From my lan I can rdesktop from a Linux based PC into a Win2008 server with public IP 209.x.y.z
From the same lan I cannot remote desktop from a Win7 PC to the same Win2008 server with public IP 209.x.y.z
On the Linux box I get presented by the login screen, on Win7 I get a connection time out.
This used to work before I changed the router from a simple Asus to a pfSense 2.1
Obviously it is not a routing/connection issue but rather a protocol issue, I guess.
I assume that from the windows PC the protocol is 'different' than when using rDesktop, this difference must be tipping off pfSense…
Any ideas how to troubleshoot or fix?
What remote desktop client are you using on win 7.. Are you using protocol 8? If so its possible to be using UDP..
Description of the Remote Desktop Protocol 8.0 update for Windows 7 SP1 and Windows Server 2008 R2 SP1
Turns out it is not regular RDP but the client tries to make a PPTP connection first.
This is not working because we do have PPTP server in the environment and traffic is send to the wrong IP address - resulting in a failing remote desktop session.
I have read about this issue already but will post another topic with more detail.
Looks like we will need a second static IP address… which we don't have.
Thanks for your help.
No reason to bother with PPTP, it's now considered completely insecure, and a pain in general. Either connect to RDP straight over the Internet (not ideal, but better than dealing with PPTP), or deploy OpenVPN or IPsec.
I agree OpenVPN is the way to go - but I need OpenVPN with AD authentication … and comes with it own set of challenges.
The reason this one is an issue is that there is a PPTP server inside the LAN - pfSense 'forwards' to it.
When the person is trying to connect to a PC on the internet (customer) using PPTP/RDP and setting up a new PPTP connection the reply coming back in from wan goes back to the PPTP server in the lan rather than the PC that initiated the connection.
I found out that this is a 'known' issue and can be avoided with a second static IP etc. but I rather remove the PPTP server from the LAN and go with OpenVPN.