[OpenVPN home]	[Date Prev]	[Date Index]	[Date Next]
[OpenVPN mailing lists]	[Thread Prev]	[Thread Index]	[Thread Next]

Re: [Openvpn-users] Remote Desktop (Terminal Services)

Subject: Re: [Openvpn-users] Remote Desktop (Terminal Services)
From: Mario Parisi <m-parisi@xxxxxxxxxxxxxx>
Date: Sat, 05 Jun 2004 23:08:11 +1000

Kelley G wrote:

Mario Parisi wrote:

Hi All,
Just recently setup OpenVPN version 1.5.0 on two windows XP Professional machines. And all things are working well so far, except Microsoft Remote Desktop.
The office machine (server) is connected to ADSL via firewall router (ADSL service provider has issued a static ip address).
The other Windows XP machine (client) is the RoadWarrior using a dial-up modem, WI-FI or GPRS.

I have port forwarded UDP 5000 from the router in the office to the IP address of the office server
All outgoing traffic is allowed, but only UDP port 5000 is allowed in.

I have tested Remote Desktop without blocking incoming traffic(dangerous!!) and everything works well, however, with the firewall up Remote Desktop just rejects the connection. OpenVPN seems to work fine for everything else though. I can browse the network no different than if I was actually there.
I can telnet to the windows server, share files, even use computer management services (to control services, etc).
It would seem that most (or many) of the TCP/UDP ports are making it across the VPN, except port 3389 (the one Remote Desktop uses).

<snip>

at what poiont does nat occur in your network? at the router?

Yes. I'm using a dedicated Netgear FWG114P router/firewall connected to an ethernet-based ADSL modem in full-bridge mode.
The ADSL is a Netcomm NB1300plus - 4 port ADSL modem. The ADSL modem is on a different private subnet (as per recommended).
The router is providing DHCP services to the private network, however the server's IP address is statically configured as 192.168.0.2 .
The router provides this functionality via IP reservation and IP range allocation. eg. 192.168.0.30 --> 192.168.0.60 - very handy for mixed conrigurations!!

what does your routing table show?

Destination	Mask	Gateway	Metric	Active
Default	0.0.0.0	(static ip assigned by ISP)	x	Yes
202.154.95.173	255.255.255.255	192.168.0.1	1	Yes
(static ip assigned by ISP)	255.255.255.255	192.168.0.1	1	Yes
192.168.0.0	255.255.255.0	192.168.0.1	1	Yes
192.168.0.1	255.255.255.255	192.168.0.1	1	Yes

are you connecting to the terminal server via it's private address?

Yes. By name and 10.3.0.1. Have tried successfully using public IP address with no firewall (I had to port forward TCP 3389 to the server's private IP)

what's your config?

My configuration is essentially "out-of-the-box". See attachment.

have you tried traceroute?

No. Is there a windows version? I'm hoping to get things running smoothly first on windows before configuring a linux box to handle the VPN requests.
Actually, there is. AnalogX HyperTrace. Haven't used it for a long time, nice little program.

kelley g

oooooooooooooooooooooooooo
http://toasterz.com
http://exchangekiller.com
oooooooooooooooooooooooooo

Regards,
Mario
(from Australia)

-------------------------------------------------------
This SF.Net email is sponsored by the new InstallShield X.
From Windows to Linux, servers to mobile, InstallShield X is the one
installation-authoring solution that does it all. Learn more and
evaluate today! http://www.installshield.com/Dev2Dev/0504
_______________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users

-------------------------------------------------------
This SF.Net email is sponsored by the new InstallShield X.
>From Windows to Linux, servers to mobile, InstallShield X is the one
installation-authoring solution that does it all. Learn more and
evaluate today! http://www.installshield.com/Dev2Dev/0504
_______________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users

# Edit this file, and save to a .ovpn extension
# so that OpenVPN will activate it when run
# as a service.

# Change 'myremote' to be your remote host,
# or comment out to enter a listening
# server mode.;


# Uncomment this line to use a different
# port number than the default of 5000.
; port 5000

# Choose one of three protocols supported by
# OpenVPN.  If left commented out, defaults
# to udp.
; proto [tcp-server | tcp-client | udp]

# You must specify one of two possible network
# protocols, 'dev tap' or 'dev tun' to be used
# on both sides of the connection.  'tap' creates
# a VPN using the ethernet protocol while 'tun'
# uses the IP protocol.  You must use 'tap'
# if you are ethernet bridging or want to route
# broadcasts.  'tun' is somewhat more efficient
# but requires configuration of client software
# to not depend on broadcasts.  Some platforms
# such as Solaris, OpenBSD, and Mac OS X only
# support 'tun' interfaces, so if you are
# connecting to such a platform, you must also
# use a 'tun' interface on the Windows side.

# Enable 'dev tap' or 'dev tun' but not both!
dev tap

# This is a 'dev tap' ifconfig that creates
# a virtual ethernet subnet.
# 10.3.0.1 is the local VPN IP address
# and 255.255.255.0 is the VPN subnet.
# Only define this option for 'dev tap'.
ifconfig 10.3.0.1 255.255.255.0

# This is a 'dev tun' ifconfig that creates
# a point-to-point IP link.
# 10.3.0.1 is the local VPN IP address and
# 10.3.0.2 is the remote VPN IP address. 
# Only define this option for 'dev tun'.
# Make sure to include the "tun-mtu" option
# on the remote machine, but swap the order
# of the ifconfig addresses.
;tun-mtu 1500
;ifconfig 10.3.0.1 10.3.0.2

# If you have fragmentation issues or misconfigured
# routers in the path which block Path MTU discovery,
# lower the TCP MSS and internally fragment non-TCP
# protocols.
;fragment 1300
;mssfix

# If you have set up more than one TAP-Win32 adapter
# on your system, you must refer to it by name.
;dev-node tap-bridge

# You can generate a static OpenVPN key
# by selecting the Generate Key option
# in the start menu.
#
# You can also generate key.txt manually
# with the following command:
#   openvpn --genkey --secret key.txt
#
# key must match on both ends of the connection,
# so you should generate it on one machine and
# copy it to the other over a secure medium.
# Place key.txt in the same directory as this
# config file.
secret key.txt

# Uncomment this section for a more reliable
# detection when a system loses its connection.
# For example, dial-ups or laptops that travel
# to other locations.
#
# If this section is enabled and "myremote"
# above is a dynamic DNS name (i.e. dyndns.org),
# OpenVPN will dynamically "follow" the IP
# address of "myremote" if it changes.
; ping-restart 60
; ping-timer-rem
; persist-tun
; persist-key
; resolv-retry 86400

# keep-alive ping
ping 10

# enable LZO compression
comp-lzo

# moderate verbosity
verb 4
mute 10

References:
- [Openvpn-users] Remote Desktop (Terminal Services)
  - From: Mario Parisi
- Re: [Openvpn-users] Remote Desktop (Terminal Services)
  - From: Kelley G

Prev by Date: Re: [Openvpn-users] Which method do you suggest?
Next by Date: [Openvpn-users] Re: TLS use port 1024?
Previous by thread: Re: [Openvpn-users] Remote Desktop (Terminal Services)
Next by thread: [Openvpn-users] 2.0b2: problematic `--ping' timer drift
Index(es):
- Date
- Thread