SoftEther VPN User Forum

SoftEther VPN User Forum
https://forum.softether.org/

IP Checksum 0x0000 when firewall is enabled

https://forum.softether.org/viewtopic.php?f=7&t=2620

Page 1 of 1

IP Checksum 0x0000 when firewall is enabled

Posted: Sat Jan 18, 2014 9:48 pm
by petrov
Hi,

I have found something strange on Windows Server 2003 with SP2.

On this machine the SE-VPN is running as Server.
I can access this machine over Remote Desktop from the local network.

After I connect to this machine from the internet through SE-VPN (SSTP) i can't use Remote Destkop. As VPN-Client I am in the same IP network (DHCP) as the machine, the firewall is configured correctly, ports forwarded, etc., but what I see is only gray backgrond, the login window is not shown. Then comes timeout.

I used Wireshark to investigate and found, that IP frames sent by this machine to the VPN-connected client have checksum of 0x0000.
In internet I found that I should try disabling ChecksumOffload of the NIC - but this didn't help, then I tried to disable the firewall on the machine - indeed the checksums were now correct and i was able to connect from the VPN-Client to this machine via Remote Desktop. So my conclusion is, that the Windows build-in firewall does not work 100% correct.

My question is: How works SoftEther in thist case?
IP documentation says, that IP checksums may be 0x0000 and any IP stack should work.

Any sugestions?

Best regards,
petrov

Re: IP Checksum 0x0000 when firewall is enabled

Posted: Sat Jan 18, 2014 10:56 pm
by inten
If you can see grey screen that means RDP session is established and this is not a SoftEther server problem. You should check Windows Server logs for possible error.

Re: IP Checksum 0x0000 when firewall is enabled

Posted: Mon Jan 20, 2014 6:56 am
by petrov
It is not what I was asking about.

My question is:
How does the SoftEther package work in case of IP packets with checksum 0x0000 being sent from the PC. Are these packets dropped by SoftEther? Are these packets accepted by SoftEther?

Re: IP Checksum 0x0000 when firewall is enabled

Posted: Mon Jan 20, 2014 10:19 pm
by qupfer
can be a bit more specifiy, what you try to do?

Do you want access rdp through the vpn on the same machine, the vpn server is runnung? Or You have
Client<---"Internet"--->VPNServer<---LAN--->RDP Machine?

And maybe take a look at: http://wiki.wireshark.org/TCP_Checksum_Verification

Re: IP Checksum 0x0000 when firewall is enabled

Posted: Tue Jan 21, 2014 11:05 pm
by petrov
My scenario:
Client<---"Internet"--->(WindowsSever machine with VPNServer -> RDP on this machine)

Yes, I want to access rdp through the vpn on the same machine.
VPN is runnig, router / firewall is configured correctly.

I use this Wireshark option already - as you sugested.
Seems to be OK, other machines can access the rdp.
Only machines connected through VPN-Server can not.
BUT if I disable the Windows build-in firewall then these IP packets have correct checksums (not 0x0000) and then all machines can connect.

That's why I'm asking how the VPN-Server is working with IP-frames with checksum 0x0000 - packets are dropped? then this would explain my situation.
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/