We have a fleet of windows laptops that get used by staff in the field. The work is sensitive and we must monitor to ensure data is not leaked. We therefore run VNCserver on each machine so that we may monitor a users' behavior (company policy, all employees are told). This works as long as the user connects to the company VPN.

However, as soon as they disconnect from the VPN there is no way to monitor the desktop as the 3G ips are natted and dynamic.

My question:

Is there a way have tightvnc server automatically connect to a remote listenserver and then have someway of connecting to that listenserver?

basically:
VNCServer --> internet server <--- vnc client.

I know that tightvnc server you can add a client which can be the vnc client listening on a port but can I connect to that listening client from somewhere else?