Hello Stuart, Sometimes its so simple :-)
Indeed, as I use 4.x and higher in daily live, I had that default in my mind and was thinking "it does that already".... But in 3.8 it does not.... So I added the 'keep it in state' and that solved it. I admit, should have tried that first... Thanks for the quick response ! Regards Willem -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Stuart Henderson Sent: Monday, May 23, 2011 11:05 AM To: [email protected] Subject: Re: RDP 6.1 (Windows7) towards Win2008T2 Servers through OpenBSD VPN Tunnels does not work...using RDP in XP SP3 (accros the same VPN tunnel) does On 2011-05-23, * VLGroup Forums <[email protected]> wrote: > > So, in short ` a remote location, with a Windows 2008 R2 server, > connecting to it from a different location, with a XP SP3 machine > works fine (RDP), from the same different location with a Windows 7 RDP it does not. I think RDP is a red herring, I expect this is to do with different TCP behaviour on newer versions of Windows, specifically that it now uses window scaling so that larger TCP buffers can be used. The wscale information (only present in TCP SYNs) is needed to handle sequence number tracking, so it's important to create states on the SYNs and not intermediate packets later in the session, so in 2006 we changed defaults so that 'pass' rules now use an implicit "flags S/SA keep state" which avoids most problems relating to this.
