Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Site to Site OpenVPN, RDP times out after 20-30 seconds

    Scheduled Pinned Locked Moved OpenVPN
    7 Posts 3 Posters 637 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      Gardinia
      last edited by

      Office: Netgate SG-4860

      LAN Network: 10.0.0.0/24
      Tunnel Network: 10.0.5.0/24

      Warehouse: Netgate SG-1100

      LAN Network: 10.0.20.0/24
      Tunnel Network: 10.0.5.0/24

      Office VPN Server: Netgate SG-4860
      OpenVPN on port 1195 - AES-256-CBC/SHA256
      Peer to Peer (Shared Key)
      tun - Layer 3 Tunnel Mode

      Warehouse client computes on 10.0.20.0/24 can access office resources 10.0.0.0/24 perfectly fine and visa versa.

      The VPN tunnel has been established for a few days now without issue, copying large files over the VPN via SMB seems fine.

      The problem:

      If I remote desktop in to a computer on the warehouse network from the office network RDP will work fine for maybe 20-30 seconds, then the remote session will freeze, before RDP disconnect and reconnects straight away, then 20-30 seconds later the same will happen.

      I’m a bit lost as to what might be the issue here. I did see a suggestion to packet sniff with Wireshark, around the time the RDP connection has issues I see various TCP retransmission events in Wireshark.

      wireshark.jpg

      In the screenshot example 10.0.0.20 is the computer on the office network i’m running Wireshark on, when connected to 10.0.20.2 on the warehouse network via RDP.

      Any suggestions would be welcome.

      1 Reply Last reply Reply Quote 0
      • kiokomanK
        kiokoman LAYER 8
        last edited by

        Spurious retransmission is sometimes an indication of packet loss

        ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
        Please do not use chat/PM to ask for help
        we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
        Don't forget to Upvote with the 👍 button for any post you find to be helpful.

        1 Reply Last reply Reply Quote 1
        • RicoR
          Rico LAYER 8 Rebel Alliance
          last edited by

          Can you please show all your OpenVPN settings?

          -Rico

          1 Reply Last reply Reply Quote 0
          • G
            Gardinia
            last edited by

            Thank you for the replies, please find a full screenshot of the settings for both below.

            Office VPN Server: https://www.dropbox.com/s/z9ftmqcd1hu3rja/Office%20Settings.jpg?dl=0

            Warehouse VPN Client: https://www.dropbox.com/s/iy55468j08csjio/Warehouse%20Settings.jpg?dl=0

            1 Reply Last reply Reply Quote 0
            • RicoR
              Rico LAYER 8 Rebel Alliance
              last edited by Rico

              Disable NCP for both sites, GCM is not working with Shared Key anyway.
              Disable Hardware Crypto for both.
              I'd also check the Logs, interesting is
              Status > System Logs > System > General
              Status > System Logs > System > Gateway
              Status > System Logs > OpenVPN
              for both Firewalls as soon as the RDP problem happens.

              For gateway monitoring you should have set an external monitor IP in System > Routing > Gateways > Edit Your IPv4 Gateway.

              -Rico

              1 Reply Last reply Reply Quote 1
              • G
                Gardinia
                last edited by

                Thank you for the reply Rico, i've made the suggested changes. Everything seems ok so far.

                I appreciate the advice.

                1 Reply Last reply Reply Quote 1
                • RicoR
                  Rico LAYER 8 Rebel Alliance
                  last edited by

                  Glad you have it working now.

                  -Rico

                  1 Reply Last reply Reply Quote 1
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.