Firewall port forward - two factor IP whitelist?

I would like to allow open some TCP port only for some speficic IP addreses.

Is it possible to make some easy authentication for my users?
Like entering special password on some website or APP will allow my IP for couple of hours or something like that?

I want to make some smart remode desktop two way authentication. Whitelisted IP addreses would be able to connect to RDP any time. For other ip addreses will be no port-forwarding allowed unless they add their IP in some user friendly way.

Would port knocking work?

But anyways, most RDP servers offer their own authentication, so why duplicating it?

We had our RDP hacked 2 or 3 times… I want to open this port only for my employees.
It must be simple, so every employee could open that port when he travels someware.
I don’t want to pay a lot of money for third party two-way authorization for RDP software.

I think this is a very simple and effective way.

Did you consider Wireguard or OpenVPN? That’s rock-solid safe. Not sure about performance of RDP over them, but my experience tells it could be okay. From time to time, I connect via VNC over PPtP VPN and it works on a 5 Mbps upload link on the remote side.

Sure I have considered VPN. It is too complicated.

For example when I only need to see RDP for five minutes when I am at my friends house I would not install VPN on his computer… or on my iphone…

If I just “unlock” port for that IP address for a while using one password on some special website and than log in to RDP it is safe and easy enough.