Problems with RDP over OpenVPN Only to Win 7+ computers

Question

I am having problems RDPing from a Win 7 client to a Win 7 box on the other side of an OpenVPN server. Connecting from my Win 7 client to an XP box works wonderfully.

The destination machines do not require network level authentication (IE they are set to the "less secure" setting). I have removed all of the extraneous features of RDP (printers, flash drives, sound, color depth...down as low as I can)

I establish a OpenVPN connection from home to work, then attempt to RDP to a machine say PC2312332.example.com and it hangs at configuring remote session. I can also ping PC2312332.example.com from my client computer command line and an NSlookup of any site shows that my DNS is using my work's internal DNS server, as it should.

Now, the real kicker: rarely it WILL finish connecting and allow you in. Sometimes after as many as five minutes of sitting on configuring. Then it will work fine. Usually even allow you to reconnect if you let your computer go to sleep (and the VPN connection needs to re-establish. Can anyone help me get this working solidly.

I did see RDP over OpenVPN in Windows 8, but it seems to be dealing with the destination not allowing connections in the the OpenVPN interface. Either way, I've turned off the firewalls on the source and destination machines for troubleshooting.

Off campus:

• Win7 Client -> Win7 on campus = hangs at configuring remote session
• Win7 Client -> XP on campus = Connects very quickly and with fine performance

On Campus:

• Win7 Client -> Win7 on campus = Connects very quickly and with fine performance
• Win7 Client -> XP on campus = Connects very quickly and with fine performance

Answer 1

At Jens: - This is only a thought, but..

usually the system administrators set some firewall acls to allow connection to an RDP target computer inside the IT infrastructure, and.. the iptables rule would perhaps be looking like this:

-A VPN_%USER%_CHAIN% -d %RDP_TARGET_IP%/32 -p tcp -m tcp --dport 3389 -j ACCEPT

... - as the RDP usually uses TCP. But I've heard somewhere that on a more new Windows systems it switches to UDP alfter the session is created.

Now as Jens uses permanent ICMP ping before he starts his RDP connection, and ICMP is UDP based, it is possible that RDP sets back to using TCP because the UDP connection of the network interface gets pretty much used through the ICMP ping, and because of it the firewall rule sees it fit to let the TCP connection through.

So its perhaps a good idea at the least to use ping, or ...ask the admin to add the UDP iptables rule like:

-A VPN_%USER%_CHAIN% -d %RDP_TARGET_IP%/32 -p udp -m udp --dport 3389 -j ACCEPT

on the openVPN server as well?

Answer 2

A google search shows that it could be a number of problems that have to do with your settings on the client end.

This thread mentions changing selected resources, colour depth.

This Superuser question & answers may also be of help.

HTH

Answer 3

I have the same oberservations as above "off campus" when I access my win 7 / win xp boxes from outside using OpenVPN, i.e. win xp works, win 7 doesn't. I have tried to trace with WireShark but no succes. However, my "solution" is as follows: when remoting first start a process that repeatedly pings the target

Windows:

ping -t <target> 
mstsc ...

Linux:

ping <target> &
rdesktop [your options] <target>

Android:

ping <target> ( using any android shell app)
run aFreeRDP ( or any other app - I have tried a few with no probs )

In conclusion, as far as I can see, keeping the target connection "alive" with pings avoids the connection to "freeze"/time out or whatever happens. Oddly, I haven't been able to verify that this is indeed the problem as nothing seems to be logged (well, nothing I was able to find, anyway).

I would like to learn the "real" solution but in the meantime pinging the remote host from another process on the local machine does the trick for me.