What's new

RDP over OpenVPN

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

BGood

Regular Contributor
I'm clearly getting dumber as I get older.

A few years ago, on my previous Asus Router with Merlin FW, when traveling, I was able to connect my Windows laptop via Open VPN and then RDP (MSTSC) to my desktop computer. Now, on my new Asus router, I cannot get RDP to connect to my desktop. I don't remember having to do anything special, but I haven't figured out what is different now. I only want RDP connections from my Open VPN subnet over VPN. I don't want to open it up beyond that. (I have no problems doing RDP on my internal network.)

Any solutions, please?
 
What router? Which firmware?

It should work without issue. Your router has a public IP address (i.e. not NATed) and the VPN client connects without problem?

Are you using a third-party firewall on the PC rather than the Windows Firewall?

Are you using your PC's IP address or host name in the RDP client?
 
Merline 384.19 on Asus RT-AC5300. Using Norton AV. On MSTSC, I'm specifying the IP address 192.168.29.111, but the laptop is coming in on 10.8.0.3.
 
Merline 384.19 on Asus RT-AC5300. Using Norton AV. On MSTSC, I'm specifying the IP address 192.168.29.111, but the laptop is coming in on 10.8.0.3.
Does Norton AV have a firewall component that might be blocking the RDP connection. I know that Windows Firewall has a rule that allows RDP from an external network.

You could try temporarily disabling Norton AV and the Firewall to see if that makes a difference.
 
This should work, and I would break it down into two separate parts.

First, is there any issue connecting to the OpenVPN server? The server is running on the router, and the connection is successful? Can you access the router? Compression settings allow traffic to go through?

Second is the RDP connection to the desktop. Is the desktop awake?
Using Norton AV.
Like, where? on the laptop or the desktop?
 
I am using an RT-AX88U and can quite happily RDP various windows laptops via the OpenVPN server.
Basic Server config includes
Client will use VPN to access : Both
and advanced
Code:
Interface Type:        TUN
Protocol:            TCP
Server Port:        xxxxxx
Authorization Mode:    TLS
Keys and Certificates   
Username/Password Authentication: Yes
Username / Password Auth. Only:     No
TLS control channel security: Encrypt channel

HMAC Authentication: Default
VPN Subnet / Netmask   
xxx.xxx.0.0 / 255.255.255.0

Advertise DNS to clients:    Yes
Cipher Negotiation: Enable (with fallback)

Negotiable ciphers:  AES-256-GCM:AES-128-GCM:AES-256-CBC:AES-128-CBC
Legacy/fallback cipher: AES-128-CBC
Compression:  Disable
Log verbosity: 3
Manage Client-Specific Options: No

When first setting up I missed setting "Advertise DNS to clients: Yes" which fixed it for me.
 
Sorry, I had these failures over Christmas when I was away from home and trying to RDP in to my desktop, as I said. I have since switched to BitDefender and found that I'm having the same problems as with Norton. I suppose I should have tested again when I had removed Norton and before I installed BitDefender.

But I have disabled the BitDefender firewall and still cannot access my desktop from the OpenVPN subnet.

I have no trouble reaching my NAS (by IP not name) on the internal LAN from the OpenVPN client laptop with the VPN connected. It's just RDP that won't work.

I've set Client will use VPN to access : Both
and "Advertise DNS to clients: Yes"

If it means anything, I can ping my NAS but not my desktop from the VPN-connected laptop.
 
So I reconnected my old desktop PC (the one I had connected to for years over the VPN) and I am able to connect to it just fine over the VPN. It also has BitDefender. So there's clearly something set on my new desktop that is blocking my connection attempts over RDP.
 
If it means anything, I can ping my NAS but not my desktop from the VPN-connected laptop.
Windows Firewall will block pings from outside the LAN. Temporarily turning off the firewall should enable ping replies.

If that doesn't happen then there looks to be some fundamental network configuration issue with the PC.
 
So I tried turning off both BitDefender Firewall and Windows Firewall and nothing changed. I could still get to the old PC and not the new one.

So just for the fun of it, I turned off the old PC and changed my DHCP reservations so that the new PC has the IP address of the old PC. And voila, RDP worked just fine! This was true with either Windows Firewall or BitDefender Firewall enabled.

So I've got VPN access to my most important computer via RDP, but for the life of me, I can't find the setting that makes it work with this one internal IP address. It seems like it should be somewhere in the Asus Router, but I don't see any static routes or anything pointing to that one address.
 
Are you using a TUN or TAP interface for your VPN server?

Are you using a LAN netmask different to 255.255.255.0?
 
I appear to be using TAP, which I think is required if I want to also use OpenVPN with Android, right?

I'm using 255.255.255.0 on my LAN and OpenVPN.
 
Use TUN. I don't know how you were getting a 10.8.0.3 address with TAP as you should have got a 192.168.29.x address.

IIRC TAP is a problem for Apple devices.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top