DEV Community: Matt Mesmer The latest articles on DEV Community by Matt Mesmer (@mattmesmer). https://dev.to/mattmesmer https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F4007177%2F8fe9b1f9-f279-4968-9fc1-f91fc466acf5.jpg DEV Community: Matt Mesmer https://dev.to/mattmesmer en Ditch TeamViewer/Anydesk: A Free Self-Hosted Remote Desktop Solution is Here Matt Mesmer Mon, 29 Jun 2026 04:06:29 +0000 https://dev.to/mattmesmer/ditch-teamvieweranydesk-a-free-self-hosted-remote-desktop-solution-is-here-3i09 https://dev.to/mattmesmer/ditch-teamvieweranydesk-a-free-self-hosted-remote-desktop-solution-is-here-3i09 <h2> Self-Hosted Encrypted Remote Desktop on Windows 11: RustDesk + Tailscale + WSL2 </h2> <blockquote> <p><strong>TLDR:</strong> Replace expensive, privacy-risking remote desktop tools with a free, encrypted, self-hosted stack. Zero public ports. No port forwarding. Dockerized RustDesk server running on WSL2, accessible only through your private Tailscale tailnet.</p> </blockquote> <h2> The Problem </h2> <p>TeamViewer and Anydesk want your money and/or data. Chrome Remote Desktop phones home to Google. And both ask you to trust <strong>their</strong> servers with <strong>your screen data</strong>. <strong>NO THANKS!</strong></p> <p>I wanted <strong>free</strong>, <strong>open-source</strong>, <strong>encrypted end-to-end</strong>, and <strong>no public attack surface</strong>. </p> <p>This setup replaced my paid remote desktop subscription and it's:</p> <ul> <li>✅ Free forever</li> <li>✅ Encrypted end-to-end</li> <li>✅ No vendor lock-in</li> <li>✅ Open-source code</li> </ul> <p>Here's how I built it!</p> <h2> The Stack </h2> <p><a href="https://github.com/mattmesmer/rustdesk-tailscale-wsl2-guide" rel="noopener noreferrer"><strong><code>mattmesmer/rustdesk-tailscale-wsl2-guide</code></strong></a> wires together four battle-tested tools into a single, repeatable setup:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Component</th> <th>Role</th> <th>Why It Matters</th> </tr> </thead> <tbody> <tr> <td><strong>RustDesk</strong></td> <td>Remote desktop server + client</td> <td>Open-source TeamViewer alternative</td> </tr> <tr> <td><strong>Tailscale</strong></td> <td>Zero-config VPN</td> <td>Private networking without port forwarding</td> </tr> <tr> <td><strong>WSL2 + Docker Desktop</strong></td> <td>Container host</td> <td>Native Linux containers on Windows</td> </tr> <tr> <td><strong>MagicDNS</strong></td> <td>Stable hostnames</td> <td>No public DNS, no TLS certs to manage</td> </tr> </tbody> </table></div> <p><strong>The result</strong>: Remote into any machine on your tailnet from any device with internet access, encrypted, without touching public DNS, TLS certs, or firewall rules.</p> <h2> How It Works </h2> <ol> <li> <strong>Tailscale</strong> gives every device a stable, private hostname (<code>myhost.tailnet-name.ts.net</code>)</li> <li> <strong>Docker</strong> runs the RustDesk server on WSL2, bridged into your tailnet automatically</li> <li> <strong>MagicDNS</strong> eliminates the need for public IP addresses, dynamic DNS, or certificates</li> <li> <strong>Ed25519 key pinning</strong> forces cryptographic verification on every connection</li> <li> <strong><code>ENCRYPTED_ONLY=1</code></strong> rejects any unverified peer outright</li> </ol> <p>No public ports. No port forwarding. No trust placed in third-party infrastructure.</p> <h2> Who This Is For </h2> <ul> <li> <strong>Privacy-maximizers</strong> who prefer to self-host and encrypt their data</li> <li> <strong>Windows + WSL2 users</strong> who want Linux containers without a separate VM</li> <li> <strong>Cheap homelabbers</strong> tired of SaaS remote desktop pricing</li> <li> <strong>Anyone who can read a Docker Compose file</strong> and wants control back</li> </ul> <h2> Try It Out </h2> <p>The <a href="https://github.com/mattmesmer/rustdesk-tailscale-wsl2-guide/tree/main" rel="noopener noreferrer">GitHub repository</a> has everything you need:</p> <ul> <li>Full <code>docker-compose.yml</code> with S6-overlay (hbbs + hbbr in one container)</li> <li>Complete prerequisite checklist</li> <li>Client configuration for every platform</li> <li>Verification commands and troubleshooting</li> <li>Maintenance &amp; upgrade procedures</li> </ul> <p><strong><a href="https://github.com/mattmesmer/rustdesk-tailscale-wsl2-guide/tree/main" rel="noopener noreferrer">📋 Check out the full guide on Github!</a></strong><br> ⭐ Star it if it saves you a subscription fee.</p> <h2> Quick Wins You'll Appreciate </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Before</th> <th>After</th> </tr> </thead> <tbody> <tr> <td>Dynamic DNS services</td> <td> <code>myhost.tailnet-name.ts.net</code> — set and forget</td> </tr> <tr> <td>Let's Encrypt cert anxiety</td> <td>Not needed — private names, private trust</td> </tr> <tr> <td>Firewall port juggling</td> <td>Zero inbound rules</td> </tr> <tr> <td>"Did I leave that port open?"</td> <td>Impossible by design</td> </tr> </tbody> </table></div> <h2> Feedback Welcome </h2> <p>This is the stack I run daily. If you hit edge cases, spot improvements, or want to see additional integrations (Ansible? Terraform? Proxmox?), report an issue or open a PR.</p> rustdesk tailscale linux opensource