Windows RDP disconnects/reconnects all the time (via Sophos UTM VPN RedTunnel)

Rand__

Well-Known Member
Mar 6, 2014
4,620
918
113
Hi,
I have a weird connection issue over my VPN and though somebody here might have a smart idea.

I have setup 2 Sophos UTM v9's connected via RED tunnel in 2 locations. I have set up appropriate firewall and exclusion rules (I think).
I am able to RDP to a Win Server on Site A from Site B without a problem.
But, the connection gets disconnected every few seconds, the reconnects automatically, works a few and gets disconnected again and that happily for as long as I keep the session open.

Something similar happens with Horizon View Client - tried from site A to Site B - gets disconnected pretty quickly. If I acknowledge the disconnect the session closes and I need to re-establish. If i just ignore the disconnect message the session continues in the background.

I am stumped what this might be -
the fact that I can open the session implies that the primary rdp/view port is connecting correctly.

Ping and ssh stay stable (rare ping drops but not timely related to disconnects).

So it seems that both programs open a (random) high port after initial connection which for whatever reason is blocked by the firewall on either side, but I can't see any blocked traffic.

Does anyone have an idea what might the cause?
Thanks
 

NashBrydges

Member
Apr 30, 2015
86
24
8
53
Hi,
I have a weird connection issue over my VPN and though somebody here might have a smart idea.

I have setup 2 Sophos UTM v9's connected via RED tunnel in 2 locations. I have set up appropriate firewall and exclusion rules (I think).
I am able to RDP to a Win Server on Site A from Site B without a problem.
But, the connection gets disconnected every few seconds, the reconnects automatically, works a few and gets disconnected again and that happily for as long as I keep the session open.

Something similar happens with Horizon View Client - tried from site A to Site B - gets disconnected pretty quickly. If I acknowledge the disconnect the session closes and I need to re-establish. If i just ignore the disconnect message the session continues in the background.

I am stumped what this might be -
the fact that I can open the session implies that the primary rdp/view port is connecting correctly.

Ping and ssh stay stable (rare ping drops but not timely related to disconnects).

So it seems that both programs open a (random) high port after initial connection which for whatever reason is blocked by the firewall on either side, but I can't see any blocked traffic.

Does anyone have an idea what might the cause?
Thanks
I'm going to ask a silly question but...why are you running your Sophos UTMs through REDs? Why not setup a site-to-site VPN (which is what it sounds like you're trying to do) directly from the UTMs? Unless I'm misunderstanding what you're trying to accomplish.

A simple site-to-site VPN will essentially get both your network talking as if on the same LAN (assuming there are no IP conflicts) so RDP will be a breeze.
 

markarr

Active Member
Oct 31, 2013
410
110
43
I had several issues with a UTM to UTM Red link, so i ditched it and went site to site ipsec, worked flawlessly.
 

Rand__

Well-Known Member
Mar 6, 2014
4,620
918
113
As @markarr said its not 'through' reds but UTM2UTM via Red Link.
The advantage is (was?) the higher bandwith of that connection (50 vs 20 Mbit or so) and ease of setup.
Most of the stuff is working fine by now (with appropriate net2net fw rules), just one or 2 things bug me, like this one.

I am fairly sure it used to work a couple of firmware versions ago.
Unfortunately the Sophos forum is not really much of a help (to few people monitoring it for the amount of issues posted).

I would have preferred not to change too much (break things) as the second box is an hour's drive away;)
But if Red tunnel is the culprit then I might have to think about it...