Actually, I am not going to 100% agree with your opinion.

The way I describe this subject there are two categories of tools generically referred to as a VPN:

• A Commercial VPN Service: As the name implies, a Commercial VPN Service is generally something contracted with a third-party provider and the purpose is somewhat similar; the user wants to connect to the internet from a public hotspot but not have your activities monitored by observers and spectators. In this sense, the goal is more to keep connection habits private than to connect to an office network. Observers and spectators will not be aware of the banks you use or your email providers.
• A Local Dedicated VPN: A Local Dedicated VPN is one that is totally under the control of the business and typically is one that is configured as part of your private Local Area Network to allow remote access to a network from a public connection. When used this way, it allows a secure encrypted remote connection, at a conference, at the library, at Starbucks or some other location with access as if the user were connected to the office network. The user will have access to all the peripherals and devices as if they were in the office.

NordVPN is an example of the former. What the IRS is referring to is the latter. You control the security to your local LAN via a secure VPN server (usually in your router) and, using that, you connect to your local LAN. Then, you would connect to your desktop via its local IP address. In this manner, there are no ports open on the router which need to be directed to the desktop machine. The Remote Desktop Connection is thus secured by the security of your Local Dedicated VPN in addition to its password security.

I wholeheartedly endorse the IRS suggestion and have suggested this type of remote access in the seminars I have conducted.

Using a Commercial VPN Service, as you suggest, would not be the way to do this. Using a Local Dedicated VPN adds a level of security that we all should be using to avoid allowing a direct connection to a PC from outside the LAN.

YMMV

"Then, you would connect to your desktop via its local IP address."

Right, that is RDP, not VPN. You are describing running an RDP on top of a VPN connection, but I don't see where that adds any security, since the RDP connection itself is normally going to be encrypted and password protected (hopefully with Multi Factor Authentication). You have to allow an outside connection to the office through the router using either VPN or RDP,

To re-state what the blog I linked to stated, a VPN makes your computer appear to be on the office network, but your computer still needs to run its own software. An RDP instead allows your computer to behave like it is simply a mouse, keyboard, and monitor connected to your office computer by very long cables. You are remotely operating the office computer running its software, not running tax or accounting software on your own computer as you would be with a VPN.

If you want security you should never open a PC to a direct outside connection. If you want to, that is your business. However, the IRS advice is sound. You should control access to your LAN via a Local Dedicated VPN and only allow connections to workstations from other devices within that LAN.

The way you are using Remote Desktop is to connect through an open router port directly to a PC.

You are comparing apples and oranges. Neither I nor the IRS is talking about a Commercial VPN Service. Those are not helpful in this scenario. The fact that it is useless in this scenario should tell you that it is not what the IRS is describing. They are talking about setting up your own Virtual Private Network, not paying someone to protect you from others viewing your browsing habits. In fact, I suspect that using such a service may actually arouse suspicions when you e-file since the IP address of that Commercial VPN is sent along with the e-filed data.

I have no LAN. I use a commercial VPN and I have no problem e-filing through my Ultra Tax software.

I don't understand why you keep on bringing this distinction into the discussion, neither my comments nor the IRS recommendation had anything to do with "commercial" vs. "local dedicated" VPN. So far, the discussion is analogous to this:

RR: The IRS recommends poultry, but beef is just as good if not better.
Dtlee: The IRS recommendation is good, because chicken and turkey are different kinds of poultry, and chicken is nutritious.

What do you mean by "direct"? When I send/receive email, or view a web site, or upload/download a file, isn't that a direct connection to somewhere outside of my local LAN? If it is not "direct", then please tell me which machine the data (email, file, HTML) is stored on between the remote host and my PC? If it is not stored on an intermediate machine, then it is direct by definition. I think you are confusing port numbers with intermediate storage, or NAT (network address translation). Listening for incoming connections on certain ports is going to be required for both VPN and RDP, so how is one any more secure than the other in that regard? There is nothing inherently insecure about listening on TCP/IP ports, every PC does it all the time. It's only a problem if an insecure program is listening on a given port and injudiciously accepting connections. I am assuming that one would use a secure RDP product to avoid this problem.

Note that VPN does not by itself require or imply encryption. I am assuming that both the VPN and the RDP products use encryption, so that is not an advantage for either one.

Let's try one more time, if not for dtlee, than for the others:

• Using a VPN is like taking your computer (at home) and moving it to an empty desk in your business office. Instead of using the network IP address of your home machine, it will appear to use a network address on the business office LAN. Thus, it can access printers and servers at the office. But the machine would still need to be configured with licensed software, etc to be useful.
• Using RDP is like taking the mouse, keyboard, and monitor from your PC in the business office and extending it to your desk at home. You get the same benefit as with the VPN, but without having to spend extra time configuring your local PC with business software.

For those who want the actual facts, check out these articles:

For anyone who is tired of this thread, read recommendations from real professionals who have taken the same kind of technical training I have had:

https://www.liveconsulting.com/news/...ktop-protocol/
https://community.spiceworks.com/top...-risk-over-vpn
https://www.itprotoday.com/compute-e...dp-without-vpn
https://www.howtogeek.com/131961/how...-the-internet/

There are hundreds more I could post. Note the last one offers both the direct connection RapidRobert suggests or using it through a VPN but states Rapid, this should not be taken personally, but the way your post classifies my statements is misleading:

IRS: We recommend you use gravy with your roast beef
RR: Any Italian will tell you gravy goes on pasta. The roast beef is better without it.
dtlee: The IRS is talking about a different kind of gravy which enhances the roast beef.

Specifically, this characteristic:and the NordVPN link you included does nothing to enhance the use of Remote Desktop. This is the issue I addressed in my response.

A Local Dedicated VPN under your control could actually be used in that same way as you described (i.e., when you are away from your office and want to avoid public monitoring of your browsing activities) but its main purpose is that it would provide a secure connection to your LAN without exposing individual machines (which some of your subsequent posts hint at).

I was going to post this article a few days ago but thought it is also an ad for one of their products:


What they recommend is:This is not to say that it is wrong to use RDP alone. However, if you have client data on a PC and want it secured, you should never use RDP without first connecting to your network via a secure Local Dedicated VPN.