Problems with RDP over OpenVPN Only to Win 7+ computers

0

I am having problems RDPing from a Win 7 client to a Win 7 box on the other side of an OpenVPN server. Connecting from my Win 7 client to an XP box works wonderfully.

The destination machines do not require network level authentication (IE they are set to the "less secure" setting). I have removed all of the extraneous features of RDP (printers, flash drives, sound, color depth...down as low as I can)

I establish a OpenVPN connection from home to work, then attempt to RDP to a machine say PC2312332.example.com and it hangs at configuring remote session. I can also ping PC2312332.example.com from my client computer command line and an NSlookup of any site shows that my DNS is using my work's internal DNS server, as it should.

Now, the real kicker: rarely it WILL finish connecting and allow you in. Sometimes after as many as five minutes of sitting on configuring. Then it will work fine. Usually even allow you to reconnect if you let your computer go to sleep (and the VPN connection needs to re-establish. Can anyone help me get this working solidly.

I did see RDP over OpenVPN in Windows 8, but it seems to be dealing with the destination not allowing connections in the the OpenVPN interface. Either way, I've turned off the firewalls on the source and destination machines for troubleshooting.

Off campus:

  • Win7 Client -> Win7 on campus = hangs at configuring remote session
  • Win7 Client -> XP on campus = Connects very quickly and with fine performance

On Campus:

  • Win7 Client -> Win7 on campus = Connects very quickly and with fine performance
  • Win7 Client -> XP on campus = Connects very quickly and with fine performance

PsychoData

Posted 2015-02-26T18:32:23.350

Reputation: 1 331

Answers

0

At Jens: - This is only a thought, but..

usually the system administrators set some firewall acls to allow connection to an RDP target computer inside the IT infrastructure, and.. the iptables rule would perhaps be looking like this:

-A VPN_%USER%_CHAIN% -d %RDP_TARGET_IP%/32 -p tcp -m tcp --dport 3389 -j ACCEPT

... - as the RDP usually uses TCP. But I've heard somewhere that on a more new Windows systems it switches to UDP alfter the session is created.

Now as Jens uses permanent ICMP ping before he starts his RDP connection, and ICMP is UDP based, it is possible that RDP sets back to using TCP because the UDP connection of the network interface gets pretty much used through the ICMP ping, and because of it the firewall rule sees it fit to let the TCP connection through.

So its perhaps a good idea at the least to use ping, or ...ask the admin to add the UDP iptables rule like: 

-A VPN_%USER%_CHAIN% -d %RDP_TARGET_IP%/32 -p udp -m udp --dport 3389 -j ACCEPT

on the openVPN server as well?

satyr0909

Posted 2015-02-26T18:32:23.350

Reputation: 1

1Jens did not post the question ... – Pierre.Vriens – 2018-06-08T10:50:18.333

Sorry, I didn't meant to be disrespektful. I will correct my entfy. – satyr0909 – 2018-06-09T21:19:23.687

0

A google search shows that it could be a number of problems that have to do with your settings on the client end.

This thread mentions changing selected resources, colour depth.

This Superuser question & answers may also be of help.

HTH

Dude named Ben

Posted 2015-02-26T18:32:23.350

Reputation: 839

I already tried the first suggested solution. I'll edit my question and add it for clarity. I'm attempting to connect with as minimum possible options. – PsychoData – 2015-02-26T20:29:50.340

The second one only had one additional thing: http://superuser.com/a/571750/216374 DisableTaskOffload . This didn't help. Things still respond the same way on and off campus with that turned off.

– PsychoData – 2015-02-26T20:37:56.930

0

I have the same oberservations as above "off campus" when I access my win 7 / win xp boxes from outside using OpenVPN, i.e. win xp works, win 7 doesn't. I have tried to trace with WireShark but no succes. However, my "solution" is as follows: when remoting first start a process that repeatedly pings the target

Windows:

ping -t <target> 
mstsc ...

Linux:

ping <target> &
rdesktop [your options] <target>

Android:

ping <target> ( using any android shell app)
run aFreeRDP ( or any other app - I have tried a few with no probs )

In conclusion, as far as I can see, keeping the target connection "alive" with pings avoids the connection to "freeze"/time out or whatever happens. Oddly, I haven't been able to verify that this is indeed the problem as nothing seems to be logged (well, nothing I was able to find, anyway).

I would like to learn the "real" solution but in the meantime pinging the remote host from another process on the local machine does the trick for me.

Jens

Posted 2015-02-26T18:32:23.350

Reputation: 1

hmm you would think the pings would just get in the way of the RDP session more, but I guess not – PsychoData – 2015-09-21T20:24:48.853

Absolutely, pinging "unnecessarily" must impose some delay. So I am taking this approach only because I don't have a better solution :-( – Jens – 2015-09-29T19:16:38.877

Asked: 2015-02-26T18:32:23.350

Viewed: 1 632 times

Active: 2018-06-08T10:05:03.150