OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • English Forums »
  • General Discussion »
  • WireGuard - Everything but RDP works
« previous next »
  • Print
Pages: [1]

Author Topic: WireGuard - Everything but RDP works  (Read 1024 times)

HairNutz

  • Newbie
  • *
  • Posts: 1
  • Karma: 0
    • View Profile
WireGuard - Everything but RDP works
« on: June 28, 2024, 12:21:28 am »
Any suggestions on what to check if I cant RDP to any of my machines?  Ive read a few other forum posts related to IP settings, firewall rules but I must be missing something and Im sure its probably firewall related.

I can RDP to these machines without issue internally but when Im remote connect through wireguard Im not able to RDP.  Some of these machines host websites on port 80, 81 and others which I can reach just fine.  Some of them run VNC which works fine (UnRaid VM's) but not RDP.

Ive enabled Edge Traversal in the Windows Firewall for Remote Desktop Shadow, Remote desktop TCP and UDP.  Each has their profile set to All Networks (Public, Private, Domain).  I dont have any rules that Im aware of that explicitly blocks that traffic. 

Some of my VMs dont support VNC as they use passthrough GPUs so Id like to get RDP working.

I happen to be out of town at the moment so figured Id try to look into this a bit more while I have some time. 

Appreciate any assistance.  Thanks!

** I guess I could temporarily forward port 3389 to one of them and test without wireguard to determine if it is actually firewall. 
« Last Edit: June 28, 2024, 12:26:29 am by HairNutz »
Logged

Monviech (Cedrik)

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 1601
  • Karma: 176
    • View Profile
Re: WireGuard - Everything but RDP works
« Reply #1 on: June 28, 2024, 06:17:40 am »
This is most likely a problem with paket sizes.

Every VPN has an overhead, for Wireguard the MTU is 1420 and the MSS 1380.

If you use windows with the Wireguard client, try to change the MTU of your main network interface to something like 1400 or 1380 or lower and see if RDP works then.
Logged
Hardware:
DEC740

bartjsmit

  • Hero Member
  • *****
  • Posts: 2016
  • Karma: 194
    • View Profile
Re: WireGuard - Everything but RDP works
« Reply #2 on: June 28, 2024, 07:22:30 am »
Have you looked at NX as an alternative to RDP? https://www.nomachine.com/
Logged

Greg_E

  • Sr. Member
  • ****
  • Posts: 342
  • Karma: 19
    • View Profile
Re: WireGuard - Everything but RDP works
« Reply #3 on: June 28, 2024, 03:21:52 pm »
I'll throw out on odd ball work around until you have time to figure this out:

Set up a Kasm Workspaces server and install the Remmina workspace. This way you are using a web browser to connect, and Remmina is inside your system so RDP should work. Kind of a long path around, but it will let you get work done when needed. https://kasmweb.com/
Logged

Monviech (Cedrik)

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 1601
  • Karma: 176
    • View Profile
Re: WireGuard - Everything but RDP works
« Reply #4 on: June 28, 2024, 03:41:11 pm »
If the problem are the packet sizes, no HTTPS connection will work through the tunnel.

OP said they can reach port 80 and 81 websites, which are unencrypted HTTP. These will work, but encrypted connections have a larger packet size and will get fragmented without the proper MTU/MSS.

RDP is also an encrypted connection which will refuse to work.
Logged
Hardware:
DEC740
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • English Forums »
  • General Discussion »
  • WireGuard - Everything but RDP works
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2