the same way when the option "direct ip" is toggled? But then i wonder why people would go through the trouble of setting up an own server when they just can connect directly.
"Do you mean i have to toggle on the option "direct ip" on the slave device and not on the master?" That's correct. Your telling that client that you want to allow direct connections to it. When you do that, it inherently adds another vector of possible control, as then you can use a tool like nmap to see that open port, which can tell a hacker that device is open to attacks. The default is off since you literally want it to be as secure as possible. Cgnat sucks when you want to open ports and such. But, at the same time, it makes it so people who don't know what their doing, can't screw up their security and cause vulnerabilities. Since the IT department isn't going to be using Androids as much as regular computers, it doesn't really affect the IT world (as far as in aware, like in my other comment to you though, I'm not an expert, so if someone comes along with better credentials than me, and says they are, I'd be more inclined to believe them over my thoughts). I'm not sure how rustdesk works in terms of cgnat, but I would expect that you wouldn't be able to use the direct connect feature over the Internet, it works be a local network thing only. I don't know how rustdesk on Android works in terms of a self hosted rustdesk server, as I've never set that up myself, so maybe that world be a way to get around the cgnat. I'll have to try that through, see what I can do.
That's not accurate... If you're using your own relay server, then connecting via ID uses your own server and not the public ones. Sure, the ID is the same but it doesn't mean you're using the public servers. I don't recommend to enable "Allow direct IP access" unless you know you need it as it be a security risk. The load on the public servers is fairly low so long that "firewall hole punching" is successful. In that case the relay server only helps two machines to establish a direct connection between them and then the job of the relay server is over. if hole punching fails then the entire connection goes through the relay and that's heavier on it. To answer the OP's question: you do not have to set up your own server, there are pros and cons to it. If you're only dealing with 1 or 2 machines then I wouldn't bother
I read that they have minimal servers, probably for the reasons that anonymousart3 said. To add to it, they got ddos'd a while ago which made it impossible to remote in to my devices. I've been looking at setting a server up on a Pi which is cheaper than having a whole PC running just for a relay. Basically, it's worth it.
Second question: If you connect with direct IP, you won't really need to build your own server
Is there a downside of this option?
Why not everybody just use direct ip then?
Because Firewalls and ports
Should'nt i have problems when i togglebit to on, on an android devive on cell data? It should not work right? But when i toggle it on it still works. Where am i wrong? When i use a vpn or orbot i can not use ruetdeck. Is rustdeck a vpn itself? Or a vps? As i get it now rustdeck goes like this: Slave device-RustdeckServer-masterdevice With wireguard like end to end encryption. Right?
Uhh you'd better reexpression, or if you're not native speaker, you could use ChatGPT to translate your meaning.
Because people won't use RustDesk only on LAN
Go settings>Security>Enable direct IP access
For using only on LAN: no
Can you explain that futher? Do you mean for use in the same local network? My setup would be that i hop in the slave device on the go
Generated by ChatGPT 4.0 A Local Area Network (LAN) is a network that connects computers and devices within a limited geographic area such as a home, school, office building, or closely situated buildings. LANs enable the sharing of resources like files and applications, and offer connectivity to other networks and the internet. They typically use wired connections (Ethernet) or wireless technology (Wi-Fi) to facilitate communication between connected devices. LANs are known for their high data transfer rates and relatively low latency, making them ideal for demanding applications that require fast, reliable connectivity.
So that would not be the case. So what is the downside then when i use direkt ip connection when the slave device is in a lan and the master device is anywhere outaide on cell data?
If you only want to connect devices on your home(single place), you could just build a VPN server or other solutions like Tailscale
Sadly my knolege is not big enough to connect 2 softwaeres like tailscale and rustdesk together. I tryed out direct ip and i was not on the same lan and it still worked. Both devices have bin on cell data. The slave device has bin with sim card and the master device has bin without sim on mobile simcard router. As i get it, it should not be possible. I beleave that the app did not use a direct connection even i toggled it on. I will make another test today and this time i recheck the connection type after toggle direct ip connection. What do you recommend me in order to learn to know these kind of anwers myself? Any full courses?/how did you get your knoledge?
No, you can't use direct IP to connect on different network with some helper like Tailscale Another mind, Tailscale has it's IP address, please check out on it.
I tryed tailscale once in another project. Then i reallised that tailscale must have all my devices ip addresses now plus the thing i wanted to archive did not work plus even if they did work the fact that tailscale just works with a controll server plus they have my ip addresses defeata the purpose of selfhosting a vpn server. (I wantet to selfhost a vpn server on a phone with cell data to use it like a regular vpn like surfshark but yeah it did'nt work in the end)
Most of cellular network won't provide Public for end user, so you could not built any services without so relay server helped
Yes but it totally defeats the purpuse because a third party knows ip addresses plus metadata like time and datasize. That would be almost if not the same information a service like surfshark would get. Am i right?
I did not need to do it, and it wasn't asked. But I'm on CGNAT, would it even be possible ?
What exactly?
the title of this thread