Ubuntu Remote Workstation on DigitalOcean: Xfce + xRDP + GlobalProtect

Overview

This guide walks through building a responsive Ubuntu remote desktop on a DigitalOcean droplet and securely connecting it to a GlobalProtect VPN using OpenConnect.

The key problem this solves:

• GNOME + RDP is painfully slow on cloud VMs
• You want a workstation you can access from anywhere
• You may need VPN access to internal/corporate resources

The solution:

• Replace GNOME with Xfce
• Use xRDP for remote desktop
• Use OpenConnect for GlobalProtect-compatible VPN access

This setup is ideal for:

• Remote labs
• Jump boxes
• Secure development workstations
• Client VPN access from the cloud

If you only need SSH access, this is overkill.

What you’ll achieve

By the end of this post, you will:

• ✅ Deploy an Ubuntu desktop droplet
• ✅ Fix slow/laggy RDP by switching to Xfce
• ✅ Configure xRDP correctly (no black screens)
• ✅ Connect to a GlobalProtect VPN using OpenConnect
• ✅ Have a usable, fast remote workstation

Prerequisites

• Knowledge: Basic Linux CLI, SSH
• Tools: DigitalOcean account, RDP client
• Access: GlobalProtect VPN credentials
• Time: ~30–45 minutes

Environment

• OS: Ubuntu 22.04 / 24.04
• Cloud: DigitalOcean Droplet
• Desktop: Xfce 4
• Remote Desktop: xRDP (Xorg backend)
• VPN: OpenConnect (GlobalProtect protocol)

Quick start

sudo apt update
sudo apt install -y xfce4 xfce4-goodies xrdp xorgxrdp dbus-x11 openconnect
echo "startxfce4" > ~/.xsession
chmod +x ~/.xsession
sudo systemctl restart xrdp xrdp-sesman

Expected result:

• RDP login opens an Xfce desktop
• UI is responsive, no black screen

Step-by-step guide

1) Create the Ubuntu droplet

On DigitalOcean:

• Create a droplet using Ubuntu Desktop (GNOME) or plain Ubuntu Server
• Size: minimum 4 GB RAM (8 GB recommended)
• Enable SSH key access

You will replace GNOME later if using the desktop image.

2) Install Xfce

Xfce is significantly lighter than GNOME and performs far better over RDP.

sudo apt update
sudo apt install -y xfce4 xfce4-goodies

3) Install and enable xRDP

sudo apt install -y xrdp xorgxrdp dbus-x11
sudo systemctl enable xrdp
sudo systemctl start xrdp

xorgxrdp is critical — without it, you will often see a black screen.

4) Configure xRDP to start Xfce (correct way)

Do not hardcode Xfce in startwm.sh.
Instead, let Ubuntu’s Xsession handle it.

Create the session file for your user:

echo "startxfce4" > ~/.xsession
chmod +x ~/.xsession

Ensure /etc/xrdp/startwm.sh ends with:

test -x /etc/X11/Xsession && exec /etc/X11/Xsession
exec /bin/sh /etc/X11/Xsession

Restart services:

sudo systemctl restart xrdp xrdp-sesman

Disconnect and reconnect via RDP.

5) Verify the desktop session

Inside the RDP session:

echo $XDG_CURRENT_DESKTOP

Expected output:

XFCE

Install OpenConnect (GlobalProtect)

6) Install OpenConnect

sudo apt install -y openconnect network-manager-openconnect network-manager-openconnect-gnome

7) Connect to GlobalProtect via CLI

Basic connection:

sudo openconnect --protocol=gp https://vpn.example.com

Common useful flags:

sudo openconnect --protocol=gp --mtu=1300 https://vpn.example.com
sudo openconnect --protocol=gp --external-browser https://vpn.example.com

You may be prompted for:

• Username
• Password
• MFA (push or OTP)

8) Verify VPN connectivity

ip a
ip route
resolvectl status

You should see:

• tun0 or gp0
• Internal routes and DNS servers

Test access:

ping internal.host.local

Common pitfalls & troubleshooting

Issue: Black screen after RDP login

Cause: Missing xorgxrdp or incorrect startwm.sh

Fix:

sudo apt install -y xorgxrdp dbus-x11
echo "startxfce4" > ~/.xsession
sudo systemctl restart xrdp xrdp-sesman

Issue: RDP is still slow

Fixes:

• Use Xfce (not GNOME)
• Lower color depth in RDP client (16-bit)
• Disable wallpaper and animations

Issue: VPN connects but DNS doesn’t work

Fix:

resolvectl status

If internal DNS is missing, systemd-resolved may need manual adjustment.

Security notes

• Do not expose RDP (3389) to the public internet unrestricted
• Prefer firewall rules or VPN-only access
• OpenConnect runs as root — protect credentials
• Disable password SSH login if possible

Performance notes

• Xfce + xRDP is dramatically faster than GNOME
• Cloud latency still matters — choose a nearby region
• MTU issues are common on cloud + VPN (1300 is a safe default)

Variations & extensions

• Remove GNOME entirely to free resources
• Auto-connect VPN on login
• Restrict RDP to VPN-only access
• Use subdomain + firewall for controlled exposure

Cleanup (optional)

sudo apt remove ubuntu-desktop gnome-shell -y
sudo apt autoremove -y

References

• https://www.digitalocean.com/community/tutorials/how-to-enable-remote-desktop-protocol-using-xrdp-on-ubuntu-22-04
• https://www.infradead.org/openconnect/
• https://github.com/neutrinolabs/xrdp
• https://wiki.xfce.org/