Losing connection to remote desktop
My first post in here and not sure whether it belongs under NAT, but my best guess. I have an issue with a remote desktop machine disconnecting when bringing up a VPN (bear with me). Here is the setup:
- PFSense configured as office firewall
- Windows domain configured to run DHCP and DNS
- Remote Desktop gateway configured on Windows domain with an externally accessible page on the internet through one of our domains (standard wizard configuration) and successfully through PFSense.
- Snort installed on firewall (in case it matters)
- PFSense is the router and is connected to by a 1Gb bearer as our internet connection (we have fantastic speeds)
The steps to reproduce are as follows:
- Connect to the remote desktop gateway from a machine on my home network (or any network outside the office)
- Click on the machine I want to connect to (a virtual machine)
- RDP file downloads to my external machine
- Run this file and connection to the machine is established through the domain controller using an SSL vpn (do not need to establish a VPN separately, all this technology is handled by the domain as part of their remote desktop gateway technology)
This all works fine with no issues. However, we have some servers in a datacentre which we need to connect to and this is locked to our office IP address for security. If I connect to this VPN from the virtual machine I am remoted into, the machine suddenly goes offline and is no longer accessible.
This has previously worked fine when we were running a smoothwall, however since changing to PFSense, this has started being an issue. I am not overly sure where the issue lies. Does anyone have any insight into this? And apologies in advance if I have posted this in the wrong place, it seems most logical that it should be a NAT issue but could be way off.
johnpoz LAYER 8 Global Moderator
Well sounds like your forcing all traffic through the vpn, vs just routing the specific destination network through the vpn.
In the openvpn server setting in pfsense it would be this check box
Redirect IPv4 Gateway
Force all client-generated IPv4 traffic through the tunnel.
I downloaded a different VPN client after spending far too long trying to solve this and it seems to be working fine. It is just bad timing that it started happening with the change in firewall, a spurious correlation. Everything was configured correctly and happening on multiple machines and different users.