Community discussions

MikroTik App
 
lctn
Member Candidate
Member Candidate
Topic Author
Posts: 176
Joined: Tue Apr 04, 2006 3:51 pm

RDP and VNC connections freeze

Wed Jun 30, 2010 4:14 pm

For some reason, when I set up a RB450 as a router/firewall, RDP and VNC sessions freeze. I can close the connection and reestablish it without any problems. It almost seems graphics related, since often I the connection will stay alive until I start moving the mouse around, or scrolling a browser up and down. I have had this problem with two different RB450 boards now. I have tried to modify the config as it comes and blank it out, but either way the problem persist. I submitted a ticket to MT a while back on this, but no one had a recommended solution. Is there a rule I can add to the firewall that will help correct this?? I am at a loss what I can do to overcome this. Putting my Pfsense firewall back in fixes the problem, so I am confident it is strictly MT related.

Raymond
 
mcb
newbie
Posts: 40
Joined: Mon Jul 05, 2010 1:24 am

Re: RDP and VNC connections freeze

Mon Jul 05, 2010 1:51 am

While using RDP or VNC - ping both involved PCs. If nothing to see there - look at the CPU usage.
What hardware do you use? Internet connection? Queues?
 
lctn
Member Candidate
Member Candidate
Topic Author
Posts: 176
Joined: Tue Apr 04, 2006 3:51 pm

Re: RDP and VNC connections freeze

Wed Oct 20, 2010 4:23 pm

I have narrowed this down to an issue between my 450g and the Cisco ASA unit at the head of our WAN. Pings never drop off, but all RDP type traffic freezes soon after connecting and has to be terminated in order to start a new session. This is what I know:

RDP from my home office to my work office does not work (450g > WAN ASA > Work Office 450g).

RDP from my home office to my church, with a second RDP session to my work Office does work. Both the original connection to the church and secondary connection to my office are stable this way. (Home 450G > church IPCop > WAN ASA> Work Office 450g)

Does this require some sort of fixup protocol line in the WAN ASA, or can something be changed on the 450g.

This problem held true, using two different 450G boxes, and using IPCop for my work office firewall before installing the 450G in its place.
 
fewi
Forum Guru
Forum Guru
Posts: 7717
Joined: Tue Aug 11, 2009 3:19 am

Re: RDP and VNC connections freeze

Wed Oct 20, 2010 4:33 pm

There is no protocol inspection (that is what PIXes called fixups) for RDP on ASAs as there are no embedded values to tweak or inspect.

RDP can be sensitive to MSS and MTU. If the path from A to B influences that differently than the path from A to C to B that would explain all your symptoms.
http://wiki.mikrotik.com/wiki/Manual:Ro ... _Questions
The FAQ above has the answer to the same problem over PPPoE links (last question in the linked section). Try that fix, and adjust the MSS down to something like 1366 bytes and see if it starts working. You can then slowly increase the value until it stops working and go back to the last working value, or leave it at something as low as 1366. If it's only a problem connecting to the office you can also add more qualifiers to the rule and only adjust the MSS when going to those specific destination IPs.
 
User avatar
fatonk
Member
Member
Posts: 438
Joined: Tue Feb 22, 2005 11:06 am
Location: Mitrovica/Kosova

Re: RDP and VNC connections freeze

Wed Oct 20, 2010 5:56 pm

Hello,

fewi is right,
these symptoms are related to MTU, previously I had experience with RDP and VNC both were freezing, after the MSS and IP Fragmentation were put in place the problem was solved.

Regards.

Faton
 
lctn
Member Candidate
Member Candidate
Topic Author
Posts: 176
Joined: Tue Apr 04, 2006 3:51 pm

Re: RDP and VNC connections freeze

Tue Oct 26, 2010 5:20 am

Can someone post the exact command needed. I did what I thought was correct, based on the info provided, but am still having a problem staying connected.
 
lctn
Member Candidate
Member Candidate
Topic Author
Posts: 176
Joined: Tue Apr 04, 2006 3:51 pm

Re: RDP and VNC connections freeze

Fri Oct 29, 2010 4:50 am

A weird twist. I have been doing all my testing after I adjusted the MSS from a Linux laptop. The connection freezes within a couple minutes and has to be broken to create a new one. However, My Windows 7 laptop sitting right next to the Linux laptop connects just fine to the same workstation, without any freezes. The Linux laptop does still stay connected just fine when connecting to my church, but not my work office. What does that seem to point to ?
 
lctn
Member Candidate
Member Candidate
Topic Author
Posts: 176
Joined: Tue Apr 04, 2006 3:51 pm

Re: RDP and VNC connections freeze

Tue Nov 16, 2010 5:01 pm

Looks like I have to disregard my previous posts. Windows just does a better job of reconnecting broken connections than Linux Rdesktop does. The problem continues and actually crops up when using ssh. It seems anything that requires a sustained connection when going through the cisco ASA will eventually drop, but it only happens when using the Mikrotik box for a firewall. This has been the case with two different boxes now. I have zero problems when using rdesktop or ssh to a location inside our WAN. It is only when traversing the ASA.

I can have two ssh connections up, to the same location, from the same PC and will not lose either one until I start entering or copying text. The connection I am working on at that time will drop, but the other one will stay up.


Here is the rule I added to my firewall that was recommended:

chain=forward action=change-mss new-mss=1320 tcp-flags=syn protocol=tcp
tcp-mss=!0-1488

I see packet count against the rule, but am hoping I have it wrong.

Who is online

Users browsing this forum: airpulse, Amazon [Bot], baragoon, Guntis, sch and 91 guests