SpywareDr knows more about this stuff than I do..... BUT.

Your people would make a VPN connection with some third party server somewhere in the world.... Doing that would make them anonymous. Then they'd attempt to make a RDP connection to YOUR server..... I am uncertain how you'd know it was them to let them in...

VPN's are also famous for sucking away bandwidth.