IP Checksum 0x0000 when firewall is enabled

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
petrov
Posts: 10
Joined: Tue Jan 14, 2014 12:02 am

IP Checksum 0x0000 when firewall is enabled

Post by petrov » Sat Jan 18, 2014 9:48 pm

Hi,

I have found something strange on Windows Server 2003 with SP2.

On this machine the SE-VPN is running as Server.
I can access this machine over Remote Desktop from the local network.

After I connect to this machine from the internet through SE-VPN (SSTP) i can't use Remote Destkop. As VPN-Client I am in the same IP network (DHCP) as the machine, the firewall is configured correctly, ports forwarded, etc., but what I see is only gray backgrond, the login window is not shown. Then comes timeout.

I used Wireshark to investigate and found, that IP frames sent by this machine to the VPN-connected client have checksum of 0x0000.
In internet I found that I should try disabling ChecksumOffload of the NIC - but this didn't help, then I tried to disable the firewall on the machine - indeed the checksums were now correct and i was able to connect from the VPN-Client to this machine via Remote Desktop. So my conclusion is, that the Windows build-in firewall does not work 100% correct.

My question is: How works SoftEther in thist case?
IP documentation says, that IP checksums may be 0x0000 and any IP stack should work.

Any sugestions?

Best regards,
petrov
Top
inten
Posts: 370
Joined: Fri Oct 18, 2013 8:15 am
Location: All around the world
Contact:
Contact inten

Re: IP Checksum 0x0000 when firewall is enabled

Post by inten » Sat Jan 18, 2014 10:56 pm

If you can see grey screen that means RDP session is established and this is not a SoftEther server problem. You should check Windows Server logs for possible error.
When you don't like the answer, change the question.
Cheers,
Team.

VPNHPanel.com
This account is not associated to SoftEther project.
Top
petrov
Posts: 10
Joined: Tue Jan 14, 2014 12:02 am

Re: IP Checksum 0x0000 when firewall is enabled

Post by petrov » Mon Jan 20, 2014 6:56 am

It is not what I was asking about.

My question is:
How does the SoftEther package work in case of IP packets with checksum 0x0000 being sent from the PC. Are these packets dropped by SoftEther? Are these packets accepted by SoftEther?
Top
qupfer
Posts: 202
Joined: Wed Jul 10, 2013 2:07 pm

Re: IP Checksum 0x0000 when firewall is enabled

Post by qupfer » Mon Jan 20, 2014 10:19 pm

can be a bit more specifiy, what you try to do?

Do you want access rdp through the vpn on the same machine, the vpn server is runnung? Or You have
Client<---"Internet"--->VPNServer<---LAN--->RDP Machine?

And maybe take a look at: http://wiki.wireshark.org/TCP_Checksum_Verification
Top
petrov
Posts: 10
Joined: Tue Jan 14, 2014 12:02 am

Re: IP Checksum 0x0000 when firewall is enabled

Post by petrov » Tue Jan 21, 2014 11:05 pm

My scenario:
Client<---"Internet"--->(WindowsSever machine with VPNServer -> RDP on this machine)

Yes, I want to access rdp through the vpn on the same machine.
VPN is runnig, router / firewall is configured correctly.

I use this Wireshark option already - as you sugested.
Seems to be OK, other machines can access the rdp.
Only machines connected through VPN-Server can not.
BUT if I disable the Windows build-in firewall then these IP packets have correct checksums (not 0x0000) and then all machines can connect.

That's why I'm asking how the VPN-Server is working with IP-frames with checksum 0x0000 - packets are dropped? then this would explain my situation.
Top
Post Reply

Return to “SoftEther VPN General Discussion”