[Openswan Users] RDP from internal NET to VPN client fails, and some other strangness..

Paul Wouters paul at xelerance.com
Tue Nov 14 15:48:25 EST 2006


On Tue, 14 Nov 2006, Brett Curtis wrote:

> Every time I try to rdp into a users laptop over the VPN the
> connection fails. This happens after the connection is made and the
> username and password is entered for RDP.
>
> This is the tcpdump.
>
> 14:31:15.091694 IP defender.mydomain.net.ipsec-nat-t >
> 65-102-18-11.ptld.qwest.net.ipsec-nat-t: UDP-encap:
> ESP(spi=0xf5c876e9,seq=0x6ff), length 52
> 14:31:15.260882 IP 65-102-18-11.ptld.qwest.net.ipsec-nat-t >

Can you try clamping it?

iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS  --clamp-mss-to-pmtu

Otherwise, try pinging with different size packets until it fails, and then use
the last successful packet size (eg 1440) to:

iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1440

Paul


More information about the Users mailing list