Results 1 to 8 of 8
  1. #1
    Untangler
    Join Date
    Sep 2018
    Posts
    51

    Default RDP (remote desktop) issues across IPSec VPN tunnel

    Hi All,

    Have a setup where originally a 14.1 untangle (site B) and newer Cisco ASA (site A) had an IPSec tunnel connecting the two locations. Traffic from B to A was generally unrestricted but from A to B heavily restricted via Network->Filter Rules on Untangle B. RDP (remote desktop) traffic from B to A was a common use of the tunnel and had no problems.

    Recently switched out the ASA at A for another Untangle (14.1) and recreated an IPSec tunnel between them. IKE2, tunnel, always connected, everything else default. Left Filter rules on Untangle B. Tunnel comes up and stays up, traffic generally moves as expected across the tunnel. However, now RDP from B to A generally hangs up at some point after the initial login -- often at establishing connection quality. This seems to be an issue at a higher OSI layer since if 3389 is blocked or closed, you usually don't even get the RDP login prompt. I get the prompt, and if I use intentionally wrong creds, it immediately kicks back as such.

    Any thoughts? Unexpected to have smooth sailing with different IPSec vendors but rough seas with two of the same brand and revision.

  2. #2
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,486

    Default

    wild guess but sounds like an MTU issue to me.
    Try lowering the MTU on your external to see if anything changes.
    (If it does not, don't forget to set it back to blank/unset - the default)
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Untangler
    Join Date
    Sep 2018
    Posts
    51

    Default

    Lowered MTU on external NIC on both untangles to 1400, disabled and re-enabled tunnel and still the same. For one of the RDP servers that fails over the tunnel every time, I created a temporary port forward in to it on 3389 and hitting that public IP works fine but still not the private IP over the tunnel.

    Quote Originally Posted by dmorris View Post
    wild guess but sounds like an MTU issue to me.
    Try lowering the MTU on your external to see if anything changes.
    (If it does not, don't forget to set it back to blank/unset - the default)
    EDIT - removed brain fart comment failing to recall IPSec overhead

  4. #4
    Untangler
    Join Date
    Sep 2018
    Posts
    51

    Default

    Also, took a PC in site B having RDP issues over the site-to-site tunnel and instead connected it via L2TP client VPN (using built-in Win10 client) to Untangle A and had no issue RDPing to same servers that don't work over the s2s tunnel.

    Quote Originally Posted by ntguru View Post
    Lowered MTU on external NIC on both untangles to 1400, disabled and re-enabled tunnel and still the same. For one of the RDP servers that fails over the tunnel every time, I created a temporary port forward in to it on 3389 and hitting that public IP works fine but still not the private IP over the tunnel.



    EDIT - removed brain fart comment failing to recall IPSec overhead

  5. #5
    Untangler
    Join Date
    Sep 2018
    Posts
    51

    Default

    Any further thoughts? This is bizarre and unexpected!

  6. #6
    Master Untangler bluechris's Avatar
    Join Date
    May 2016
    Location
    Athens, Greece
    Posts
    180

    Default

    If you try the interconnect of the 2 untangle with openvpn you get the same problems? I say this because i had some troubles some years ago and openvpn saved me.

  7. #7
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,491

    Default

    I'm with DMorris, this feels like an MTU issue and that's not good because troubleshooting those are painful. My only suggestion is to open a ticket with Untangle support because we need more access than we have via the forums to dig through this.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  8. #8
    Untangler
    Join Date
    Sep 2018
    Posts
    51

    Default

    I've opened a ticket and will try to report back here.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2