• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

RDP wont work on FullTAP?

OpenVPN
5
21
1.8k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • P
    profIT
    last edited by Aug 12, 2018, 9:30 PM

    I'm trying to RDP into my remote office computer. OpenVPN is all setup and I connect to the office network, but for some reason I CANT connect to the computer via RDP. It is enabled and everything but it giving me the default error when I try to connect.

    Any ideas?

    1 Reply Last reply Reply Quote 0
    • H
      heper
      last edited by Aug 12, 2018, 10:42 PM

      windows firewall blocking unknown subnets ?

      P 1 Reply Last reply Aug 12, 2018, 11:50 PM Reply Quote 1
      • G
        Gil Rebel Alliance
        last edited by Aug 12, 2018, 10:51 PM

        What RDP authentication level is set on the machine?

        11 cheers for binary

        P 1 Reply Last reply Aug 12, 2018, 11:53 PM Reply Quote 1
        • P
          profIT @heper
          last edited by Aug 12, 2018, 11:50 PM

          @heper its a bridged config so im on the same subnet

          1 Reply Last reply Reply Quote 0
          • P
            profIT @Gil
            last edited by profIT Aug 13, 2018, 12:12 AM Aug 12, 2018, 11:53 PM

            @gil I tried without network level authentication but that still didnt solve it

            G 1 Reply Last reply Aug 15, 2018, 10:40 PM Reply Quote 0
            • G
              Gil Rebel Alliance @profIT
              last edited by Aug 15, 2018, 10:40 PM

              I assume RDP works when directly connected to the subnet & windows firewall rules are therefore correct?

              11 cheers for binary

              P 1 Reply Last reply Aug 15, 2018, 10:41 PM Reply Quote 1
              • P
                profIT @Gil
                last edited by Aug 15, 2018, 10:41 PM

                @gil yes, and thats the part that doesnt make sense when it comes to RDP being fully enables and still not working

                1 Reply Last reply Reply Quote 0
                • M
                  Milkwyrm
                  last edited by Aug 15, 2018, 11:06 PM

                  Assuming Windows client to Windows server. you are patched up to the same level both ends and not getting hit with the CredSSP message?
                  You mention that you connect to the office network in your first post, but can the server ping the client machine?

                  P 1 Reply Last reply Aug 16, 2018, 3:15 AM Reply Quote 0
                  • P
                    profIT @Milkwyrm
                    last edited by Aug 16, 2018, 3:15 AM

                    @milkwyrm yes, I am connecting to a server and I tried pinging, it gave me:

                    Destination host unreachable.
                    

                    I don't know about "CredSSP message?"

                    1 Reply Last reply Reply Quote 0
                    • M
                      Milkwyrm
                      last edited by Milkwyrm Aug 16, 2018, 3:25 AM Aug 16, 2018, 3:23 AM

                      Some of the recent RDP patches from MS caused an issue where the device/server you were connecting to didnt have the same level of patching applied. You'd know it if you saw it.
                      You might want to confirm the firewalls on both client and server allow RDP and Ping (ICMP) through (even going so far as to temporarily turning the Windows firewalls off). Then, with the VPN running, check both can ping each other to confirm that the routing is correctly established. Then move on to resolving any RDP issue that may or may not exist.

                      1 Reply Last reply Reply Quote 1
                      • P
                        profIT
                        last edited by Aug 16, 2018, 4:40 PM

                        First off, thanks for your tips @Milkwyrm !

                        Second, I tried allowing remote desktop through group policy, AND turning windows firewall off - both gave me no luck. Turns out I cant RDP into a windows 10 computer either, which makes me think that this might be a OpenVPN issue?

                        I don't know if this means anything but I do get this log error when connecting into OpenVPN:

                        TLS Error: local/remote TLS keys are out of sync: my ip
                        TLS Error: local/remote TLS keys are out of sync: my ip
                        TLS Error: local/remote TLS keys are out of sync: my ip

                        P 1 Reply Last reply Aug 16, 2018, 9:50 PM Reply Quote 0
                        • G
                          Gil Rebel Alliance
                          last edited by Aug 16, 2018, 9:46 PM

                          Looks like you are not connecting and have no routing at all.
                          Not really an RDP issue

                          11 cheers for binary

                          1 Reply Last reply Reply Quote 1
                          • P
                            profIT @profIT
                            last edited by Aug 16, 2018, 9:50 PM

                            @profit @Gil should clarify *i still get routed connection and am on local network despite those errors."

