Issue Printing behind MPLS



  • Hi,

    I've setup 2 pfsense 2.0.3 with this scenario:

    MPLS(dont know the IP)  MPLS(192.6.1.2)
       Network Printer –--PC1--------------------------------------Firewall ----------TS(Terminal Server)
             /\                (192.11.1.10)                                LAN(192.6.1.1)                           /
              -----------------------------------------------------------------------------------

    The problem is there are some issues when I try to print from PC1 into TS that have the network printer installed on it, issues like, printing half page and then print this same half page again and again.
    I've enabled  Bypass firewall rules for traffic on the same interface , the communication between these networks work (i.e proxy)with no problem except from this.
    The reason to print from the TS is there are some application on it.
    I have see no blocked traffic nor something unusual to explain this behavior, i appreciate your help!

    Thanks!



  • Sounds like a printer driver issue. Are you using Server 2008 for TS?

    If so try disabling "Remote Desktop Easy Print"

    Its on as default and it was Microsofts way to help out with printer drivers. But it can cause issues with some models of printers. To turn it off its actually a GPO. Have a good of that! and then install the proper driver! you can obviously see what driver your using, under TS by doing properties of the printer.

    Good Luck!  ;D



  • try disabling "Remote Desktop Easy Print"

    It didn't work, I tested printing direct to the IP of the printer and it worked, however, I don't think the problem is the Windows print server, because sometimes it works, without any issue. It is intermittent, perhaps firewall is dropping something.

    Edit: Just to add, while using an old iptables firewall, POLICY ACCEPT, everything was fine, the problem appeared after I put my pfsense there.



  • I've captured a session while someone tried to print, and looks strange, a TCP keep alive (maybe it's ok but..), lots of TCP retransmission and a RST ACK, something strange too, lenght 1514 and DF set to don't fragment.
    This RST and TCP restransmission could explain why it is printing half page.
    This is the captured packet https://www.dropbox.com/s/gfu6mck26kisgod/packetcapture.cap, if someone can look  and help me figure out!

    Thanks!

    Edit: Checking this option Clear invalid DF bits instead of dropping the packets seems to do the trick, I'll check if the problem will happen again.



  • Unfortunately the problem has minimized, but it's still happening, I've had to do a route directly to the mpls from windows print server to not pass through firewall.



  • Why dont you change the firewall optimization? By default its set to Normal change it to conservative under advanced and Firewall/NAT Tab. See what happens.



  • oh make sure you reboot pfsense if you change it.



  • As far as I know, this only change the times of tcp connections. Maybe I'm wrong, but, you could explain why I should do that?



  • Because you mentioned packets are being dropped… Putting it in the mode i suggested, should stop it timing out.



  • Hi,

    We have exactly the same problem : New link between 2 Areas over MPLS, the users work from AREA 2 using RDP on server in AREA 1 and they print from this server on printers which are in Area2. The printings works very bad over this mpls link and arrive on the printers maybe 5 or 10 minutes later. Sometimes they never gone.

    I specify that our 2 areas were connected by an ipsec tunnel between 2 pfsense before the creation of MPLS link and ALL worked fine.

    We have also problem with several applications works on client/server mode between the 2 sites : for example a Web Application with pdf file transfer no longer works over MPLS !! the page load continuously until we have a white page…

    Anyone have experiment MPLS link over pfsense ?

    Thx !!



  • This happened on two different companies, but with the same scenario, my advice is  configure a static route on RDP server to route through the MPLS directly, or use site-to-site VPN.