Can't RDP my pf client, help!

onlineph · Sep 7, 2013, 12:52 AM

Network Map:

Internet > pfserver > switch > pfclient (all within my house)

I was able to RDP my pfserver using win8 RDP however can't RDP my pfclient.

pfclient source WAN IP is 192.168.205.105
pfclient LAN IP is: 192.168.205.159

It seems like I can only RDP the pfserver but can't RDP pfclients. Is there any think that I need to config on the pf side, I mean from my pfserver?

I hope my query is not out of pf issues. Anyway, any advise is highly appreciated.

Thanks!

Nubee

kejianshi · Sep 7, 2013, 2:06 AM

I'm not sure exactly what you are doing, but if NAT on the WAN is involved at all from the LAN, pfsense doesn't really support NAT reflection for UDP.

onlineph · Sep 7, 2013, 2:59 AM

The reason why need to RDP my pfclient (my own pc in my room) is for me to be able to access it anywhere. I was able to access my pfserver so I got no prolem with it. My problem lies on my pc in my room drawing its internet from my my pfserver. I also need to RDP my pfclient. anyway, thanks.

kejianshi · Sep 7, 2013, 3:05 AM

Please describe HOW you are trying to access it. What IP address are you putting in the connect dialogue?

onlineph · Sep 7, 2013, 4:07 AM

I am using the external IP address seen in www.whatismyip.com, in the connect dialogue. The RDP dialogue presents me an aithentication username and password. I input my username and pwd but it behaves as if I am putting a wrong acct name and pwd. So I think I might have gone wrong on RDP config.

This is my pfclient RDP config on my ISP providers router:

Server name: RDP
Protocol: tcp (with option to UDP - dont know what it means)
Local IP add: 192.168.205.159
Local port: (I am using the same port in my pfserver RDP)
WAN port: (I am using the same port in my pfserver RDP)
State: Enable

My other question would be, am I correct configuring the RDP to remote my pfclient, from the ISP router? or shall I config the RDP thing from my pfsever (NAT)?

I really apologize for this seems silly, but I am a very beginner user of pf and I am still a long way understanding its function and how to config.

Thanks!

Nubee

kejianshi · Sep 7, 2013, 4:58 AM

OK - From outside of your network, this should work fine. No problems. But not from inside your network.

The thing is that when you type in your public IP while inside your network using TCP, NAT reflection will work fine. It will connect.

But real and true Microsoft RDP is UDP and NAT reflection isn't the greatest in pfsense and lots of firewalls actually. It won't connect.

So, if you want to test this, do it from outside your network. It will work if your NAT settings are correct.

If you need to adjust pfsense settings while testing from outside the network, use a VPN to access the WEB GUI.

BTW - You should just use openvpn to access pfsense from outside and then use RDP securely.

Using NAT to RDP into Windows directly via WAN is very unsecure. Hackers are everywhere there. Use VPN instead please.

onlineph · Sep 7, 2013, 5:02 AM

Ah thanks alot for that reminder.

I currently accessing my pfserver and pfclient from outside my network. I am hundred miles away from home now. I am able to RDP my pfserver but the files I need is in my pfclient (mypc) and I am trying to toy as to how am I going to access my pfclient.

I can access my pfserver using public IP, My only problem is how to access my own pc (pfclient) :-\

I suddenly become interested on "BTW - You should just use openvpn to access pfsense from outside and then use RDP securely." I just checked the openvpn gui and I am totally lost as to how to begin. If I may find favor, can you please teach me how to openvpn?

Thanks!

kejianshi · Sep 7, 2013, 5:20 AM

This should get you started - Once you get this basically working, we can talk adjusting it a little for you.

http://www.youtube.com/watch?v=VdAHVSTl1ys

Treat your pfsense subnet as if its a LAN subnet or a VLAN.

Make it separate from anything else you already have.

onlineph · Sep 7, 2013, 11:27 AM

Thanks a lot I'll be in touch!

johnpoz · Sep 7, 2013, 12:03 PM

"I am able to RDP my pfserver "

What – pfsense has not remote desktop software like windows Remote Desktop, which is what comes to mine with RDP. And while RDP 8 added udp support.. That is not default, windows 7 doesn't even have rdp 8 enabled.. you have to edit group policy to turn it on.

You mention "my ISP providers router:" So your double natting then?

You state this??
pfclient source WAN IP is 192.168.205.105
pfclient LAN IP is: 192.168.205.159

What?? Why would a client behind a NAT have both a wan and lan IP in the first place? And why would they be on the same nework I assume unless you got some non /24 mask?

If your going to want to access a computer via rdp behind pfsense which is behind an isp router

internet-isp router- pfsense-switch-pc

Then you need to forward 3389 tcp on your isp router to pfsense wan IP, then on pfsense you need to forward 3389 to the pc IP

You have this sort of thing with the double nat is seems like your doing.

internet -- <publicip>isp router <privateip-neta>-- <privateip-neta>pfsense <privateip-netb>-- switch -- <privateip-netb>PC

So on isp router forward 3389 tcp to pfsense privateIP on your isp router network, called netA in above example.. Then on pfsense forward 3389 to your PCs privateIP on network B in the above example.

If it was ME, I would remove the double nat sounds like your working with, and never in a million years directly expose RDP to the public internet - VPN into your network, then access remote desktop to any of your machines via the vpn connection. This is MUCH more secure way of doing it.</privateip-netb></privateip-netb></privateip-neta></privateip-neta></publicip>

onlineph · Sep 23, 2013, 6:39 AM

Thanks a lot or the Orange light!

kejianshi · Sep 23, 2013, 6:55 AM

Orange light?