[prev in list] [next in list] [prev in thread] [next in thread] 

List:       pfsense-support
Subject:    RE: [pfSense Support] Is there any reason I can't Remote desktop
From:       Marty Nelson <MNelson () transdyn ! com>
Date:       2009-03-27 14:44:56
Message-ID: E6F9C0DA01AB4141849AEBEA946CB66A8EC2AAF11D () TDIMX ! transdyn ! com
[Download RAW message or body]

When you say to adjust the MTU on the server, forgive the question, but which server?

Thanks,

-Marty


-----Original Message-----
From: Adam Armstrong [mailto:lists@memetic.org]
Sent: Friday, March 27, 2009 2:14 AM
To: support@pfsense.com
Subject: Re: [pfSense Support] Is there any reason I can't Remote desktop through an ipsec tunnel?

Marty Nelson wrote:
>
> I have an IPSec tunnel connecting my network to one of our customer
> sites, and while I can ping a computer on their network I am unable to
> remote desktop to. Currently all of our customer tunnels are setup to
> terminate in our DMZ to limit access back into our network. I have a
> second firewall (monowall) in our DMZ that then routes all traffic out
> through the tunnel. I've drawn a rudimentary layout of how it's setup
> (see below).
>
> I have the IPsec rules to pass all traffic, and currently I have it
> setup to log all traffic as well. What's strange is that when I
> attempt to remote desktop to it, I see no traffic relating to that at
> all. Nothing passing, nothing getting blocked. Like I said, I can ping
> the box just fine (and it shows up in the log), but I am unable to
> remote desktop to it and I don't see anything getting blocked, or passed.
>
> Hopefully this made sense. If it's unclear, please let me know and
> I'll try my best to clear it up.
>
> LAN (192.168)---[pfSenseFW]---DMZ (10.100)---[monowall]---[ipsec
> tunnel to cust site]---Cust site
>
I would say that it's almost certainly MTU-related. RDP always seems to
be the first thing hit by a failure of the pmtud mechanism to work.

The IPSEC tunnel will be reducing your MTU, and when the RDP server
tries to send out a packet it'll get dropped. Try reducing the MTU of
the interface of the server?

This usually manifests itself by the login screen background appearing
(presumably because it fits into < 1492 bytes), but then nothing more.
Doesn't sound exactly like what you're seeing, but RDP + IPSEC issues
are usually MTU-related IME.

adam.

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe@pfsense.com
For additional commands, e-mail: support-help@pfsense.com

Commercial support available - https://portal.pfsense.org


---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe@pfsense.com
For additional commands, e-mail: support-help@pfsense.com

Commercial support available - https://portal.pfsense.org


[prev in list] [next in list] [prev in thread] [next in thread]