RDP Machines "drop" when idle

[jamesarbrown]

Hi,

I have a fully working system with Openvpn and I add at the start this maybe not an openvpn issue, but kindly am asking for pointers to check why I get dropped/bad RDP sessions.

Office
Router 10.8.23.1 (with static route 10.8.0.0/16 > gw 10.8.23.2)
Server inc Open VPN 10.8.23.2
2 x windows boxes with RDP 10.8.23.3 and 6

I can
Ping from any machine on either net in either direction (0% packet loss)
Connect to Samba and the likes no issue
Connect to the RDP machines ok and use

But
Sometimes although I can ping, I can not instantiate an RDP connection (one is wired in office, one wireless)
If I ping and then instantiate, it seems to work (wake up?)
It randomly seems to drop with connection reset by peer (I believe its when I pause using the RDP)
If I connect RDP over an SSH Tunnel it is rock solid

Does any one have any ideas? I tried messing around with MTU, but to be honest I do not know what I was doing and there are many points I can set the MTU, so was not sure where it mattered or if I had to do all.... just I resulted in an unusable connection, connected but not traffic.

Kind Regards

James






Client (export from NM in Gnome). Please note I have set to "use the network only for resources on it"

Code: Select all

client
remote office.enrogen.org 10001
ca /home/jamesarbrown/.openvpn/ca.crt
cert /home/jamesarbrown/.openvpn/jamesarbrown.crt
key /home/jamesarbrown/.openvpn/jamesarbrown.key
cipher DES-CBC
comp-lzo yes
dev tun
proto udp
nobind
auth-nocache
script-security 2
persist-key
persist-tun
user nobody
group nogroup

Server Conf

Code: Select all

port 10001
proto udp
dev tun0
ca keys/enrogen/ca.crt
cert keys/enrogen/enrogenserver.crt
key keys/enrogen/enrogenserver.key
dh keys/enrogen/dh2048.pem
server 10.8.0.0 255.255.255.0
crl-verify keys/enrogen/crl.pem
ifconfig-pool-persist servers/EnrogenVPN/logs/ipp.txt
cipher DES-CBC
user nobody
group nogroup
status servers/EnrogenVPN/logs/openvpn-status.log
log-append servers/EnrogenVPN/logs/openvpn.log
verb 2
mute 20
max-clients 100
keepalive 10 120
client-config-dir /etc/openvpn/servers/EnrogenVPN/ccd
tls-server
client-to-client
comp-lzo
persist-key
persist-tun
ccd-exclusive
up servers/EnrogenVPN/bin/EnrogenVPN.up
down-pre servers/EnrogenVPN/bin/EnrogenVPN.down-pre
push "route 10.8.23.0 255.255.255.0"
push "dhcp-option DNS 10.8.23.2"

Server

Code: Select all

root@linsvr1:/etc/openvpn# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.8.23.1       0.0.0.0         UG    0      0        0 eth0
10.8.0.0        10.8.0.2        255.255.255.0   UG    0      0        0 tun0
10.8.0.2        0.0.0.0         255.255.255.255 UH    0      0        0 tun0
10.8.23.0       0.0.0.0         255.255.255.0   U     0      0        0 eth0

Router

Code: Select all

root@OpenWrt:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         xx.xx.xx.xx    0.0.0.0         UG    0      0        0 pppoe-wan
10.8.0.0        10.8.23.2       255.255.0.0     UG    0      0        0 br-lan
10.8.23.0       0.0.0.0         255.255.255.0   U     0      0        0 br-lan
xx.xx.xx.xx    0.0.0.0         255.255.255.255 UH    0      0        0 pppoe-wan

Client - Where 192.168.1.1 is local router

Code: Select all

jamesarbrown@jamesarbrown:~/Desktop$ route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.1.1     0.0.0.0         UG    0      0        0 wlan0
10.8.0.0        10.8.0.5        255.255.255.0   UG    0      0        0 tun0
10.8.0.5        0.0.0.0         255.255.255.255 UH    0      0        0 tun0
10.8.23.0       10.8.0.5        255.255.255.0   UG    0      0        0 tun0
aa.aa.aa.aa     192.168.1.1     255.255.255.255 UGH   0      0        0 wlan0
192.168.1.0     0.0.0.0         255.255.255.0   U     9      0        0 wlan0

[Traffic]

check your sever side NAT ..