Windows RDP issues over VPN
Posted: Mon May 03, 2021 5:58 am
I have made a LAN-to-LAN bridge using L3 IP routing as per the instructions here:
https://www.softether.org/4-docs/1-manu ... P_Routing)
It all seems to work fine, any machine on one network can access any machine on the other network.
However, Windows RDP connection between machines on the 2 networks doesn't work.
Connection to the RDP port 3389 is fine and you get a log in box and authenticates, it then says it is starting the session etc.. but then instead of the Windows desktop just a black screen appears and after a few seconds you get an error saying "the connection was lost".
I get exactly the same behaviour whether I use softether LAN-to-LAN IP routing or the openvpn equivalent set up i.e. everything works except Windows RDP, which sort of half works and then disconnects.
If I use a direct L2 bridge so that the VPN client is on the same network segment then it all works fine, the problem seems to be Windows RDP over a routed network. It also works fine if I port forward 3389 with an ssh connection.
I've seen lots of posts in forums saying "Windows RDP is a very simple protocol that just needs TCP to port 3389", so I don't understand what the issue is.
There's lots of tutorials saying that you can access RDP at a remote site using VPN, but they don't mention if they are using bridged or routed VPN, so my guess is that it is the former. I can't use bridged VPN because the 2 networks have different subnets.
This is driving me nuts, I've tried packet sniffing with wireshark to see what the difference is between a port-forwarded connection that works and a routed VPN connection that doesn't work and it looks like there is some UDP traffic that isn't getting through. The closest thing to my problem I've found is this ancient post on a cisco forum:
https://www.techrepublic.com/forums/dis ... ipsec-vpn/
I wonder if it is MTU issues? I had ssh connections that would drop if there was a lot of console output which I think is an MTU issue, I guess when the RDP connection is established there'll be a burst of a lot of data as the desktop is displayed? But then why does it work fine with a bridged connection?
https://www.softether.org/4-docs/1-manu ... P_Routing)
It all seems to work fine, any machine on one network can access any machine on the other network.
However, Windows RDP connection between machines on the 2 networks doesn't work.
Connection to the RDP port 3389 is fine and you get a log in box and authenticates, it then says it is starting the session etc.. but then instead of the Windows desktop just a black screen appears and after a few seconds you get an error saying "the connection was lost".
I get exactly the same behaviour whether I use softether LAN-to-LAN IP routing or the openvpn equivalent set up i.e. everything works except Windows RDP, which sort of half works and then disconnects.
If I use a direct L2 bridge so that the VPN client is on the same network segment then it all works fine, the problem seems to be Windows RDP over a routed network. It also works fine if I port forward 3389 with an ssh connection.
I've seen lots of posts in forums saying "Windows RDP is a very simple protocol that just needs TCP to port 3389", so I don't understand what the issue is.
There's lots of tutorials saying that you can access RDP at a remote site using VPN, but they don't mention if they are using bridged or routed VPN, so my guess is that it is the former. I can't use bridged VPN because the 2 networks have different subnets.
This is driving me nuts, I've tried packet sniffing with wireshark to see what the difference is between a port-forwarded connection that works and a routed VPN connection that doesn't work and it looks like there is some UDP traffic that isn't getting through. The closest thing to my problem I've found is this ancient post on a cisco forum:
https://www.techrepublic.com/forums/dis ... ipsec-vpn/
I wonder if it is MTU issues? I had ssh connections that would drop if there was a lot of console output which I think is an MTU issue, I guess when the RDP connection is established there'll be a burst of a lot of data as the desktop is displayed? But then why does it work fine with a bridged connection?