Site to Site OpenVPN, RDP times out after 20-30 seconds
-
Office: Netgate SG-4860
LAN Network: 10.0.0.0/24
Tunnel Network: 10.0.5.0/24Warehouse: Netgate SG-1100
LAN Network: 10.0.20.0/24
Tunnel Network: 10.0.5.0/24Office VPN Server: Netgate SG-4860
OpenVPN on port 1195 - AES-256-CBC/SHA256
Peer to Peer (Shared Key)
tun - Layer 3 Tunnel ModeWarehouse client computes on 10.0.20.0/24 can access office resources 10.0.0.0/24 perfectly fine and visa versa.
The VPN tunnel has been established for a few days now without issue, copying large files over the VPN via SMB seems fine.
The problem:
If I remote desktop in to a computer on the warehouse network from the office network RDP will work fine for maybe 20-30 seconds, then the remote session will freeze, before RDP disconnect and reconnects straight away, then 20-30 seconds later the same will happen.
I’m a bit lost as to what might be the issue here. I did see a suggestion to packet sniff with Wireshark, around the time the RDP connection has issues I see various TCP retransmission events in Wireshark.
In the screenshot example 10.0.0.20 is the computer on the office network i’m running Wireshark on, when connected to 10.0.20.2 on the warehouse network via RDP.
Any suggestions would be welcome.
-
Spurious retransmission is sometimes an indication of packet loss
-
Can you please show all your OpenVPN settings?
-Rico
-
Thank you for the replies, please find a full screenshot of the settings for both below.
Office VPN Server: https://www.dropbox.com/s/z9ftmqcd1hu3rja/Office%20Settings.jpg?dl=0
Warehouse VPN Client: https://www.dropbox.com/s/iy55468j08csjio/Warehouse%20Settings.jpg?dl=0
-
Disable NCP for both sites, GCM is not working with Shared Key anyway.
Disable Hardware Crypto for both.
I'd also check the Logs, interesting is
Status > System Logs > System > General
Status > System Logs > System > Gateway
Status > System Logs > OpenVPN
for both Firewalls as soon as the RDP problem happens.For gateway monitoring you should have set an external monitor IP in System > Routing > Gateways > Edit Your IPv4 Gateway.
-Rico
-
Thank you for the reply Rico, i've made the suggested changes. Everything seems ok so far.
I appreciate the advice.
-
Glad you have it working now.
-Rico