Overclock.net › Forums › Software, Programming and Coding › Networking & Security › RDP dropped when going through VPN
New Posts  All Forums:Forum Nav:

RDP dropped when going through VPN

post #1 of 11
Thread Starter 
Here's the story:

At work we just had VPN setup so some of our employee's could access the terminal server from home. It's a 2000 server with SP4 installed. We had a third-party company setup a VPN for us (via a firewall/router that they installed). They gave us a VPN client called "Forticlient" to use to connect to this VPN. So we can connect fine and rdp to the server and everything works great. Now here's the problem, when the rdp window is minimized, the connection will be lost within 2 minutes. The problem is, there is no traffic going to the server, so the server thinks the connection has dropped and just disconnects it. The user has a linksys wrt54g router at home that the VPN is passing through. All the appropriate settings are set in that such as the VPN passthrough and I forwarded the VPN port to the computer. I also configured keepalivetime and keepaliveinterval in the registry on the server to send keep alive packets every minute, but I don't think it's working. This is a really frustrating problem and it has me stumped.

Any help is appreciated.
post #2 of 11
I believe you actually need to configure the VPN Client that is installed on your server to send keep-alive packets instead of the server itself.
Furian II
(14 items)
 
  
CPUMotherboardGraphicsRAM
AMD Pheon X4 955 MSI 870A-G46 Saphire 4870 1GB GSkill Ripjaw 2x4 DDR3 1600 
OSMonitorMonitorKeyboard
Windows 7 Home - 32 kernel cracked for more RAM Spectre 32" Acer 22" Logitech G15 V1 
MouseMouse Pad
Logitech G9 Xact Mat 
  hide details  
Reply
Furian II
(14 items)
 
  
CPUMotherboardGraphicsRAM
AMD Pheon X4 955 MSI 870A-G46 Saphire 4870 1GB GSkill Ripjaw 2x4 DDR3 1600 
OSMonitorMonitorKeyboard
Windows 7 Home - 32 kernel cracked for more RAM Spectre 32" Acer 22" Logitech G15 V1 
MouseMouse Pad
Logitech G9 Xact Mat 
  hide details  
Reply
post #3 of 11
Thread Starter 
There is no VPN software installed on the server. The VPN is handled by a firewall/router device. I have keep alive enabled but I don't think it's sending the packets, or the packets aren't reaching the destination....

Thanks for the reply though!
post #4 of 11
Not that this solves your problem but keeping a connection open to a Terminal server is actually a security risk. It disconnects inactive connections for a good reason.

Keeping the connection alive is a security risk and if in your case security is important then I dont advise keeping the connection open.
post #5 of 11
Thread Starter 
Quote:
Originally Posted by ENTERPRISE View Post
Not that this solves your problem but keeping a connection open to a Terminal server is actually a security risk. It disconnects inactive connections for a good reason.

Keeping the connection alive is a security risk and if in your case security is important then I dont advise keeping the connection open.
Well here's the thing, the connection drops after 1 minute of inactivity. I have terminal server set to disconnect inactive users after an hour. When going through the VPN, the connection gets dropped 1 minute after it goes inactive. I read somewhere that the linksys router used at the persons home is closing the connection because there is no activity going through it. Well terminal server doesn't react to that very well and just drops the connection. I do understand that it could be a possible security risk, but this person is our test subject for the VPN and she does all her work on the terminal server. The only thing she does outside the terminal session is check her email via outlook, and thats when it drops the connection.

I did find a temporary/final (I haven't decided yet) solution. I found a program that sends pings every 10 seconds. I just have this run at startup and have it ping all the terminal servers. Since then, her connection hasn't dropped once, even when inactive.

Thanks for the replies! rep +
post #6 of 11
Quote:
Originally Posted by elementskater706 View Post
I did find a temporary/final (I haven't decided yet) solution. I found a program that sends pings every 10 seconds. I just have this run at startup and have it ping all the terminal servers. Since then, her connection hasn't dropped once, even when inactive.

Thanks for the replies! rep +
That's a MAJOR security risk and would get the user banned where i work XD.... Not only will this ping program stop the VPN from dropping, it'll also prevent the users workstation from locking as it'll never go inactive. If you think the problem is the users router have them bypass it for the sake of testing. If the problem is the router simply make some "rules" for work at home clients that they must have routers brand X, Y, and Z. No user who is being allowed to work from home should complain about paying $50.00 for a compatible router.
Furian II
(14 items)
 
  
CPUMotherboardGraphicsRAM
AMD Pheon X4 955 MSI 870A-G46 Saphire 4870 1GB GSkill Ripjaw 2x4 DDR3 1600 
OSMonitorMonitorKeyboard
Windows 7 Home - 32 kernel cracked for more RAM Spectre 32" Acer 22" Logitech G15 V1 
MouseMouse Pad
Logitech G9 Xact Mat 
  hide details  
Reply
Furian II
(14 items)
 
