Two uses of VPN
1. Enterprise VPN
VPN is used by enterprises (corporations) to allow remote users access to the office network and computer resources. For example a remote employee of a corporation can access the office's internal network drives using VPN. In this context when a remote users logs in to the corporate VPN server, their remote computer becomes a part of the office local network. Then the remote employee can use VNC to access an office desktop computer.
I think this is the kind of VPN use you envisioned. However, your remote computer is at home while you travel and you don't have an IT department to setup a personal VPN server for you. You can set it up yourself, but I think it is too much trouble for securely connecting one remote computer in the home network context.
2. Consumer VPN
Consumer VPN service providers such as VyperVPN provides slightly different kind of service to home users using the same technology. These service providers setup VPN servers in different locations and countries and allow home users to login to these servers.
This allows home users to hide their internet activities from their own Internet Service Providers, government, etc. This also allows the home users to "pretend" to be in another country and "fool" video streaming services.
Consumer grade VPN service providers do not setup a VPN server in your home network. In fact, if you use a VPN client, say from VyperVPN in your home desktop, then you may not be able to remotely connect to that desktop when you travel. This is because the VPN service makes your desktop "pretend" to be somewhere else! Therefore, you will have to turn the VPN service off in the desktop at home when you travel before you can remotely connect using VNC.
Why not just use VNC?
It is not safe. VNC is rather old protocol and its security is not up to the modern standards. Setting up the VNC server in your home desktop to accept connections from outside your own home network is possible. However, doing this is not recommended, as anyone from the Internet can easily break into your home desktop.
VNC over SSH
You will need to setup ssh server in your home desktop computer first. See Connect two computers with SSH in a home LAN for how to do this.
Once you have ssh working within your home network and you can ssh from your laptop to the home desktop while both are connected to the home network, you will need to setup Remmina to use VNC over SSH.
Open the Remmina desktop preference window you have already created in your laptop to VNC into the desktop from within your home network:
Note, the Server field is filled with an LAN IP address above. Yours will be different. Go to the SSH Tunnel tab:
Check all the boxes as in the picture above. Port 22 is the default port for ssh. For simplicity we will use this port. You can read about how to change the default to some other port and set it up differently later.
Note, I have setup a Public key during my ssh setup. If you have done so, choose Public key as the method of authentication.
Otherwise choose Password.
Try it out and make sure you can VNC from your laptop to your desktop using the SSH tunnel when both the computers are connected to your home network.
When Traveling
There are two things you will need to figure out if you want to VNC over SSH when you are outside your home.
- Port Forwarding
- Dynamic Domain Name System (DDNS)
1. Port Forwarding
This is part of your router setup. You need to tell your router which device the remote connection requests should go to when the request comes through port 22.
In the picture above, my home desktop has the IP address 192.168.0.101. This is a local IP address within my home network. It has no meaning outside my home network. The router assigns this IP address to my home desktop.
You should setup your router to forward all packages sent via port 22 to the port 22 of your home desktop's local IP address.
The exact process varies from router to router, and how to do this exactly is beyond the scope of this site, as it has nothing to do with Ubuntu.
2. Dynamic Domain Name System (DDNS)
Most home Internet service do not get a static IP address from their Internet Service Provider (ISP). If you have a static IP address assigned by your ISP then ignore this section.
You can copy the Remote desktop Preference in Remmina to a new one, and change the Server IP address to your ISP provided static IP address.
If your ISP dynamically assigns your home an IP address, then your home (external) IP address can change from time to time. You can find your external IP address by Googling what is my ip address when you are connected to your home network.
The problem is when you are traveling and your ISP changes your external IP address, you have no way of knowing what it is. Thus, you won't be able to connect to your home desktop.
You need to use a DDNS service provider. There are some free ones, like duckdns.org You will need to create an account in one of them. Once you have an account, you will need to setup your home desktop to periodically communicate with the DDNS service provider of your choice and update the any changes to your home IP address. The DDNS service provider will create an internet address for your home, such as ivapshome.duckdns.org, where ivanpshome is something you will choose.
The exact method setting up the DDNS client in your home desktop depends on the DDNS service provider. Please search this site, and ask another question (if needed) if you have trouble setting up the DDNS.
Note: Some routers can update some specific DDNS services. You have to check your router and the specific DDNS service you use. The exact methods vary and is beyond the scope of this site.
In Remmina, under the Server field, enter the DDNS provided Internet address such as ivapshome.duckdns.org.
Now you should be able to connect to your home desktop computer from your laptop while traveling.
Hope this helps
Best Answer
The simplest thing to do (requires almost no set-up) is just using SSH to tunnel X connections. SSH can forward your local computer's x-server connection to the remote computer. That way you can run a program on a remote computer but display it's windows locally. The performance isn't too great though. If your contractors are using Windows then they'll need to download Putty and Xming. You can also tunnel VNC over SSH if they have a VNC client, but VNC's performance is even worse.
If you want to minimize the time you are paying your contractors to look a loading screens then you'll probably want to use NX. While X works remotely it's not optimized for non LAN networks. NX fixes this by using compression and getting rid of redundant Xlib calls.
While the NX client is free, NoMachine's NX-server isn't. Luckily, if you don't mind a little work, you can use Google's NX-server NeatX. NX uses SSH tunneling behind the scenes so it is as secure as ssh -X. And doesn't require setting up a VPN.
If your desktop machines are behind a NAT or a proxy though, you'll need to use a VPN.
Setting-up a VPN is a little bit of work though. Luckily I find the community documentation of OpenVPN to be pretty easy to follow.