The Remote Desktop Tax Is Out of Control
TeamViewer is $50/month. AnyDesk personal license is “free” until you use it more than once a week and they flag you for commercial use. Chrome Remote Desktop is technically free but every pixel of your screen gets routed through Google’s infrastructure like they’re collecting rent on your desktop.
Meanwhile, two solid open-source alternatives have been sitting there the whole time, and most people still haven’t heard of them.
RustDesk is the one that looks and feels like TeamViewer — fast peer-to-peer connection, a polished GUI client, and a relay server you self-host so your data doesn’t go through someone else’s cloud. MeshCentral is the one that looks more like a sysadmin tool — Node.js, web-based admin console, agent-based management, RBAC, and it scales to hundreds of machines without breaking a sweat.
Same broad category. Completely different philosophy. Let’s break it down.
What Each One Actually Is
RustDesk: The TeamViewer Replacement
RustDesk is built in Rust (shocker) with a Flutter GUI. It’s designed to feel familiar to anyone who’s used TeamViewer or AnyDesk — you get an ID + password system, the other person shares their ID with you, you connect. Done.
The self-hosted piece is two server binaries:
- hbbs — the ID/rendezvous server (matches peers by ID)
- hbbr — the relay server (used when direct P2P fails, like through NAT)
When you self-host these, connections are brokered through your server, not theirs. If P2P works (it usually does), traffic goes directly between machines. The relay server only touches the data if there’s no direct path — which means low latency and no bandwidth bottleneck on your VPS for most connections.
The client is available for Windows, macOS, Linux, Android, and iOS. Install it, plug in your server addresses in settings, hand someone a 9-digit ID, and you’re connecting in 30 seconds. Your parents can do this. That’s not an insult — it’s the point.
MeshCentral: The Fleet Management Tool
MeshCentral is a Node.js application with a web-based admin console. You install it on a server, and then you deploy lightweight agents to every machine you want to manage. Those agents phone home to your MeshCentral instance and wait for commands.
Unlike RustDesk’s peer-to-peer model, MeshCentral connections go through your server. Always. This isn’t a limitation — it’s a design choice. When you’re managing 50 machines spread across different networks, having them all connect back to one place makes sense. You get a single pane of glass: who’s online, who’s offline, run remote commands, push files, connect for remote desktop, check hardware inventory.
The RBAC system lets you create multiple user accounts with different access levels. Your helpdesk staff can connect to machines and run remote desktop. Your senior admin can push scripts and manage groups. You, the server owner, control all of it from a web browser without installing anything on the admin side.
Platform support is solid: Windows, Linux (most distros), macOS, Android. The agent is small and doesn’t need much — it just needs to be able to reach your server on the configured port.
Install Comparison
RustDesk Server: Five Minutes, Docker Compose
The quickest path to a working RustDesk relay is Docker Compose. You need a VPS with ports 21115-21119 TCP/UDP accessible from the internet.
version: "3"
services: hbbs: image: rustdesk/rustdesk-server:latest command: hbbs ports: - "21115:21115" - "21116:21116" - "21116:21116/udp" - "21118:21118" volumes: - ./data:/root depends_on: - hbbr restart: unless-stopped
hbbr: image: rustdesk/rustdesk-server:latest command: hbbr ports: - "21117:21117" - "21119:21119" volumes: - ./data:/root restart: unless-stoppedmkdir rustdesk-server && cd rustdesk-server# Save the docker-compose.yml above, then:docker compose up -dAfter it starts, grab your public key from the logs:
docker compose logs hbbs | grep "Key:"That key goes into the RustDesk client under Settings → Network → Key. Point the client at your VPS IP for both the ID server and relay server fields. Test with two devices. That’s it.
Total time: five minutes if your firewall is already configured. Fifteen if you need to figure out what you did wrong with ufw.
MeshCentral: More Moving Parts, More Power
MeshCentral runs as a Node.js app. You can install it with npm, but the Docker route is cleaner:
version: "3"services: meshcentral: image: typhonragewind/meshcentral:latest ports: - "443:443" - "80:80" environment: - HOSTNAME=mesh.yourdomain.com - REVERSE_PROXY=false - USE_MONGODB=false volumes: - ./meshcentral-data:/opt/meshcentral/meshcentral-data - ./meshcentral-files:/opt/meshcentral/meshcentral-files restart: unless-stoppedMeshCentral wants a real domain name and SSL. It’ll auto-generate a self-signed cert if you don’t have one, but browsers will complain and your agents will need the --ignoreagentcerthash flag. Just get a cert — Let’s Encrypt works fine here, or use a Cloudflare-proxied subdomain.
Once it’s running, hit https://mesh.yourdomain.com, create your admin account, and you’re in. The web UI walks you through creating device groups and downloading agent installers.
Deploy an agent on Linux:
# Download the agent installer from your MeshCentral web UI:# Dashboard → Add Agent → Linux → Copy install command
curl -o meshagent.sh https://mesh.yourdomain.com/meshagents?id=<your-mesh-id>&installflags=0chmod +x meshagent.sh && sudo ./meshagent.shThe machine shows up in your MeshCentral console within seconds. From there you can connect via remote desktop, open a terminal, transfer files, or run a command across every machine in a group simultaneously.
