Hello,
Been using OpenBSD boxes for VPN tunnels between sites for some 5 years now. Works like a charm (using OpenBSD 3.8 boxes....I know I know, but upgrading 25+ boxes around the globe is low on the prio-list J) Starting to use more and more W2008R2 Servers on those locations and I noticed that using the RDP client under Windows 7 does not connect to a W2008R2 server on a remote location. (locally on that location it works fine). When using the RDP Client in a Windows XP SP3 machine, it works ok (towards the same server across the same VPN tunnel) ! Looked at everything, did not understand......until I noticed that this only happens on remote locations where I use a VPN tunnel with OpenBSD boxes. On connections that have a VPN tunnel via a different setup (like with Fortigates for example) this problem is not (!) present. So, in short ` a remote location, with a Windows 2008 R2 server, connecting to it from a different location, with a XP SP3 machine works fine (RDP), from the same different location with a Windows 7 RDP it does not. Does 2 locations are connected via OpenBSD 3.8 boxes (isakmpd). The pf settings are "open" in the sense that it allows ALL traffic (inside the VPN Tunnel) between the 2 sites within the tunnel : pass in quick on $ext_if from $vpnboxremote to any # allow traffic from VPNBOX Remote pass in on $int_if from any to $remoterange # allow traffic to Remote I do have the following in the pf.conf : scrub in all max-mss 1250 no-df scrub out all max-mss 1250 no-df As we have some problems on certain locations with the standard MTU sizes, I placed these to solve that problem....but if I remove those, the problems remains. So that cannot be it.... Anyone seen this problem before ? I don't understand why (for some reason) the OpenBSD VPN connection makes a difference in connecting to remote server with a different RDP version. I would expect it does not 'touch' the traffic to make a difference between the 2 ? Regards Willem