This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Cannot Access Network Drives through VPN.

0

I'm a little lost, as I'm not sure what exactly is the issue. Wireshark Snippet <-- Here is a snippet of some of the data I got from my wireshark capture. This capture was from the windows server cluster to a laptop outside our network connected through our VPN. No matter the user (admin privileged or not), or the location, they cannot access these drives remotely. Any ideas? The firewall isn't detecting anything being blocked when I search through the logs.

asked 12 Sep '14, 11:30

TheCarefulOne's gravatar image

TheCarefulOne
11112
accept rate: 0%

After the three way handshake the next packet is usually an SMB Negotiate Protocol message from the pc to the server. Probably the best thing to do is collect matching traces from the pc and the server. Wireshark may not be able to capture traffic along the vpn. If this is the case you can use Microsoft Network Monitor.

Best regards...Paul

(14 Sep '14, 01:27) PaulOfford

One Answer:

0

As Paul indicated, the next thing to occur would be some data packets from the client.
As they don't show up at the server they were either not sent or dropped in the network.
Assuming that the client sent the SMB message (which is yet to prove) I think the packet was dropped in the network.
If this only happens over VPN it is probably a MTU-size, Fragmentation, PMTUD problem.

The inbound SYN shows that the MSS has been reduced to 1360 bytes indicating that the MTU size within the VPN is 1400 bytes and the VPN router adjusted the MSS in the passing SYN packet.
The outbound offering is still at 1460 as the trace was taken at the server.
If the MSS does not get tcp adjust-mss'ed on the reverse path you might end up in hung connections for the first full MSS packet that hits the VPN entry point.

You might want to reduce your server's interface MTU size to 1400 to see if this gets you around this problem.
Regards Matthias

answered 16 Sep '14, 07:15

mrEEde's gravatar image

mrEEde
3.9k152270
accept rate: 20%

Thanks, for the suggestion. MTU size was 1500, 1400 worked when I tested with sending packets of that size. The SMB Packets are indeed getting dropped as well.

When I do dcdiags and repadmin /binds. I get RPC errors, so I think it could be related to that as well. However, all the services seem to be running correctly.

(16 Sep '14, 11:50) TheCarefulOne