RDP Issues

yoda715 · Jan 10, 2007, 4:37 AM

K, are you able to connect to Host on the DMZ segment from your LAN Segment?

DWAyotte · Jan 10, 2007, 2:51 PM

yes

yoda715 · Jan 10, 2007, 8:23 PM

Well, I'm not positive what is going on, but I know the MSS feature in PIX's is new to the 7.0 version.

pfSense, as of right now, does not do any MSS filtering like the pix. The MSS values should remain unchanged as they pass through the pfSense. Negotiation of the MSS value should also work properly through the pfSense.

I have to say that, since you are able to connect to the DMZ segment from the LAN segment, the pfSense is working as it should.

That MSS fix should work. If you are running 7.2, and you've tried it the previous fix, try using the ADSM to look for the checkbox about the MSS default deny. I can't remember where it was under the ADSM, but there is a checkbox that says something like 'allow MSS exceeded values.'

The only thing that I can surmise is that maybe a router might be throwing off the MSS.

iorx · Jun 23, 2007, 1:25 AM

Maybe this thread isn't active any more. But I could report that I have the same problem.

RDP Client -(PPTP)-> fpSense 1.2 -(PPTP)-> Corp. Firewall –> Terminal Services / Remote Admin

I also just get a black screen connecting to machines on the other side. But, If start one more RDP-Client and try to connect to the same host, at the same time the first started show a black screen, I can connect. Strange, but it works.

Haven't sniffed any traffice on this one. But may the above info can help out resolve this problem.

sash · Nov 5, 2007, 9:35 PM

@iorx:

Maybe this thread isn't active any more. But I could report that I have the same problem.

RDP Client -(PPTP)-> fpSense 1.2 -(PPTP)-> Corp. Firewall –> Terminal Services / Remote Admin

I also just get a black screen connecting to machines on the other side. But, If start one more RDP-Client and try to connect to the same host, at the same time the first started show a black screen, I can connect. Strange, but it works.

Haven't sniffed any traffice on this one. But may the above info can help out resolve this problem.

i have the same issue like you discribed. I think its because of my VMWARE Setu, i have installed pfSense inside a VM and this coused the problem. But if you have a real machine for pfsense, i think its an pfsense fault.

is there anything to get a fix? Does someone know where or what rdp get blcked?!

i'll try to help as much as i can - someone hast to say me what i can do :)

thx,

sash

sash(at)gmx.it

morbus · Nov 8, 2007, 9:27 AM

I had this problem before. It was caused by the MTU on one end being to big to "fit" at the other end
Network looks like this
Pfsense(ethernet - mtu 1500) -> internet -> (ADSL mtu - 1462)Pfsense

What I had to do was reduce the mtu on the ethernet side ie
Pfsense(ethernet - mtu 1412) -> internet -> (ADSL mtu - 1462)Pfsense

My problem was exaggerated by running the rdp through an IPSEC tunnel that adds extra overheads so you may not need to reduce your mtu so far

pinoyboy · Nov 27, 2007, 9:18 PM

If you are on Vista (machine initiating the connection), then this is a terminal client issue, there's a regfix for this (turn off or disable TCP auto tuning). Connecting to XP, Vista, or Windows 2003 exhibits this problem…

sash · Dec 16, 2007, 9:18 PM

i have a win2003 TS behind a pfsense Box. The connection comes from the internet from another winxp client which can't connect to my 2003 server.

sash · Jan 26, 2008, 9:12 AM

i'm having still that problem that i can't connect via rdp to may 2003 Server. Are there any news or suggestions what i can do? I want to fix that problem. with m0n0 i don't have the prob.

sullrich · Jan 27, 2008, 6:43 AM

I had no idea how to fix it but googling tcp auto scaling windows 2003 came up with:

http://thesystemadministrator.com/The_System_Administrator/Tips_&Tricks/Disable_TCP_Auto-Tuning_to_Solve_Slow_Network(Vista)/

sash · Jan 27, 2008, 8:55 AM

@sullrich:

I had no idea how to fix it but googling tcp auto scaling windows 2003 came up with:

http://thesystemadministrator.com/The_System_Administrator/Tips_&Tricks/Disable_TCP_Auto-Tuning_to_Solve_Slow_Network(Vista)/

thanks for your reply, but i don't think that this is the issue. It doesn'tmatter which OS the Client has. It can be an Win2003 Server, an XP Machine oder a Vista Box. Everywhere its the same Problem. I can receive some secondes every package from my Server - an then no –> the Server doenst response. if i took my m0n0 back, with the same conf --> everything work fine.

Firewall lets every package pass - nat is configured well. what can i do to help you ?

greets,

sash
sashxp@gmail.com