RDP (remote desktop) issues across IPSec VPN tunnel

**ntguru** · 12-21-2018, 10:02 AM

Hi All,

Have a setup where originally a 14.1 untangle (site B) and newer Cisco ASA (site A) had an IPSec tunnel connecting the two locations. Traffic from B to A was generally unrestricted but from A to B heavily restricted via Network->Filter Rules on Untangle B. RDP (remote desktop) traffic from B to A was a common use of the tunnel and had no problems.

Recently switched out the ASA at A for another Untangle (14.1) and recreated an IPSec tunnel between them. IKE2, tunnel, always connected, everything else default. Left Filter rules on Untangle B. Tunnel comes up and stays up, traffic generally moves as expected across the tunnel. However, now RDP from B to A generally hangs up at some point after the initial login -- often at establishing connection quality. This seems to be an issue at a higher OSI layer since if 3389 is blocked or closed, you usually don't even get the RDP login prompt. I get the prompt, and if I use intentionally wrong creds, it immediately kicks back as such.

Any thoughts? Unexpected to have smooth sailing with different IPSec vendors but rough seas with two of the same brand and revision.

**dmorris** · 12-21-2018, 10:32 AM

wild guess but sounds like an MTU issue to me.
Try lowering the MTU on your external to see if anything changes.
(If it does not, don't forget to set it back to blank/unset - the default)

**ntguru** · 12-21-2018, 10:57 AM

Lowered MTU on external NIC on both untangles to 1400, disabled and re-enabled tunnel and still the same. For one of the RDP servers that fails over the tunnel every time, I created a temporary port forward in to it on 3389 and hitting that public IP works fine but still not the private IP over the tunnel.

Originally Posted by dmorris

wild guess but sounds like an MTU issue to me.
Try lowering the MTU on your external to see if anything changes.
(If it does not, don't forget to set it back to blank/unset - the default)

EDIT - removed brain fart comment failing to recall IPSec overhead

**ntguru** · 12-21-2018, 11:17 AM

Also, took a PC in site B having RDP issues over the site-to-site tunnel and instead connected it via L2TP client VPN (using built-in Win10 client) to Untangle A and had no issue RDPing to same servers that don't work over the s2s tunnel.

Originally Posted by ntguru

Lowered MTU on external NIC on both untangles to 1400, disabled and re-enabled tunnel and still the same. For one of the RDP servers that fails over the tunnel every time, I created a temporary port forward in to it on 3389 and hitting that public IP works fine but still not the private IP over the tunnel.

EDIT - removed brain fart comment failing to recall IPSec overhead

**ntguru** · 12-24-2018, 11:48 AM

Any further thoughts? This is bizarre and unexpected!

**bluechris** · 12-24-2018, 11:55 AM

If you try the interconnect of the 2 untangle with openvpn you get the same problems? I say this because i had some troubles some years ago and openvpn saved me.

**sky-knight** · 12-24-2018, 12:12 PM

I'm with DMorris, this feels like an MTU issue and that's not good because troubleshooting those are painful. My only suggestion is to open a ticket with Untangle support because we need more access than we have via the forums to dig through this.

**ntguru** · 12-27-2018, 08:17 AM

I've opened a ticket and will try to report back here.

Thread: RDP (remote desktop) issues across IPSec VPN tunnel

LinkBack

Thread Tools

RDP (remote desktop) issues across IPSec VPN tunnel

Posting Permissions