Client Experience: Where the Philosophy Shows
This is where the two tools feel most different.
RustDesk feels like a desktop app. You install the client, configure your server once, and then connecting to someone is as simple as asking for their 9-digit ID. The remote desktop window opens full-screen, quality adjusts automatically, audio forwarding works (on platforms that support it), clipboard sync is seamless, file transfer is built in. Latency is typically excellent because it’s usually going peer-to-peer.
The UX for helping your parents fix their computer is genuinely good. They install the client, read you the number on the screen, and you’re in. No accounts required on their end. No web browser confusion. It behaves like the tool it’s replacing.
MeshCentral is a web app. You open a browser, log into your console, click on a machine, and choose what to do. The remote desktop view opens in the browser via WebRTC. It works well, but it’s got more steps — and those steps are appropriate when you’re managing a fleet, less appropriate when your mom calls because her printer stopped working.
File transfer in MeshCentral is drag-and-drop through the web interface or via a proper file manager panel. Terminal access opens directly in the browser. You can run scripts on multiple machines at once. These are power features that RustDesk simply doesn’t have.
Feature Comparison
| Feature | RustDesk | MeshCentral |
|---|---|---|
| Connection model | Peer-to-peer (relay fallback) | Always through server |
| Admin interface | Desktop app | Web browser |
| Multi-user management | Basic | Full RBAC |
| Fleet management | No | Yes |
| Remote terminal | No | Yes |
| Unattended access | Yes (with password) | Yes (agent-based) |
| Audio forwarding | Yes (Windows/Linux) | Limited |
| File transfer | Yes | Yes |
| Mobile client | Yes (Android/iOS) | Android only |
| Self-signed cert support | N/A | Works with workaround |
| Resource usage (server) | Very low | Moderate (Node.js) |
Ports and Firewall: Don’t Skip This
RustDesk needs ports 21115–21119 open (mix of TCP and UDP). If you’re behind a restrictive firewall or only have 443 available, you’re going to have a bad time. Most home lab VPS setups are fine, but worth double-checking before you wonder why connections aren’t working.
MeshCentral typically runs on 443 and 80 (standard HTTPS). If you’re putting a reverse proxy in front of it (Caddy, Nginx), you’ll need to handle WebSocket upgrades properly — MeshCentral uses them heavily for agent communication. Failing to pass WebSocket headers is the #1 “why won’t my agents connect” issue.
Security Model
Both tools are self-hosted, so your data never leaves infrastructure you control. That’s the win for both of them.
RustDesk encrypts connections with a key pair generated at server startup. The public key you copy into the client is what authenticates your server — someone running a rogue RustDesk server can’t intercept your connections as long as you’ve set that key correctly.
MeshCentral handles auth through its own account system with 2FA support (TOTP, hardware keys). Every agent connection is TLS-encrypted back to your server. The agent mesh itself uses certificate pinning to prevent MITM attacks against the relay path.
Neither has had serious security incidents that I know of, but MeshCentral has a more complete audit trail — you can see who connected to what machine and when. For a business environment, that matters. For helping family with computer problems, it’s overkill.
When Things Break
RustDesk problems you’ll actually hit:
- P2P fails behind symmetric NAT (relay kicks in, slightly slower, usually fine)
- Client not connecting? Check the key. Then check the key again.
- Audio forwarding requires the right permissions on Linux (PulseAudio/PipeWire config)
MeshCentral problems you’ll actually hit:
- WebSocket not working through reverse proxy (add upgrade headers, seriously)
- Agent offline after server restart (usually recovers on its own in a minute or two)
- Self-signed cert headaches — just get a real cert, you’ll thank yourself later
The Verdict
Here’s the rule:
Use RustDesk if:
- You want to replace TeamViewer/AnyDesk for personal remote help
- You’re supporting non-technical users who need a simple ID/password experience
- You have fewer than 10 machines to manage
- Low latency matters more than centralized management
- You want mobile access from iOS
Use MeshCentral if:
- You’re managing a fleet of machines (10+)
- You need multiple users/admins with different permission levels
- You want browser-based access without installing anything on the admin side
- Audit logs and access control matter (business environment, compliance, etc.)
- Unattended terminal access and script execution across many machines is part of your workflow
These aren’t really competing with each other once you understand the use case split. RustDesk is a remote desktop tool. MeshCentral is a remote management platform. The fact that both do remote desktop is almost incidental.
Your home lab, your parents’ computer, your friend’s broken Windows install: RustDesk. Your office of 40 workstations, your client fleet, your Ansible-adjacent “I need to touch 30 machines today” situation: MeshCentral.
Both are free. Both are open source. Both let you stop paying $50/month to TeamViewer for the privilege of screaming “MOVE YOUR MOUSE LEFT” at your relatives over the phone.
Install both. Pick the right one for the job. Your 2 AM self — and your bank account — will appreciate it.
