RDP issues



  • Hi All,

    From my lan I can rdesktop from a Linux based PC into a Win2008 server with public IP 209.x.y.z
    From the same lan I cannot remote desktop from a Win7 PC to the same Win2008 server with public IP 209.x.y.z

    On the Linux box I get presented by the login screen, on Win7 I get a connection time out.
    This used to work before I changed the router from a simple Asus to a pfSense 2.1

    Obviously it is not a routing/connection issue but rather a protocol issue, I guess.

    I assume that from the windows PC the protocol is 'different' than when using rDesktop, this difference must be tipping off pfSense…

    Any ideas how to troubleshoot or fix?

    Thanks

    Peter


  • LAYER 8 Global Moderator

    What remote desktop client are you using on win 7.. Are you using protocol 8?  If so its possible to be using UDP..

    http://support.microsoft.com/kb/2592687
    Description of the Remote Desktop Protocol 8.0 update for Windows 7 SP1 and Windows Server 2008 R2 SP1




  • Hi Jon,

    Turns out it is not regular RDP but the client tries to make a PPTP connection first.

    This is not working because we do have PPTP server in the environment and traffic is send to the wrong IP address - resulting in a failing remote desktop session.

    I have read about this issue already but will post another topic with more detail.
    Looks like we will need a second static IP address… which we don't have.

    Thanks for your help.

    Peter



  • No reason to bother with PPTP, it's now considered completely insecure, and a pain in general. Either connect to RDP straight over the Internet (not ideal, but better than dealing with PPTP), or deploy OpenVPN or IPsec.



  • I agree OpenVPN is the way to go - but I need OpenVPN with AD authentication … and comes with it own set of challenges.

    The reason this one is an issue is that there is a PPTP server inside the LAN - pfSense 'forwards' to it.
    When the person is trying to connect to a PC on the internet (customer) using PPTP/RDP and setting up a new PPTP connection the reply coming back in from wan goes back to the PPTP server in the lan rather than the PC that initiated the connection.

    I found out that this is a 'known' issue and can be avoided with a second static IP etc. but I rather remove the PPTP server from the LAN and go with OpenVPN.


Log in to reply