Persistent connection issue RDP/VNC

  • Hi all,

    I've been troubleshooting an issue for a while and am wondering if there are any advanced tuning options which might address this.

    Behind our pfSense 2.4.2p1 firewall we have a number of typical servers (mail/web/dns/etc) including a Neorouter P2P server. We have Neorouter installed on a number of our remote client's computers which we use for remote management and support. I've noticed that connections to any remote Neorouter connected device will disconnect regularly when using RDP or VNC yet a ping loop to the client VPN assigned IP address never loses a reply. When we connect to Internal devices via Neorouter VPN addresses we get no such disconnect as we're behind the pfSense firewall which leads me to believe that something is happening in the firewall to temporarily drop/interrupt the connection. Usually, RDP or VNC will disconnect for about 5-10 seconds and then successfully reconnect without closing the session. I've tried changing the Neorouter config from TCP to UDP and back again but it makes no difference, which brings me back to pfSense.

    Anyone have any ideas about what to tweak or change?



  • LAYER 8 Global Moderator

    I run rdp to my workstation at home through openvpn from work all the time… It stays up for hours on end without a blip..

    And even have to bounce my vpn connection off the proxy here at work to get to home..

    What are you seeing in the eventlog on these disconnects - if anything?

  • That's the frustrating part. Nothing, as the connection "freezes" briefly but doesn't close the session. I'm running pfSense (and Neorouter) in VMs. Hardware is kind of old by 2018 standards so I wonder if that has anything to do with it. I have a spare Hyper-V host with SSD storage that I should migrate the VMs to just to see if it makes a difference. I've considered OpenVPN too, which I might roll out for kicks, but I have like 40 hosts set up in NR and it worked so well up until October or so. I've been procrastinating doing anything about it as it's more of an irritant rather than a total loss of functionality. Maybe I should deploy a hardware pfsense install in the lab and see what happens. It's always nice to hope for a "change this value to X" and have a magical fix.

    I had a similar success rate with NR for quite a while and would do the same kind of thing as you describe!

Log in to reply