remote connection problem

[reedone816]

hallo, this is my first post here
hope someone can help me.
i setting up open vpn for the office. mostly used for remoting servers in different cities.
the remote programs are ultravnc and teamviewer as backup.
i successfully run them for several years, no problem.
but now i got a problem in one of the vpn client, i can't send commands like mouse click or keyboard combination. so it is the same like the "viewer mode" even though i configured it as not viewer only mode.
both ultravnc and teamviewer act the same.
but strangely if i use mswindows remote desktop it is ok, i can interact with the remote machine.
and if i use the teamviewer id instead of teamviewer lan connection i can also interact like with remote desktop.
so anyone can help me?

[janjust]

please post your client and server config files to see if there's a problem with your VPN connection; this forum is not about troubleshooting teamviewer/ultravnc/rdp problems, unless they are caused by the underlying VPN connection.

The first thing I'd try (if you're using 'proto udp') is to add

Code: Select all

fragment 1200

to both client and server and see if that fixes the problem for that client ; some ISPs are notoriously bad when it comes to forwarding (larger) UDP packets.

[reedone816]

please post your client and server config files to see if there's a problem with your VPN connection;

i'm using the samples provided by openvpn, just changed the essentials only.
here is one of the config i use:

Code: Select all

management localhost 7505
port 1194
proto tcp
dev tun
ca xx.crt
cert server.crt
key server.key  # This file should be kept secret
dh dh1024.pem
server 10.8.0.0 255.255.0.0
ifconfig-pool-persist ipph.txt
push "dhcp-option WINS 10.0.0.1"
client-to-client
keepalive 10 120
tls-auth ta.key 0 # This file is secret
comp-lzo
max-clients 100
persist-key
persist-tun
status openvpn-status.log
verb 6

Code: Select all

client
dev tun
proto tcp
remote xxx.xxx.xxx.xxx 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca xx.crt
cert xx.crt
key xx.key
ns-cert-type server
tls-auth xx.key 1
comp-lzo
verb 4
pull
route-method exe
mssfix 1200
route-delay 10
win-sys env

this forum is not about troubleshooting teamviewer/ultravnc/rdp problems, unless they are caused by the underlying VPN connection.

yes, indeed i acknowledge it before i posted it
the reason i post it in here is because teamviewer works when it is not using the vpn address (10.8.x.x) but using the teamviewer id (using their server vpn/internet).

The first thing I'd try (if you're using 'proto udp') is to add

Code: Select all

fragment 1200

to both client and server and see if that fixes the problem for that client ; some ISPs are notoriously bad when it comes to forwarding (larger) UDP packets.

i'm using both tcp and udp connections (i have two openvpn servers).
tried adding the code but still not worked.

oh just to make it clear, this problem only happened to this one client only (windows 2k3), the other 70+ other clients (w2k,w2k3,wxp,w7) are ok using the same combination of openvpn+teamviewer/uvnc/rdp.
the configuration of my vpn:
- two openvpn servers (wxp), each server host two openvpn connections differentiate by port number and tcp/udp. so total are four openvpn hosts.
- each client has at least have one connections to both servers, one tcp and one udp (2 openvpn connections per client).

[janjust]

if this happens on a single client only (is it located remotely? on a different ISP compared to working clients? ) then check the firewall rules on the client ; try disabling the firewall altogether for the tap-win32 interface.

what happens if you try to download a large file from this client? can you run iperf tests to see what the performance is?

[reedone816]

Sorry for the late reply, I'd been out of the office.

if this happens on a single client only (is it located remotely? on a different ISP compared to working clients? ) then check the firewall rules on the client ; try disabling the firewall altogether for the tap-win32 interface.

The client are on different ISP, two physical servers from the same location, one works one won't.
for the firewall I've tried that also, still no luck.

what happens if you try to download a large file from this client? can you run iperf tests to see what the performance is?

it is working, the client connection is a package of 1 mBps download/ 256 kBps upload. able to transfer 16 mbytes of data.
for the iperf, i used jperf 2.0.2, the client as the server side on that application. I find that the TCP connection is hectic, the graphic wave from 500 to 0 and back again, with the avg. of 200. worse when I add the parallel connections.
while the UDP is stable at 900-1000, and stay that way even after I ante it up to 4 parallel connections (8 as dual).

[janjust]

it is working, the client connection is a package of 1 mBps download/ 256 kBps upload. able to transfer 16 mbytes of data.
for the iperf, i used jperf 2.0.2, the client as the server side on that application. I find that the TCP connection is hectic, the graphic wave from 500 to 0 and back again, with the avg. of 200. worse when I add the parallel connections.
while the UDP is stable at 900-1000, and stay that way even after I ante it up to 4 parallel connections (8 as dual).

The tcp performance shows that the line quality is very bad ; UDP performance does not say much in this case, as UDP is "fire and forget" if the packets don't arrive then UDP does not care.

Does it make any difference whether the openvpn server is accessed via a UDP port or via a TCP port (you mentioned you were running both) ?