Hi,
I have found something strange on Windows Server 2003 with SP2.
On this machine the SE-VPN is running as Server.
I can access this machine over Remote Desktop from the local network.
After I connect to this machine from the internet through SE-VPN (SSTP) i can't use Remote Destkop. As VPN-Client I am in the same IP network (DHCP) as the machine, the firewall is configured correctly, ports forwarded, etc., but what I see is only gray backgrond, the login window is not shown. Then comes timeout.
I used Wireshark to investigate and found, that IP frames sent by this machine to the VPN-connected client have checksum of 0x0000.
In internet I found that I should try disabling ChecksumOffload of the NIC - but this didn't help, then I tried to disable the firewall on the machine - indeed the checksums were now correct and i was able to connect from the VPN-Client to this machine via Remote Desktop. So my conclusion is, that the Windows build-in firewall does not work 100% correct.
My question is: How works SoftEther in thist case?
IP documentation says, that IP checksums may be 0x0000 and any IP stack should work.
Any sugestions?
Best regards,
petrov
IP Checksum 0x0000 when firewall is enabled
-
- Posts: 370
- Joined: Fri Oct 18, 2013 8:15 am
- Location: All around the world
- Contact:
Re: IP Checksum 0x0000 when firewall is enabled
If you can see grey screen that means RDP session is established and this is not a SoftEther server problem. You should check Windows Server logs for possible error.
When you don't like the answer, change the question.
Cheers,
Team.
VPNHPanel.com
This account is not associated to SoftEther project.
Cheers,
Team.
VPNHPanel.com
This account is not associated to SoftEther project.
-
- Posts: 10
- Joined: Tue Jan 14, 2014 12:02 am
Re: IP Checksum 0x0000 when firewall is enabled
It is not what I was asking about.
My question is:
How does the SoftEther package work in case of IP packets with checksum 0x0000 being sent from the PC. Are these packets dropped by SoftEther? Are these packets accepted by SoftEther?
My question is:
How does the SoftEther package work in case of IP packets with checksum 0x0000 being sent from the PC. Are these packets dropped by SoftEther? Are these packets accepted by SoftEther?
-
- Posts: 202
- Joined: Wed Jul 10, 2013 2:07 pm
Re: IP Checksum 0x0000 when firewall is enabled
can be a bit more specifiy, what you try to do?
Do you want access rdp through the vpn on the same machine, the vpn server is runnung? Or You have
Client<---"Internet"--->VPNServer<---LAN--->RDP Machine?
And maybe take a look at: http://wiki.wireshark.org/TCP_Checksum_Verification
Do you want access rdp through the vpn on the same machine, the vpn server is runnung? Or You have
Client<---"Internet"--->VPNServer<---LAN--->RDP Machine?
And maybe take a look at: http://wiki.wireshark.org/TCP_Checksum_Verification
-
- Posts: 10
- Joined: Tue Jan 14, 2014 12:02 am
Re: IP Checksum 0x0000 when firewall is enabled
My scenario:
Client<---"Internet"--->(WindowsSever machine with VPNServer -> RDP on this machine)
Yes, I want to access rdp through the vpn on the same machine.
VPN is runnig, router / firewall is configured correctly.
I use this Wireshark option already - as you sugested.
Seems to be OK, other machines can access the rdp.
Only machines connected through VPN-Server can not.
BUT if I disable the Windows build-in firewall then these IP packets have correct checksums (not 0x0000) and then all machines can connect.
That's why I'm asking how the VPN-Server is working with IP-frames with checksum 0x0000 - packets are dropped? then this would explain my situation.
Client<---"Internet"--->(WindowsSever machine with VPNServer -> RDP on this machine)
Yes, I want to access rdp through the vpn on the same machine.
VPN is runnig, router / firewall is configured correctly.
I use this Wireshark option already - as you sugested.
Seems to be OK, other machines can access the rdp.
Only machines connected through VPN-Server can not.
BUT if I disable the Windows build-in firewall then these IP packets have correct checksums (not 0x0000) and then all machines can connect.
That's why I'm asking how the VPN-Server is working with IP-frames with checksum 0x0000 - packets are dropped? then this would explain my situation.