I have several Windows (7, 10 and Server 2016) VMs on a single (Linux) host, and would like to use rdesktop to connect to these VMs. The server has a single public IP.
Is there a way that allows users to connect and select the VM they want to be connected to?
My initial thought would be to require TLS and use SNI to select, similar to what sniproxy does for HTTPS, however I'm unsure about client support there.
Is there an RDP proxy server that presents a menu and then redirects my session, similar to an XDMCP Chooser for X11?
Is there an option I have missed?
I would prefer to use a VPN, such that clients connect to a VPN gateway on the public IP address, and then connect to the VMs on private IP addresses behind the gateway.
Assuming that is not possible, your best bet is probabbly to expose the RDP port numbers as non-standard port numbers. Then provide the clients with custom *.RDP files for each server, with the "server port" directive to specify the non-standard port number. Then use port forwarding rules to forward each non-standard port numbers into the appropriate VM.
"Terminal Services Gateway" (TS Gateway) is the technology you are looking for. RDP over HTTPs with session collection and management. Maybe in combination with the TS Session Broker Role. It's included and fully suported in Windows Server 2012R2+. As the only supported HTTPs session/proxy/encryption/lbs gateway.
On the plus side: It has a Web-Broker with (if you want) SSO and - optionally - certificate authentication.