Hello,
Been using OpenBSD boxes for VPN tunnels between sites for some 5 years now.
Works like a charm (using OpenBSD 3.8 boxes....I know I know, but upgrading
25+ boxes around the globe is low on the prio-list J)
Starting to use more and more W2008R2 Servers on those locations and I noticed
that using the RDP client under Windows 7 does not connect to a W2008R2 server
on a remote location.
(locally on that location it works fine).
When using the RDP Client in a Windows XP SP3 machine, it works ok (towards
the same server across the same VPN tunnel) !
Looked at everything, did not understand......until I noticed that this only
happens on remote locations where I use a VPN tunnel with OpenBSD boxes.
On connections that have a VPN tunnel via a different setup (like with
Fortigates for example) this problem is not (!) present.
So, in short ` a remote location, with a Windows 2008 R2 server, connecting to
it from a different location, with a XP SP3 machine works fine (RDP), from the
same different location with a Windows 7 RDP it does not.
Does 2 locations are connected via OpenBSD 3.8 boxes (isakmpd).
The pf settings are "open" in the sense that it allows ALL traffic (inside the
VPN Tunnel) between the 2 sites within the tunnel :
pass in quick on $ext_if from $vpnboxremote to any
# allow traffic from VPNBOX Remote
pass in on $int_if from any to $remoterange
# allow traffic to Remote
I do have the following in the pf.conf :
scrub in all max-mss 1250 no-df
scrub out all max-mss 1250 no-df
As we have some problems on certain locations with the standard MTU sizes, I
placed these to solve that problem....but if I remove those, the problems
remains.
So that cannot be it....
Anyone seen this problem before ?
I don't understand why (for some reason) the OpenBSD VPN connection makes a
difference in connecting to remote server with a different RDP version.
I would expect it does not 'touch' the traffic to make a difference between
the 2 ?
Regards
Willem
