Damn RDP to VPN client does not work, Need help!

  • Dear PF users,
    My openvpn works, I can ping and connect to all internal hosts, but I am unable to connect to my Windows 7 machine via Remote desktop, I have turned off the windows firewall and still no luck.
    I can connect to my internal FreeBSD via ssh, access the firewall etc,…
    I have 3 vlans setup on a L3 switch pointing via a router port to the pfsense.

    I have not tested remote desktop internally since I do not have a second windows machine, I have successfully tested the RDP client on FreeBSD in the past but that was on a complete different setup. I am upgrading to 10.2 so that particular machine is not available right now.

    They told me if you are running vpn, no portforwarding is needed since it has nothing to do with the VPN network route being created when connecting.

    Is this a  common issue? Am I missing something here? Is it a rule issue?

    Thank you

  • The default rule for OpenVPN allows everything so that's not it unless you have changed it.  You should test it internally to ensure that it works before trying externally, and this may mean spinning up a VM in bridged mode to access your Win7 box from within itself since you said you have no other Windows clients on LAN.  If you have other *nix clients then you could try to connect with Remmina.

  • Thank you KOM,

    According to the internet, remote desktop on Windows 7 seems to be easy to setup. I have doublechecked everything. It should connect considering the few steps, I feel so stupid right now.

    I will get back to this thread as soon as a machine comes available to test that crap internally.


  • Hmm,…

    Apparently my Windows 7 Client does not accept remote connections because I have a home version, according to the internet.
    Well I will try Teamviewer, but I dont know about that one.

    Case closed

    Thank you

  • Kom,

    I think we have got a more basic problem. :(
    When on vpn, I can ping all internal hosts, but I cannot ping the windows 7 machine.
    Internally I can. :o

    That is very odd, I am actually speechless.

    There are no options I set on the switch itself that would cause that sort of issue. ???

    What is your first thought? I am very curious! :-[

  • LAYER 8 Global Moderator

    Well out of the box windows 7 firewall does not allow ping from outside its local network… So yeah your not going to be able to ping it from your vpn...  Adjust the hosts software firewall to all the traffic you want from where you want it.

  • Yes now I can recall that about the ping on windows 7.

    It should allow the ping because I turned the firewall off?

  • LAYER 8 Global Moderator

    Should it… What other firewalls are you running on it?  How did you turn it off?  Did you turn it off or disable services? If you can ping your other devices but 1 IP...  Where is it more logical the problem is.. pfsense that is allow you access to all your other devices.  Or the 1 device.

    Is your windows 7 machine pointing to pfsense as its gateway?

    Here I am pinging windows 7 machine, and accessing it via rdp to show you how the firewall is off.  Through a vpn connection.. See the traceroute.

  • JphnPoz,

    Is your windows 7 machine pointing to pfsense as its gateway?

    No it isn't, it's pointing to the gateway of its vlan. The L3 switch has a router port that is pointed to the Pfsense firewall.

    Frankly, I don't like all those bells and whistles in windows 7, so according to some instructions I found on the web, I finally ended up with a rule which allows the ping.
    I don't whether it's obsolete, it's just plain stupid and I have enough of this.
    It pings now.

    I haven't tested the ping through the vpn yet, but I will do so asap.

    Regarding the RDP matter,

    Can you guys confirm that Windows 7 Home Premium does not accept Remote Desktop connections, apparently only for higher versions?

    If so, I tried to find an equivalent for RDP and ended up installing UltraVNC. That's so stupid, they say it's superior software. Well I tried out that piece of emulation junk.

    I remember using the same kind of software 12 years ago. Well apparently the poor quality hasn't changed since then.
    I liked the MS rdp much more?

  • LAYER 8 Global Moderator

    HOME versions do not support remote desktop, it supports remote assistance.

    Well pointing to your vlan gateway is fine as long as the routing is configured correctly in pfsense for a downstream router.  And your not running hosts on what should be a transit network between your L3 switch (router) and pfsense.

    To be honest if you want remote control on home windows versions - just install teamviewer, its FREE and works just fine!  And you can even use it from ios/android devices, etc..

  • Well Johnpoz,

    I already said I was abit scary about that Teamviewer stuff.
    Well I turned out I was right, it is scary. :o

    I opened the window and the first thing I see some weird userlogin ???, like you would login on facebook, too flashy to my thoughts, especially the ads. It looked like a goddamn free antivirus to me. I don't want that despite its superior performance. Not on my tiny industrial-home network, I'm sorry.

    You said there wasn't a solution for my problem other than using that junk described above or some other commercial RDP software.
    I am a stubborn man and I couldn't believe that there was no proper way to connect to that Windows 7 machine even though I was aware that that there might not be any solution than to upgrade to a higher version.
    Well, I am a genuine windows client-server user, but this hack had to be done for the sake of this matter.
    At first I thought it was a piece of spy/malware but apparently it turned out to be quite genuine in some way.

    I installed the concurrent RDP patch, and RDP works now. Its quality is what I expected to be as I have used microsoft RDP on xp it in the past. I feel there is nothing compared to that quality.

    Today I tried to log on my Win7 Home Premium but I couldn't. The reason was expected because I was updating and it must have changed the particular file. I have restored a backup and turned off updates. The machine has SP1 but lacks other updates. It is better to stick with that. I don't want to loose my future connections because of that.
    Besides we are using pfsense right? Well actually I don't what I am talking about, I have set up SNORT, I think you have to know some rocketscience to able to get that to work and really interprete what is going on. Frankly that is way above my head.


Log in to reply