  
CPUMotherboardGraphicsRAM
AMD Pheon X4 955 MSI 870A-G46 Saphire 4870 1GB GSkill Ripjaw 2x4 DDR3 1600 
OSMonitorMonitorKeyboard
Windows 7 Home - 32 kernel cracked for more RAM Spectre 32" Acer 22" Logitech G15 V1 
MouseMouse Pad
Logitech G9 Xact Mat 
  hide details  
Reply
post #7 of 11
Thread Starter 
Quote:
Originally Posted by HatesFury View Post
That's a MAJOR security risk and would get the user banned where i work XD.... Not only will this ping program stop the VPN from dropping, it'll also prevent the users workstation from locking as it'll never go inactive. If you think the problem is the users router have them bypass it for the sake of testing. If the problem is the router simply make some "rules" for work at home clients that they must have routers brand X, Y, and Z. No user who is being allowed to work from home should complain about paying $50.00 for a compatible router.
Well, we supplied the router....We don't have alot of experience with VPN connections and such. Why is it such a security risk? Because somebody could log on from her workstation at her house? The VPN connection never drops out though. It's only the rdp session that drops. The VPN stays connected afterwards.
post #8 of 11
Quote:
Originally Posted by elementskater706 View Post
Well, we supplied the router....We don't have alot of experience with VPN connections and such. Why is it such a security risk? Because somebody could log on from her workstation at her house? The VPN connection never drops out though. It's only the rdp session that drops. The VPN stays connected afterwards.
Anyone at her computer could mess with the server, but worse, anyone who can gain access to her PC could hit the server. It's far easier to hack a personal PC behind a $50.00 router than a business network. The risk of a work at home user being hacked is exponentially greater than your network server being hacked. You're basically giving a hacker a back door.

RDP isn't a solid state program, and shouldn't be disconnecting due to inactivity. if it is, then it's configured weird, and you should just need to change your RDP settings to like a 10 minute timeout instead of 1.
Furian II
(14 items)
 
  
CPUMotherboardGraphicsRAM
AMD Pheon X4 955 MSI 870A-G46 Saphire 4870 1GB GSkill Ripjaw 2x4 DDR3 1600 
OSMonitorMonitorKeyboard
Windows 7 Home - 32 kernel cracked for more RAM Spectre 32" Acer 22" Logitech G15 V1 
MouseMouse Pad
Logitech G9 Xact Mat 
  hide details  
Reply
Furian II
(14 items)
 
  
CPUMotherboardGraphicsRAM
AMD Pheon X4 955 MSI 870A-G46 Saphire 4870 1GB GSkill Ripjaw 2x4 DDR3 1600 
OSMonitorMonitorKeyboard
Windows 7 Home - 32 kernel cracked for more RAM Spectre 32" Acer 22" Logitech G15 V1 
MouseMouse Pad
Logitech G9 Xact Mat 
  hide details  
Reply
post #9 of 11
Thread Starter 
Quote:
Originally Posted by HatesFury View Post
Anyone at her computer could mess with the server, but worse, anyone who can gain access to her PC could hit the server. It's far easier to hack a personal PC behind a $50.00 router than a business network. The risk of a work at home user being hacked is exponentially greater than your network server being hacked. You're basically giving a hacker a back door.

RDP isn't a solid state program, and shouldn't be disconnecting due to inactivity. if it is, then it's configured weird, and you should just need to change your RDP settings to like a 10 minute timeout instead of 1.
Where could I change the RDP timeout setting?
post #10 of 11
Rededit:

hkey_local_machine> System > Current control set > Control > Terminal Server> Default user configuration.

Dword is MaxIdleTime. Change this to 0 and their RDP session will stop timing out, but terminal server session will still time them out

***I THINK*** you'll have to test to verify.
Furian II
(14 items)
 
  
CPUMotherboardGraphicsRAM
AMD Pheon X4 955 MSI 870A-G46 Saphire 4870 1GB GSkill Ripjaw 2x4 DDR3 1600 
OSMonitorMonitorKeyboard
Windows 7 Home - 32 kernel cracked for more RAM Spectre 32" Acer 22" Logitech G15 V1 
MouseMouse Pad
Logitech G9 Xact Mat 
  hide details  
Reply
Furian II
(14 items)
 
  
CPUMotherboardGraphicsRAM
AMD Pheon X4 955 MSI 870A-G46 Saphire 4870 1GB GSkill Ripjaw 2x4 DDR3 1600 
OSMonitorMonitorKeyboard
Windows 7 Home - 32 kernel cracked for more RAM Spectre 32" Acer 22" Logitech G15 V1 
MouseMouse Pad
Logitech G9 Xact Mat 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security
Overclock.net › Forums › Software, Programming and Coding › Networking & Security › RDP dropped when going through VPN