RDP wont work on FullTAP?

profIT · Aug 12, 2018, 9:30 PM

I'm trying to RDP into my remote office computer. OpenVPN is all setup and I connect to the office network, but for some reason I CANT connect to the computer via RDP. It is enabled and everything but it giving me the default error when I try to connect.

Any ideas?

heper · Aug 12, 2018, 10:42 PM

windows firewall blocking unknown subnets ?

Gil · Aug 12, 2018, 10:51 PM

What RDP authentication level is set on the machine?

profIT · Aug 12, 2018, 11:50 PM

@heper its a bridged config so im on the same subnet

profIT · Aug 13, 2018, 12:12 AM

@gil I tried without network level authentication but that still didnt solve it

Gil · Aug 15, 2018, 10:40 PM

I assume RDP works when directly connected to the subnet & windows firewall rules are therefore correct?

profIT · Aug 15, 2018, 10:41 PM

@gil yes, and thats the part that doesnt make sense when it comes to RDP being fully enables and still not working

Milkwyrm · Aug 16, 2018, 3:15 AM

Assuming Windows client to Windows server. you are patched up to the same level both ends and not getting hit with the CredSSP message?
You mention that you connect to the office network in your first post, but can the server ping the client machine?

profIT · Aug 16, 2018, 3:15 AM

@milkwyrm yes, I am connecting to a server and I tried pinging, it gave me:

Destination host unreachable.

I don't know about "CredSSP message?"

Milkwyrm · Aug 16, 2018, 3:25 AM

Some of the recent RDP patches from MS caused an issue where the device/server you were connecting to didnt have the same level of patching applied. You'd know it if you saw it.
You might want to confirm the firewalls on both client and server allow RDP and Ping (ICMP) through (even going so far as to temporarily turning the Windows firewalls off). Then, with the VPN running, check both can ping each other to confirm that the routing is correctly established. Then move on to resolving any RDP issue that may or may not exist.

profIT · Aug 16, 2018, 4:40 PM

First off, thanks for your tips @Milkwyrm !

Second, I tried allowing remote desktop through group policy, AND turning windows firewall off - both gave me no luck. Turns out I cant RDP into a windows 10 computer either, which makes me think that this might be a OpenVPN issue?

I don't know if this means anything but I do get this log error when connecting into OpenVPN:

TLS Error: local/remote TLS keys are out of sync: my ip
TLS Error: local/remote TLS keys are out of sync: my ip
TLS Error: local/remote TLS keys are out of sync: my ip

Gil · Aug 16, 2018, 9:46 PM

Looks like you are not connecting and have no routing at all.
Not really an RDP issue

profIT · Aug 16, 2018, 9:50 PM

@profit @Gil should clarify *i still get routed connection and am on local network despite those errors."

Milkwyrm · Aug 16, 2018, 9:51 PM

seems to be a fairly common issue.
https://forum.netgate.com/topic/113174/tls-error-local-remote-tls-keys-are-out-of-sync

https://www.google.com/search?q=TLS+Error%3A+local%2Fremote+TLS+keys+are+out+of+sync&ie=utf-8&oe=utf-8&client=firefox-b

You might want to start over. I always try to find at least 3 articles/how-to's for any setup I'm not experienced with and cheery pick the parts that are common between them to figure it out. My primary PFsense unit runs 13 IPSEC site-to-site tunnels and 2 Ovpn client/server instances and one Ovpn site-to-site without issue from day one, so it's definitely a rock solid solution once you figure it out.

profIT · Aug 16, 2018, 10:20 PM

@milkwyrm reconfigured my server, created new users and that TLS thing is gone, and I connect to the network with no problems now, I can browse the internet and sign into pfsense gui.

However, still cannot ping anything on the network

profIT · Aug 16, 2018, 10:22 PM

@profit i want to mention im not on a different subnet either, im actually bridged onto the LAN. Is this the moment where i post my config file in here?

Milkwyrm · Aug 16, 2018, 11:51 PM

Is there a particular reason you have for using a bridged network? I'm guessing from the first post this is a road warrior vpn rather than a static site to site connection.
Are you using local Auth, or AD for your users.
can you post the config for both ends (minus any sensitive info).

profIT · Aug 18, 2018, 3:55 PM

@Milkwyrm No particular reason. Am using local auth.

Language-dev
Language-kotlin

verb 1
dev-type tap
dev-node /dev/tap1
writepid /var/run/openvpn_server1.pid
#user nobody
#group nobody
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp4
cipher AES-128-CBC
auth SHA1
up /usr/local/sbin/ovpn-linkup
down /usr/local/sbin/ovpn-linkdown
client-connect /usr/local/sbin/openvpn.attributes.sh
client-disconnect /usr/local/sbin/openvpn.attributes.sh
local x.x.x.x
engine rdrand
tls-server
mode server
push "route-gateway 10.0.1.1"
username-as-common-name
auth-user-pass-verify "/usr/local/sbin/ovpn_auth_verify user TG9jYWwgRGF0YWJhc2U= false server1 1194" via-env
tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'ServerCert' 1"
lport 1194
management /var/etc/openvpn/server1.sock unix
push "redirect-gateway def1"
client-to-client
ca /var/etc/openvpn/server1.ca 
cert /var/etc/openvpn/server1.cert 
key /var/etc/openvpn/server1.key 
dh /etc/dh-parameters.2048
tls-auth /var/etc/openvpn/server1.tls-auth 0
ncp-ciphers AES-256-GCM:AES-128-GCM
fast-iojava

profIT · Aug 30, 2018, 4:29 AM

Forget RDP not working, I'm having trouble connected to a mapped network drive at the office...

Gil · Aug 31, 2018, 1:46 AM

Have you set up your routing?
It is possible to have an openvpn connection but no routing.