Can't connect to Windows Host via RDP over WAN

1

0

I'm trying to setup WAN accessible RDP to a VM on my home LAN to no avail.

I can RDP from inside the LAN just fine, but not outside and I can't seem to debug.

Things I have done/tried:

  • Changed Port to 55501 listening and port forwarding
  • Tried forwarding public port 55501 to 3389
  • Disabled Firewall
  • Put host in DMZ
  • Switched ports back to default (and disabled firewall and put host in DMZ)

I'm at a loss for what else to try and/or how to gather more information as to the issue. Is there a log I can view on the server or guest to see the issue and/or something else I can try?

PS: My Host OS is Windows 10 LTSC the remote guest is Windows 10 Enterprise

Update:

  • I am able to see the port open via https://canyouseeme.org/, only when host is in the DMZ, but didn't work with just Port Forwarding.
  • My router is a DD-WRT v3 Linksys EA6500
  • I looked under Event Viewer and the only thing I could find was "Remote Desktop Server Host role not installed", but googling that came up with Windows Server & DC options, this is not a Domain Joined host and/or a Window Server OS so I wasn't sure how that would apply.

Update2:

  • Tried using a fresh install of Windows 10 PRO x64 made via Media Creation Tool and still didn't work, I am reaching the machine as I saw this in Event Viewer

Listener RDP-Tcp received a connection

  • Going to try Windows 7 now, see if that fixes it.

Update3 (I'm already being attacked lol, forgot to shut down VM. I will work in securing setup once it works):

Here are my settings, going to try a bounty see if anybody has any solutions...

DMZ:

enter image description here]

Port_Forward:

enter image description here

Port Checker:

enter image description here

Windows Firewall:

enter image description here enter image description here

Windows Remote Settings:

enter image description here

FreeSoftwareServers

Posted 2019-08-01T12:48:48.387

Reputation: 962

2I would try to scan ports on your router with eg. nmap. Which router/firewall are you using? In Event Viewer, you can find logs under Microsoft -> Windows -> TerminalServices... Please think about using some kind of VPN, RDP does not have a good reputation security-wise. – week – 2019-08-01T13:02:38.137

VPN is not an option as I can't install software on the guest computer, I'm fine with RDP security. I have other ways of protecting my LAN at home, for instance I can power up the VM only when needed remotely. – FreeSoftwareServers – 2019-08-02T07:17:46.297

@week Updated OP in response, tonight I will try setting up a Windows 10 Enterprise RDP server guest which is vanilla. Currently the Windows 10 LTSC VM is quite heavily customized and I wonder if it's somehow related or if the OS itself is to blame, Windows 10 LTSC is not really meant for consumer application, but I love it. – FreeSoftwareServers – 2019-08-02T07:19:08.687

In case there is an open port, some hints of connection in syslog and everything is working within LAN, my bet would be problem with firewall settings on dd-wrt (missing NAT rules or FORWARD rules in/out). – week – 2019-08-02T13:17:57.610

@week Didn't take long for me to start getting attacked! I'm seeing tons of RDP attempts! Opened a bounty, as I'm suspecting your correct the issue might be DD-WRT, but I'm at a loss for what the solution is. – FreeSoftwareServers – 2019-08-06T08:20:57.743

Is IP address 192.168.1.211 the host or the VM? – harrymc – 2019-08-06T08:57:59.300

That is the VM which I consider the host. I'm trying to connect from what I consider the guest, a remote computer at work running Windows 10 Enterprise. – FreeSoftwareServers – 2019-08-06T10:36:35.217

@harrymc This VM is running on top of KVM not Windows if that's what you were thinking – FreeSoftwareServers – 2019-08-06T13:55:53.563

Answers

2

You are saying that this is coming from a work computer, are you sure that your work network allows outbound traffic on that port? Can you try say, via an LTE connection from a mobile device? Or running PowerShell's Test-NetConnection? From your corporate network or a separate one? Your home ISP appears to allow the connection since CanYouSeeMe can see you on that port (sometimes they block various ports, typically 80 or 25).

I don't think that the answer will be on the VM itself as RDP works within the LAN.

Could you set up some other service on that machine, like a quick blank IIS page, and see if you can access port 80 or 443 via WAN?

I assume that by LAN you mean the same subnet, thus the traffic does not need to use the gateway (router) - does your router support multiple subnets/VLANs? You could try to connect via RDP from a separate subnet to see if it is the WAN or the router as the problem.

You could also just plug the VM's host directly into your modem to bypass the router to remove it as a variable. Obviously this would not be the ideal end-game solution, but it would tell us that the router is to blame. Technically using the DMZ feature should be the same test, but it's possible there is some bug going on with that router's software.

Sam Lewis

Posted 2019-08-01T12:48:48.387

Reputation: 86

Good call. You beat me to it. I was about to answer in the same vein.The network on the rdp client side may actively interfere with outbound RDP. As RDP works on local LAN and canyouseeme sees it as well (and attacks are coming in) it is highly unlikely to be a problem at the RDP server side of things. – Tonny – 2019-08-06T14:01:24.867

1Welcome to SU! While this was a bit of a "gimme" in a way, I needed somebody to force me to check this and I was able to RDP from my moms LAN to my LAN but not from my work LAN to my home LAN, therefor my work Firewall blocks me from outbound RDP. Thankfully, Teamviewer portable doesn't require admin rights to run, and is generally better anyway. I might still work on securing RDP and leaving it open as a first thing to try from other LANs where I don't want to be monitored. Thanks! – FreeSoftwareServers – 2019-08-12T08:00:49.297

Yeah, plenty of corporate networks block things like that. I used to work at a consortium of libraries, and most outbound ports were blocked, I don't think one could RDP home from there.

You may be able to use VNC on a non standard port, I'm not sure how the security community feels about that vs. RDP. It wouldn't go through a cloud like TeamViewer, since that seems to be what you're trying to avoid. – Sam Lewis – 2019-08-13T18:54:26.307

1No I'm using TeamViewer just fine now, it is great, but since it's portable I have to log in each time. I also wanted RDP to work so I could just use it from any Windows machine w/o having to download software. I still have http gui access to my KVM server via cockpit but using desktops over cockpit is horrendous. I just figured RDP would give me a warning if it was being blocked by my network, but I guess not. – FreeSoftwareServers – 2019-08-15T13:33:47.707

Asked: 2019-08-01T12:48:48.387

Viewed: 349 times

Active: 2019-08-06T13:56:25.830