OpenVPN and remote desktop problem
-
I'm having a problem with a road warrior client and connecting with remote desktop to workstations on LAN.
This is the situation:
The host A is on the LAN. Host C is the problematic client which connects from outside (the users home network with several computers) to the OpenVPN endpoint. Host and client are running windows xp sp2. I am using bridged VPN.
The VPN tunnel seems to establish correctly.
Host C cannot connect to host A with Remote Desktop when connecting over the VPN.
It seems that connection is established for several seconds and then disconnected with message
"Your remote desktop connection was broken …"
But host C can ping host A when connecting over the VPN and open shared directory on host A.
I can connect to host A from local network (with remote desktop).I have tried disabling the windows firewall on Host C with no changes.
I hope some of you guys can help me get this to work.
Windump from host A is attached as .txt (comp72 is hostA, AD is host C):
-
#1 problem: are both networks (user and pfsense) using the same network address scheme? (192.168.0.1/24 or similar) they will connect but no access to anything else other than a vpn connection. if so thats the problem set pfsense to be a 10.x.x.x or 172.16.x.x.
-
Yes, they are.
I am not sure that I understand. I can ping host A over VPN and I can also access shared directory on host A over VPN.
So I have access to host A over VPN. -
Set your lan (remote site) to say 192.168.x.x/24 and your local (were you are physically at) to say 172.16.x.x/24 and see if that works. I had this problem with M0n0wall, and this fixed it.
they need to be different networks you can not have the client network address scheme be the same as the one they are going to vpn into, they will connect but none of the routers will know what to do with the data.
the two schemes above will work but you can really choose whatever you want. if you are using say a 10.x.x.x/24 for one use 10.w.w.w/24 for the other or 10.x.x.x/24 and 10.x.y.y/24 both work.chances are you have two 192.168.0.1/24 networks change the one to 192.168.1.1/24 and leave the other at 192.168.0.1/24, this would be the easiest if they are both using a 192.168.0.1 network. the options are really endless.
-
If you are using the same subnet on both ends you results would be totally unpredictable. Make sure that each remote network has their IP network. That will correct your network connectivity issue.
Now if you are determined to use the same network on each end you would have to break that original subnet into pieces.
Example: 4 subnets(4 networks of 64 addresses)
That would be a subnet mask of 255.255.255.240(28 bit mask).I have 7 VPN tunnels running from behind my PF-Sense each has there on unique 255.255.255.0(24 bit mask). I even have IPsec VPN tunnels for remote VPN connectivity and OpenVPN connectivity. Each one of those has their on unique subnet.
So in all my small home/business network has 7 active vpn tunnels, 5 internal subnets(business network, storage network(ISCSI), wireless subnet, IPsec VPN tunnels, OpenVPN tunnels) I am actively using 5 class C (24 bit subnets) and accessing 7 class networks (24 bit networks)
I work very hard to implement as much technology in my home/business network that keeps my network and infrastructure skill strong. I have gone totally virtual as well no real servers in my farm. I am using XenServer Enterprise, with OpenFiler (ISCSI target service enable, SMB service enable, and NFS). So that in a nut shell is what I am doing with my home network.
RC
.