Originally Posted by
deubster
With a VPN, you get an IP address on the local network, making it unnecessary to open ports on a router.
Except for the VPN port, depending on what you are using to terminate the connection.
My server at home is online all the time and is constantly being scanned/probed and I can watch the traffic hitting it. And I have NEVER seen a probe on port 3389. There is too much low-hanging fruit for it to be a reasonable attack vector for people to waste time trying to hit.