Ask Your Question
0

RDP problem

asked 2024-12-05 09:07:11 +0000

updated 2024-12-07 23:41:10 +0000

Guy Harris gravatar image

Hi everyone i have a custore have this problem. When is working on a server via RDP trought ipsec tunnel during the session it can be 30 minutes or 1-2 hours he have no problem, but when has finished and disconnect when he need to reconnect again the rdp still on "Remote connection in progress" the workaround i found is if i change the ip address of the client the connection retunr to work again.

I have capture traffic on both side server and client this is the link for download the pcap: https://www.swisstransfer.com/d/284fb... Wait for your advice, thanks.

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2024-12-05 11:39:42 +0000

SYN-bit gravatar image

It seems the server is sending a TCP segment of 1413 bytes that does not reach the client. Smaller packets do reach the client, so it looks like a problem with the MTU/MSS over the VPN connection.

The MSS in the SYN and the SYN/ACK packets are 1460 on each end, this means they have not been altered by the VPN devices. But as they add a tunneling header, best practice is to adjust the MSS accordingly so that each side knows what size packets can be transported over the VPN without introducing fragmentation.

The IP packet from the server with the 1413 TCP segment has the don't fragment bit set, so I expect it needed to be fragmented by the VPN device on the server side and was therefor dropped. This should trigger an ICMP fragmentation needed, but DF bit set message, but often those get filtered out by the firewall and therefor the server can't recover from this.

Why it does work on the initial connection and why it does work if you change the IP address is something else to investigate, but for a quick fix I would:

  • Add MSS adjustments on the VPN
  • Allow ICMP type3, code 4 messages through the firewall(s)
edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2024-12-05 09:07:11 +0000

Seen: 104 times

Last updated: Dec 07