[Openswan Users] RDP from internal NET to VPN client fails, and some other strangness..
Paul Wouters
paul at xelerance.com
Tue Nov 14 15:48:25 EST 2006
On Tue, 14 Nov 2006, Brett Curtis wrote:
> Every time I try to rdp into a users laptop over the VPN the
> connection fails. This happens after the connection is made and the
> username and password is entered for RDP.
>
> This is the tcpdump.
>
> 14:31:15.091694 IP defender.mydomain.net.ipsec-nat-t >
> 65-102-18-11.ptld.qwest.net.ipsec-nat-t: UDP-encap:
> ESP(spi=0xf5c876e9,seq=0x6ff), length 52
> 14:31:15.260882 IP 65-102-18-11.ptld.qwest.net.ipsec-nat-t >
Can you try clamping it?
iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
Otherwise, try pinging with different size packets until it fails, and then use
the last successful packet size (eg 1440) to:
iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1440
Paul
More information about the Users
mailing list