Comments (complains?) of slow connections (2 to 5 minutes!) to the combined connection to tsgateway.uni.edu and then to the workstation got me interested in pursuing things further.
Remote Desktop Connection client (ver 6.1 and newer) have a checkbox in the Advanced-> ‘Gateway Settings’ for “Bypass TS Gateway server for local addresses”
Evidently people have been checking this. IMHO this checkbox should be labeled “Bypass TS gateway for addresses that this machine can reach” since that is the evident behavior. UNI machines have public addresses, which can be reached from any remote computer, BUT our border router silently drops all 3389 TCP connections (unless the machine is specifically allowed).
So the remoting computer attempts to connect directly to the machine on port 3389, and waits and waits for a response. In my testing, the timeout takes 30-ish seconds.
This happens if you attempt to connect using the machine’s numeric IP address: ‘134.161.xxx.xxx’ or it’s public DNS reference ‘machine1.department.uni.edu’
If however you use the AD DNS name for the machine (which is NOT available to the Internet) such as ‘machine1.ad.uni.edu’ – you will be nearly immediately prompted for credentials for the TS gateway. Of course, if you can also achieve this instant bliss by simply unchecking the “Bypass TS Gateway server for local addresses” box.