So I have setup an OpenVPN, and one of the issues I have is the multi-wan issue which I have already replied to, but the other issue I have is that I am trying to connect to a couple PCs on the internal network, including a server running Terminal Service (or what they are calling RDP now). When I try to connect through the OpenVPN connection, I can connect to the server's drives, ping the server, but I am unable to connect to the remote desktop's. What can I do to fix this? I am hoping to get this fix this weekend. Thank you.
Share this post:
Accepted AnswerSimon WaddingtonOfflineOkay I figured it out already and from home too - fortunately I was able to use ssh to one of my Linux hosts and create a port 3389 tunnel into my Windows Home Server box, this let me connect to that system using Remote Desktop to localhost. In case someone needs to use that trick here is the incantation:
ssh -CNL 3390:windows-remote-lan-address:3389 linux-remote-host-address
obviously you need to replace windows-remote-lan-address appropriately - for me it is something like 192.168.0.x. In general your remote Linux box may not understand Windows host names hence the IP address. Ditto for linux-remote-host-address. Then you should be able to use remote desktop to connect to localhost:3390 and get connected to the remote windows box. There are some issues with connecting to localhost on XP, but later Windows versions, Linux and Mac RD implementations should work fine. See here for help: http://www.bitvise.com/remote-desktop.
Okay so here is the Windows part of it - you need to reconfigure the Windows firewall settings to allow access to RDP over networks other than the local LAN. If you have the firewall off completely that shouldn't be an issue but if you take a stock Windows machine the firewall should be on - when you enable Remote Desktop access it will add a firewall exception but that is only for the local subnet and as I mentioned in my first post OpenVPN uses a tunneled connection by default (not sure how easy it is to change that to bridged or if it is worth it) so it will look like you're accessing the Windows machine from 10.8.0.something.
To broaden the firewall exception do the following:
Login to your PC with a user that has Administrator rights. Go to the Windows Control Panel and find the Windows Firewall settings dialog (it varies from Windows version to version, I won't try enumerating them). Then click on the exceptions tab and scroll down for Remote Desktop which should have been added by Windows when you enabled remote desktop access. Select Edit and at the bottom select change scope. You can blow it wide open to Any Computer or just add your local subnet and the OpenVPN subnet used by ClearOS. For mine I entered:
apply those changes and you should be done.
If you still can't access your machine then you must have some other problem.
Note that this is somewhat painful because you will have to enable it for each and every PC that you'll be accessing (unless you're on a Windows domain and figure out a domain wide policy to apply this rule - something I know nothing about).
Good luck and let us know if this helps!
Accepted AnswerTony EllisOffline
Accepted AnswerSimon WaddingtonOfflineGamerayers I have the exact same problem. I have several PCs and a Windows Home Server behind my ClearOS gateway with OpenVPN set up. I can access the internal webserver and use Samba to access drives of the WHS box and PCs but Remote Desktop fails to connect each time. I also have no problems accessing my Linux machines using ssh over OpenVPN.
I think that it is almost certainly a remote desktop or Windows firewall configuration issue since the OpenVPN connections will appear to come from a different subnet (10.8.0.x) when in tunneled mode (as opposed to bridge mode). If I figure it out I will let you know - but the bad news is you need access to the machine to reconfigure it before you can gain remote access so it is hard to experiment remotely (I'm at home - there might be some hokey ssh tunneling I can do get around that, not sure).
Accepted AnswergamerayersOfflineI'm a little confused. Why would I need to port-forward port 3389 if I am using openvpn? I thought about doing that, but if I port-forward that port to the WAN, I wouldn't need to even use OpenVPN as it would be open. I thought that once you were connected using openvpn, all the ports are open.
I currently have a sonicwall in that location with IPSec VPN and I can access everything using that connection. I tried to replace the sonicwalls with clearos, but that is when I couldn't use the remote desktops anymore. The client I am using is able to connect when the sonicwall is up and the client IPsec software is active, but when I switch to ClearOS and the OpenVPN client, I can access all files on the network, ping anything, but RD just hangs when I try to connect. I've tried using IP and PC name.
Accepted AnswerJohnOfflineHi gamerayers,
After confirming that the basic settings are correct, not being able to connect with RD usually means one of two issues:
- not port-forwarding port 3389 (I don't suspect this, but just in case)
- a (non ClearOS) problem with the client you are trying to connect too
Once I had a similar issue and it was solved by disabling the sound. :blink:
Remote Computer Sound: Do not play
There are many reasons why problems with RD can happen (usually because of M$ Windoze), but my advise is to search Google for that.
You can also test if you are able to RD to those clients from another client on the same LAN.
Otherwise I would not know.