This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

RDP Packet loss via SSL-VPN in UTM9 / SG230

Hello everybody,

we are using an application based on the Microsoft RDP protocol, namely the IRDPSRAPI. The "sharer"-part of the application initiates a connection via IRDPSRAPISharingSession which is answered by the "viewer"-part of the application via IRDPSRAPIViewer. The catch: This works in the following cases:
- Both sharer and viewer are directly connected to the network (non-VPN)
- The sharer is directly connected to the network (non-VPN) and the viewer is using Sophos SSL-VPN of the UTM

but *not* if the sharer is the one using SSL-VPN, regardless of the viewer being directly connected or also using SSL-VPN. While connecting, the sharer sends several packets, including a "PUSH" packet, which is then lost in the UTM and the connection can't be established.

We have tried several versions of the UTM 9-Software (9-5xx to 9-6xx) and SSL clients, both Windows and MAC based as well as Sophos REDs.

The software vendor has analyzed the problem and concluded that the packet gets lost in the SSL stack of the UTM. Does this make sense? (How) Can this be verified? Is this a misconfiguration on our end? Regular Remote Desktop sessions work flawlessly.

Thank you in advance and regards,
Ken

Edit: Formatting fixed


This thread was automatically locked due to age.
Parents
  • Is your SSL VPN configured to use UDP?   If not, change to UDP and re-test.

    There are some perverse things that can happen if you run one TCP session inside another TCP session.  Basically, retransmits in one layer can trigger unwanted retransmits in the other layer.   Do a web search for"TCP Meltdown" if you want more details.

Reply
  • Is your SSL VPN configured to use UDP?   If not, change to UDP and re-test.

    There are some perverse things that can happen if you run one TCP session inside another TCP session.  Basically, retransmits in one layer can trigger unwanted retransmits in the other layer.   Do a web search for"TCP Meltdown" if you want more details.

Children
No Data