                            1 Reply Last reply Reply Quote 0
                            • M
                              Milkwyrm
                              last edited by Aug 16, 2018, 9:51 PM

                              seems to be a fairly common issue.
                              https://forum.netgate.com/topic/113174/tls-error-local-remote-tls-keys-are-out-of-sync

                              https://www.google.com/search?q=TLS+Error%3A+local%2Fremote+TLS+keys+are+out+of+sync&ie=utf-8&oe=utf-8&client=firefox-b

                              You might want to start over. I always try to find at least 3 articles/how-to's for any setup I'm not experienced with and cheery pick the parts that are common between them to figure it out. My primary PFsense unit runs 13 IPSEC site-to-site tunnels and 2 Ovpn client/server instances and one Ovpn site-to-site without issue from day one, so it's definitely a rock solid solution once you figure it out.

                              P 1 Reply Last reply Aug 16, 2018, 10:20 PM Reply Quote 1
                              • P
                                profIT @Milkwyrm
                                last edited by Aug 16, 2018, 10:20 PM

                                @milkwyrm reconfigured my server, created new users and that TLS thing is gone, and I connect to the network with no problems now, I can browse the internet and sign into pfsense gui.

                                However, still cannot ping anything on the network

                                ☺

                                P 1 Reply Last reply Aug 16, 2018, 10:22 PM Reply Quote 0
                                • P
                                  profIT @profIT
                                  last edited by Aug 16, 2018, 10:22 PM

                                  @profit i want to mention im not on a different subnet either, im actually bridged onto the LAN. Is this the moment where i post my config file in here?

                                  1 Reply Last reply Reply Quote 0
                                  • M
                                    Milkwyrm
                                    last edited by Aug 16, 2018, 11:51 PM

                                    Is there a particular reason you have for using a bridged network? I'm guessing from the first post this is a road warrior vpn rather than a static site to site connection.
                                    Are you using local Auth, or AD for your users.
                                    can you post the config for both ends (minus any sensitive info).

                                    1 Reply Last reply Reply Quote 1
                                    • P
                                      profIT
                                      last edited by Aug 18, 2018, 3:55 PM

                                      @Milkwyrm No particular reason. Am using local auth.

                                      • Language-dev
                                      • Language-kotlin
                                      verb 1
                                      dev-type tap
                                      dev-node /dev/tap1
                                      writepid /var/run/openvpn_server1.pid
                                      #user nobody
                                      #group nobody
                                      script-security 3
                                      daemon
                                      keepalive 10 60
                                      ping-timer-rem
                                      persist-tun
                                      persist-key
                                      proto udp4
                                      cipher AES-128-CBC
                                      auth SHA1
                                      up /usr/local/sbin/ovpn-linkup
                                      down /usr/local/sbin/ovpn-linkdown
                                      client-connect /usr/local/sbin/openvpn.attributes.sh
                                      client-disconnect /usr/local/sbin/openvpn.attributes.sh
                                      local x.x.x.x
                                      engine rdrand
                                      tls-server
                                      mode server
                                      push "route-gateway 10.0.1.1"
                                      username-as-common-name
                                      auth-user-pass-verify "/usr/local/sbin/ovpn_auth_verify user TG9jYWwgRGF0YWJhc2U= false server1 1194" via-env
                                      tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'ServerCert' 1"
                                      lport 1194
                                      management /var/etc/openvpn/server1.sock unix
                                      push "redirect-gateway def1"
                                      client-to-client
                                      ca /var/etc/openvpn/server1.ca 
                                      cert /var/etc/openvpn/server1.cert 
                                      key /var/etc/openvpn/server1.key 
                                      dh /etc/dh-parameters.2048
                                      tls-auth /var/etc/openvpn/server1.tls-auth 0
                                      ncp-ciphers AES-256-GCM:AES-128-GCM
                                      fast-iojava
                                      
                                      <
                                      1 Reply Last reply Reply Quote 0
                                      • P
                                        profIT
                                        last edited by Aug 30, 2018, 4:29 AM

                                        Forget RDP not working, I'm having trouble connected to a mapped network drive at the office...

                                        1 Reply Last reply Reply Quote 0
                                        • G
                                          Gil Rebel Alliance
                                          last edited by Aug 31, 2018, 1:46 AM

                                          Have you set up your routing?
                                          It is possible to have an openvpn connection but no routing.

                                          11 cheers for binary

                                          1 Reply Last reply Reply Quote 0
                                          • First post
                                            Last post
                                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.