Hi folks! So I’ve run into a challenge with a setup I’m working on and am so far stumped.
I have a VM host (hyper-v based) with several VMs on it, one of which is VyOS 1.1.7, which is acting as gateway for the other VMs, and an OpenVPN server for client connections. Eth0 is attached to the public net, Eth1 to the private net. From within the private net, I can ping and RDP to hosts just fine. From the VPN client, I can also ping hosts just fine, but RDP gets an authentication error. Some posts I’ve found have suggested that it’s a Kerberos issue, or possibly a fragmented packet issue. I haven’t been able to solve it, yet.
Of note, none of the VMs or the VPN client are on an AD domain.
Here’s my config:
firewall { name OUTSIDE-LOCAL { rule 300 {
action accept
destination { port openvpn }
protocol udp
} } }
interfaces {
ethernet eth0 {
address 217.163.x.x/24
description Public
}
ethernet eth1 {
address 192.168.1.1/24
description Private
}
openvpn vtun0 {
mode server
openvpn-option "--comp-lzo --keepalive 10 120 --duplicate-cn --mssfix"
server {
name-server 192.168.1.1
push-route 192.168.1.0/24
subnet 192.168.2.0/24
}
tls {
ca-cert-file /config/auth/ca.crt
cert-file /config/auth/vpnserver.crt
crl-file /config/auth/crl.pem
dh-file /config/auth/dh2048.pem
key-file /config/auth/vpnserver.key
}
}
}
nat { source {
rule 100 {
description NAT
outbound-interface eth0
source { address 192.168.1.0/23 }
translation { address masquerade }
}
rule 110 {
description "NAT Reflection"
destination { address 192.168.1.0/23 }
outbound-interface eth1
source { address 192.168.1.0/23 }
translation { address masquerade }
}
} }
protocols { static { route 0.0.0.0/0 { next-hop 217.163.x.1 { distance 1 } } } }
service {
dhcp-server {
disabled false
shared-network-name private-net {
authoritative enable
subnet 192.168.1.0/24 {
default-router 192.168.1.1
dns-server 192.168.1.1
lease 86400
start 192.168.1.10 { stop 192.168.1.200 }
}
}
}
dns { forwarding {
cache-size 0
listen-on eth1
listen-on vtun0
name-server 8.8.8.8
name-server 8.8.4.4
system
} }
ssh { port 22 }
}
The errors I get are the RDP client stating that “The logon attempt failed”, and in the Event Log, I found this warning:
RDPClient_SSL: An error was encountered when transitioning from TsSslStateHandshakeInProgress to TsSslStateDisconnecting in response to TsSslEventHandshakeContinueFailed (error code 0x80004005).
Another strange thing. There is one VM that IS on a domain, and I CAN RDP to that one, but only that one.
So any ideas? Thanks!