Hi John, > From: "John Mangan" <[EMAIL PROTECTED]> > To: [email protected] > Subject: Yet another back screen problem. > Date: Mon, 31 Jan 2005 12:52:49 +0000 > > I have set up VNC Server 4.0 on a Windows 2000 SBS box behind a firewall. I > have forwarded ports 5900 and 5800. I have successfully connected to the > server locally, via a dial-up laptop and from a remote PC behind another > firewall (all running Windows XP Pro SP2, VNC Client 4.0). > > When the support organisation that this was set up for try to connect they > authenticate successully but then get the dreaded black screen. I can see > the cursor moving but they get nothing. They use VNC Client 4.0 regularly to > provide remote support so we are confident that their setup is correct as > well. > > Any ideas, suggestions, (hope)?
I solved that problem by lowering my MTU. I'm still analyzing the source of the problem. At first I thought that Linux was being too paranoid and blocking all ICMP packets, particularly the ones enabling path MTU discovery. Now after some preliminary tests (specifically allowing incoming "fragmentation needed and DF set" packets), I am beginning to suspect the dialup server to be blocking these. Tonight, I'll be setting iptables up to log all ICMP traffic. The support organization may be blocking all ICMP packets thinking they are being especially safe but if so they are actually crippling their network. If this is the case and you can't get them to reconfigure to allow useful ICMP traffic, have them lower their MTUs to 1385. That works for me. I have also seen values from 1480 recommended. It depends on the overhead of your VPN software's encryption. Regards, Carlyle -- Diese E-Mail enthdlt vertrauliche und/oder rechtlich gesch|tzte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrt|mlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet. This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. _______________________________________________ VNC-List mailing list [email protected] To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
