RDP wont work on FullTAP?
-
I'm trying to RDP into my remote office computer. OpenVPN is all setup and I connect to the office network, but for some reason I CANT connect to the computer via RDP. It is enabled and everything but it giving me the default error when I try to connect.
Any ideas?
-
windows firewall blocking unknown subnets ?
-
What RDP authentication level is set on the machine?
-
@heper its a bridged config so im on the same subnet
-
@gil I tried without network level authentication but that still didnt solve it
-
I assume RDP works when directly connected to the subnet & windows firewall rules are therefore correct?
-
@gil yes, and thats the part that doesnt make sense when it comes to RDP being fully enables and still not working
-
Assuming Windows client to Windows server. you are patched up to the same level both ends and not getting hit with the CredSSP message?
You mention that you connect to the office network in your first post, but can the server ping the client machine? -
@milkwyrm yes, I am connecting to a server and I tried pinging, it gave me:
Destination host unreachable.
I don't know about "CredSSP message?"
-
Some of the recent RDP patches from MS caused an issue where the device/server you were connecting to didnt have the same level of patching applied. You'd know it if you saw it.
You might want to confirm the firewalls on both client and server allow RDP and Ping (ICMP) through (even going so far as to temporarily turning the Windows firewalls off). Then, with the VPN running, check both can ping each other to confirm that the routing is correctly established. Then move on to resolving any RDP issue that may or may not exist. -
First off, thanks for your tips @Milkwyrm !
Second, I tried allowing remote desktop through group policy, AND turning windows firewall off - both gave me no luck. Turns out I cant RDP into a windows 10 computer either, which makes me think that this might be a OpenVPN issue?
I don't know if this means anything but I do get this log error when connecting into OpenVPN:
TLS Error: local/remote TLS keys are out of sync: my ip
TLS Error: local/remote TLS keys are out of sync: my ip
TLS Error: local/remote TLS keys are out of sync: my ip -
Looks like you are not connecting and have no routing at all.
Not really an RDP issue -
-
seems to be a fairly common issue.
https://forum.netgate.com/topic/113174/tls-error-local-remote-tls-keys-are-out-of-synchttps://www.google.com/search?q=TLS+Error%3A+local%2Fremote+TLS+keys+are+out+of+sync&ie=utf-8&oe=utf-8&client=firefox-b
You might want to start over. I always try to find at least 3 articles/how-to's for any setup I'm not experienced with and cheery pick the parts that are common between them to figure it out. My primary PFsense unit runs 13 IPSEC site-to-site tunnels and 2 Ovpn client/server instances and one Ovpn site-to-site without issue from day one, so it's definitely a rock solid solution once you figure it out.
-
@milkwyrm reconfigured my server, created new users and that TLS thing is gone, and I connect to the network with no problems now, I can browse the internet and sign into pfsense gui.
However, still cannot ping anything on the network
-
@profit i want to mention im not on a different subnet either, im actually bridged onto the LAN. Is this the moment where i post my config file in here?
-
Is there a particular reason you have for using a bridged network? I'm guessing from the first post this is a road warrior vpn rather than a static site to site connection.
Are you using local Auth, or AD for your users.
can you post the config for both ends (minus any sensitive info). -
@Milkwyrm No particular reason. Am using local auth.
verb 1 dev-type tap dev-node /dev/tap1 writepid /var/run/openvpn_server1.pid #user nobody #group nobody script-security 3 daemon keepalive 10 60 ping-timer-rem persist-tun persist-key proto udp4 cipher AES-128-CBC auth SHA1 up /usr/local/sbin/ovpn-linkup down /usr/local/sbin/ovpn-linkdown client-connect /usr/local/sbin/openvpn.attributes.sh client-disconnect /usr/local/sbin/openvpn.attributes.sh local x.x.x.x engine rdrand tls-server mode server push "route-gateway 10.0.1.1" username-as-common-name auth-user-pass-verify "/usr/local/sbin/ovpn_auth_verify user TG9jYWwgRGF0YWJhc2U= false server1 1194" via-env tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'ServerCert' 1" lport 1194 management /var/etc/openvpn/server1.sock unix push "redirect-gateway def1" client-to-client ca /var/etc/openvpn/server1.ca cert /var/etc/openvpn/server1.cert key /var/etc/openvpn/server1.key dh /etc/dh-parameters.2048 tls-auth /var/etc/openvpn/server1.tls-auth 0 ncp-ciphers AES-256-GCM:AES-128-GCM fast-iojava
<
-
Forget RDP not working, I'm having trouble connected to a mapped network drive at the office...
-
Have you set up your routing?
It is possible to have an openvpn connection but no routing.