iOS / OVPN / RDP problem

Virtual Private Networks
1

Hello, I recently have upgraded to 138. Since doing so, I have not been able to connect to RDP when connected via OVPN.

I use an iOS device. Below are some troubleshooting steps I’ve performed

  • When I am connected on the LAN via wifi, I am able to RDP into any server
  • When I am connected via OVPN, I am able to connect to web interfaces such as http and https without any issue but cannot RDP
  • I do see successful connection events on Eventviewer when I am connected over LAN via wifi
  • I haven’t been able to find any firewall log events where the RDP over OVPN request is getting rejected or dropped
  • The destination server is win server 2012 r2 and hyper-v virtual machines. They have been fine before core 138.
  • I do not see any errors on the Eventviewer on the machines I am attempting to RDP into when connecting over OVPN
  • I have tried completely disabling the Win2012 server r2 firewall but it makes no difference
  • I am able to ping the iOS device from the server when it is connected over oVPN
  • I have tried using both UDP and TCP based OVPN connections
  • I have tried disabling IPS and guardian but it makes no difference

I have to admit, I am a bit baffled on this one. I hope someone has some guidance for me. Here is a screenshot of my ovpn settings. It certainly seems like something is getting hung up in IPFire but I’m not sure what to do next to trouble shoot the problem

Merry christmas and best wishes to everyone

ovpn
ovpn1440×780 125 KB

2

Hi ,

One of the first steps in case of problems should be to check the OpenVPN logs.
See : https://wiki.ipfire.org/configuration/services/openvpn/troubles

iSit

4

It appears that the RDP connection doesn’t actually trigger any new log info

Part of what is tricky here is that the VPN connection succeeds… I just cant seem to get the application level connection to work no matter what I do even after disabling the WIn2012 R2 server firewall entirely. Please remember that when I am connected over LAN, I can connect to RDP without any issue. It is only when I am connected over OVPN that I cannot RDP. Is this a ip table routing issue?

5

Tim … are you trying to RDP using hostname or using the ip of the target system?

6

I am using the local IP address

I have tried the host names too which are defined in ipfire as well. No difference.

There is no gateway configured in the RDP iOS application

7

Using OVPN+RDP on another OS/Platform works correctly from the same subnet?
Is your OVPN Client on iOS updated?

8

My iOS verion and oVPN (OpenVPN Connect in the app store) client are fully up to date.

I don’t actually have the ability to try an android device over VPN… every single user uses apple. All apple clients have this issue

9

Consider the opportunity to create a Virtual Machine with a simple linux distro, who can handle OpenVPN and try to use one of your accounts on that. Often i use Xubuntu, but it’s not the only one which integrate into repositories a quite updated OpenVPN Cliente.
Otherwise, do not be picky and ask for 20 minutes a WIndows computer, install the OpenVPN Community client and try from that.

Please, be kind… If i ask “which version of software are using” the answer “the latest” is not helping to analyze the issue, because maybe “the latest” (which i don’t know which version is) lacks some feature and/or is not fully compatible with other options.
According to OpenVPN Site, OpenVPN Connect for Mac OS is version 2.7.1.100


With a beta version 3.1.0 (885), but i had to look for it into OpenVPN site…
MacOS can also use Tunnelblick (version 3.8.1 as stable).

Consider as an option to test OpenVPN Connect Beta or Tunnelblick for test one of your Apple computers.

I currently don’t know which is the side with issues (OpenVPN clients for Apple OSes, old configuration, IPFire) but… only trying more ways to success the connection may the solution or the “real” underlying problem can be found.

10

Fair enough – I am using the OpenVPN Connect client from the app store on the iOS version 13.3. The version is 3.1.1 (2819)

As far as the server side OVPN, I am using the out of the box VPN server that comes with IPFire… not really sure what version that is. I have a debian VM that I can try too spin up and install another VPN server on. I’ll give it a go and see what happens.

11

Hi all,

your connection closes immediately after it has been established.

Also, your log shows a TLS Channel Protection:

but in the webinterface it is disabled.
If you change from UDP to TCP you need to do this on both sides (client and server), also if you have an preceding router which forwards OpenVPNs protocol and port to IPFire you would need to do there the same.
Another point is, mssfix and fragment can not be used with TCP as far as i know.

Seeing both configurations (client and server) can be helpful.

Best,

Erik

P.S.: I would mask your external IP in your logs partly (last two octets with xx.xx) .

12

So now that I am back in the office I have made an interesting discrovery. I have been able to determine that VPN / RDP works when connected to a non-T-mobile network. ie, Verizon, Sprint, ATT can VPN and RDP without issue but T-mobile networks source carriers cannot.

That is probably grossly oversimplified. But it is the only common thread I have been able to pull so far.

to put a few more examples around this, if a T-mobile device uses an outside wifi network to VPN in, RDP works fine. If the t-mobile device on the t-mobile data network VPNs in, RDP will not work but all other VPN services seem to be fine. Windows firewall is completely disabled at this time while this is being diagnosed.

Again, I have disabled IPFire’s IPS and it has no impact. Any suggestions on how to further diagnose this