SOLVED: Remote Desktop doesn't works anymore after update to 24.1.2

[Ronny1978]

Hello Together,

Remote Desktop (RDP) doesn't works any more after update to 24.1.2. See also the thread here https://forum.opnsense.org/index.php?topic=39093.0.

Thanks for updating/patching.

Ronny

[jp0469]

Kind of hard to help out with this little detail. Are you trying to RDP out of your network? In? Across VLANs?

[Ronny1978]

Hello jp0469,

sorry. Here some more detail. RDP works very well until update today to 24.1.2.

PC (LAN) 192.168.1.53 -> VM on Proxmox (VLAN) 10.0.60.10

Nothing changed on Promox, nothing changed on the VM Win 11, nothing other changes in OpnSense

25.02.2024 it works -> 26.02.2024 update OpnSense to 24.1.2 it doesn't works anymore

All IP addresses also doesn't changes. I think the best way is to roll back 24.1.1, but I haven't any experience with a rollback. Can someone helps me? Via SSH console?

[newsense]

No need to rollback, you can post the rules here from both vlans so we can see where the issue is.

[Ronny1978]

Okay I can post it today evening. BUT: Again -> I haven't changes anything? Yesterday, BEFORE UPDATE to 24.1.1 it works very well. What changes have been made to the firewall rules in the update 24.1.2?


A detailed overview I can give you later.

[Tom221]

I have exactly the same issue after update to 24.1.2. Didn't test 24.1.1 because I updated from 23.x. In my case it seems to be a DNS issue as when using the ip address instead of the hostname it works without any flaws. I use RDP over VPN.

[Ronny1978]

Hello Tom221.

Thanks a lot for your information. I use the IP address of my VM on Proxmox (10.0.60.10). Nevertheless, the error occurs. Username and password okay, but the connection ends in a connection error.

[jp0469]

I would confirm that OPNsense is actually the reason. If you log the rule(s) that would normally allow the traffic to pass between the LAN and VLAN, then you can check your logs to confirm whether or not it's being passed. Could it be a coincidence related to an update on the VM? Try using nmap to confirm that the VM is actually listening on the RDP port. Also, check the logs on the VM and see if there are authentication errors or anything similar which would indicate that the traffic is actually getting through.

[Monviech (Cedrik)]

If RDP doesn't work (especially over VPN) and it uses TCP it's pretty much always a Paket Fragmentation issue.

Create a Normalization rule for the VPN connection that prevents TCP pakets being fragmented. You can use the examples from the Wireguard Dokumentation.

https://docs.opnsense.org/manual/how-tos/wireguard-s2s.html#step-4a-setup-firewall-site-a ...Go to Firewall ‣ Settings ‣ Normalization...

[Ronny1978]

If RDP doesn't work (especially over VPN) and it uses TCP it's pretty much always a Paket Fragmentation issue.

I have created the rule -> doesn't works see pict 3

If you log the rule(s) that would normally allow the traffic to pass between the LAN and VLAN

see here pict2

here is the error message pict 1


UPDATE: I uncheck Suricata/IPS and update the rules. At the moment it works.
I startet the firewall and RPD works a short time

UPDATE 2:  it seems, that SURICATA is the problem at my configuration. I deactivate it. Now it seems to work.