WireGuard - Everything but RDP works

Started by HairNutz, June 28, 2024, 12:21:28 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
June 28, 2024, 12:21:28 AM Last Edit: June 28, 2024, 12:26:29 AM by HairNutz
Any suggestions on what to check if I cant RDP to any of my machines?  Ive read a few other forum posts related to IP settings, firewall rules but I must be missing something and Im sure its probably firewall related.

I can RDP to these machines without issue internally but when Im remote connect through wireguard Im not able to RDP.  Some of these machines host websites on port 80, 81 and others which I can reach just fine.  Some of them run VNC which works fine (UnRaid VM's) but not RDP.

Ive enabled Edge Traversal in the Windows Firewall for Remote Desktop Shadow, Remote desktop TCP and UDP.  Each has their profile set to All Networks (Public, Private, Domain).  I dont have any rules that Im aware of that explicitly blocks that traffic. 

Some of my VMs dont support VNC as they use passthrough GPUs so Id like to get RDP working.

I happen to be out of town at the moment so figured Id try to look into this a bit more while I have some time. 

Appreciate any assistance.  Thanks!

** I guess I could temporarily forward port 3389 to one of them and test without wireguard to determine if it is actually firewall. 
June 28, 2024, 06:17:40 AM #1
This is most likely a problem with paket sizes.

Every VPN has an overhead, for Wireguard the MTU is 1420 and the MSS 1380.

If you use windows with the Wireguard client, try to change the MTU of your main network interface to something like 1400 or 1380 or lower and see if RDP works then.
Hardware:
DEC740
June 28, 2024, 07:22:30 AM #2
Have you looked at NX as an alternative to RDP? https://www.nomachine.com/
June 28, 2024, 03:21:52 PM #3
I'll throw out on odd ball work around until you have time to figure this out:

Set up a Kasm Workspaces server and install the Remmina workspace. This way you are using a web browser to connect, and Remmina is inside your system so RDP should work. Kind of a long path around, but it will let you get work done when needed. https://kasmweb.com/
June 28, 2024, 03:41:11 PM #4
If the problem are the packet sizes, no HTTPS connection will work through the tunnel.

OP said they can reach port 80 and 81 websites, which are unencrypted HTTP. These will work, but encrypted connections have a larger packet size and will get fragmented without the proper MTU/MSS.

RDP is also an encrypted connection which will refuse to work.
Hardware:
DEC740
Print
Go Up Pages1
User actions