-
Notifications
You must be signed in to change notification settings - Fork 501
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
RDP with NAT/RAS Stops Working when Running WinDivert #258
Comments
I assume that One thing you are try is running |
No errors from passthru.exe. Attempting your suggestion soon, will report back |
@basil00 tests are completed. Expected packets are seen when running passthru and netdump with the expected source ip, dest ip and dest port. However running passthru.exe still causes rdp to fail with timeout. Running netdump.exe by itself without passthru.exe allows RDP to succeed, but this is not a surprise due to the sniff flag in the netdump.exe application. It appears something with pulling packets out and re-injecting them breaks RDP with NAT/RAS, not sure why... |
@basil00 I am the end user working with jjxtra and his application. It would seem helpful for me to provide some direct info on the affected systems. Details and netdump log below. Hyper-V environment with two Win2019 VMs: BACKUP and VPN VPN: Symptom: Netdump log: Fundamentally, it feels like there is some issue with RAS/NAT/Port forwarding. |
@basil00 I'd be willing to pay to help get this figured out, please let me know if you have bandwidth for such a thing |
My bandwidth is extremely limited these days. Did you also check if the SYNACK was ever generated? It may be some weird NAT interaction, but I do not have any great ideas on what the problem could be. |
@basil00 There are no syn ack for port 20001, but there are some syn ack on other ports. Curiously it's only the RDP traffic that is impacted. Regular http(s) calls and other calls still work fine. Also, with passthru.exe NOT running, there are still no syn ack calls on port 20001. |
You mean if only |
@TimesliceTechnologies Can you confirm that just running netdump.exe by itself allows rdp or not? |
RDP works as expected when only Netdump.exe is running as I recall. |
If Unfortunately, I cannot offer much help. Since the problem is protocol specific, it may the the interaction with WinDivert and some other firewall/driver/filter/etc installed on the system. The interaction with the NAT is another interesting clue, but I cannot see how that would cause the problem, since the filter is on the |
Running WinDivert and using filter
inbound and tcp.Syn
on network layer. I callWinDivertRecvEx
andWinDivertSendEx
to pass packets on through - very simple code, nothing fancy, just testing WinDivert will work.I am using NAT and RAS for Windows to connect to RDP. When WinDivert is opened successfully in my console app, new RDP connections fail with a timeout error. Is there something in the WinDivert code that might get tripped up when using NAT and RAS on Windows? I see some packets from my ip in my logs, but I am not sure if those are RDP syn packets or not as the dest port is not 3389...
If I run my same WinDivert filtering code on another server that uses RDP directly without NAT and RAS, RDP works as normal, although again I still don't see any port 3389 in the tcp headers...
EDIT I verified this with passthru.exe (default params, and using filter
(inbound and tcp.Syn) or icmp
on both boxes and same issue happens, unable to RDP with NAT/RAS but able to RDP just fine on the other box. My custom app was not running at the time.The text was updated successfully, but these errors were encountered: