RDP while connecting to a OpenVPN server

Microsoft Windows server 2003 enterprise
August 21, 2010 at 14:30:18
Specs: Windows Server 2003
Hi,

I have successfully configured an OpenVPN server using Debian and have got it tested and working with a Windows XP client.

This VPN is configured to have all its client traffic sent over to it and forward them through its interface to the internet; Using "redirect-gateway def1" and its associating iptables rule.

However a client of mine wants to use his remote Windows Server 2003 to connect to the VPN as well, the problem arises.

First, he downloaded all the configuration for the OpenVPN. Next he got it connected. But got his RDP connection disconnected. (All the while, he is using RDP to control the computer as it is in a remote location.)

I checked the OpenVPN logs and got the following error:

Client XXX.XXX.XXX.XXX:PORT: MULTI: Bad address from client [XXX.XXX.XXX.XXX]

I suspected that when he uses the (RDP) remote computer to connect to the OpenVPN; The default route is set to route all traffic towards the OpenVPN, while the OpenVPN server does not know how to handle that traffic; It drops the packet instead thus causing the remote computer to lose its RDP ability.

Therefore my question is how do I configure the remote computer (Windows Server 2003) to handle the RDP connection (From the external; Internet) while using the OpenVPN (To direct all web traffic to the VPN.)


See More: RDP while connecting to a OpenVPN server

Report •

#1
August 22, 2010 at 00:07:28
Do you need to have all client traffic sent over the VPN??

Normally the endpoint of the VPN has a private address, & then you add a static route to route traffic for the private address over the vpn link - that way everything else still functions normally..

Is this a layer 2 or a layer 3 VPN?? - If you're just using a default route to send all traffic over the VPN (L3), then adding a route for just the RDP traffic could work... that wouldn't work with an L2 vpn though, as the traffic is switched before the routing lookup occurs.


Report •

#2
August 22, 2010 at 00:09:28
Here read this -
http://www.openvpn.net/index.php/op...

Which mode are you using?


Report •

#3
August 22, 2010 at 01:26:21
For the VPN server, I have it setup like the default OpenVPN sample config. Using routing. The only additional config that I have added into is "redirect-gateway def1" to route all clients traffic over to the VPN.

I have tried using static route by enabling ccd in the OpenVPN and add a route using the Windows Server 2003 IP address and its according subnet. Something like:

route XXX.XXX.XXX.XXY 255.255.255.252

Since the Windows Server 2003 is on a /30 block.

The problem is why the remote computer upon connected to the VPN, it will loses its RDP capability while the VPN server reports the bad source address from the client.

It is almost similar to the general bad source address issue but note the IP given at the very back of the log; It is usually an IP from the client's private network.

However in my case; Both IPs given from the bad source address log are the external address for the remote computer.


Report •
Related Solutions


Ask Question