Microsoft Remote Desktop won't connect/keeps reconnecting

Question

Microsoft Remote Desktop won't connect/keeps reconnecting

MichelGreijmans opened this issue 3 years ago · 2 comments

MichelGreijmans commented 3 years ago

Package version

1.0.20211208

Firmware version

1.10.9

Device

EdgeRouter X (SFP) - e50

Issue description

We're having issues with our customers when passing Microsoft Remote Desktop (RDP) traffic through wireguard tunnels. For some odd reason only Microsoft Remote Desktop client is affected, so for example thin clients using FreeRDP aren't affected, but the official Microsoft Remote Desktop app on MacOS works fine through wireguard.

I've had this issue in a set up with a site-to-site VPN through wireguard between two EdgeRouters, but also when using Wireguard as an remote access VPN for users to get to office resources (including RDP access to their PC).

It appears everything works fine through the WireGuard tunnels, with the exception of RDP traffic on the Microsoft Windows clients. The screen stays black, or we just barely get an image through before it starts showing the "Reconnecting" dialog. From what I can see on wireshark is that we're getting TDP reset flags when the client starts reconnecting.

We initially thought this might be an MTU issue, so we lowered the MTU to 1280 from the default 1412, but the issue remained.

I'm out of ideas how to proceed in troubleshooting/narrowing down this issue, I'm not sure if this is a general Wireguard issue, specific to this EdgeOS/vyOS implementation. What I find odd is that there aren't any other reports of people experiencing this.

Thank you

Configuration and log output

# show interfaces wireguard 
 wireguard wg0 {
     address 192.168.4.1/24
     listen-port 51xyz
     mtu 1280
     peer xx {
         allowed-ips 192.168.4.2/32
     }
     peer xx {
         allowed-ips 192.168.4.6/32
     }
     peer xx {
         allowed-ips 192.168.4.3/32
     }
     peer xx {
         allowed-ips 192.168.4.5/32
     }
     peer xx= {
         allowed-ips 192.168.4.4/32
     }
     peer xx {
         allowed-ips 192.168.4.8
     }
     peer xx {
         allowed-ips 192.168.4.7
     }
     private-key /config/auth/wg.key
     route-allowed-ips false
 }

Answer 1 · 2022-02-01T19:27:54.000Z

From what I remember, Microsoft switched to using RDP over UDP while all other implementations default to TCP.
There are reports of UDP causing issues with multiple different VPN solutions, so it might be worth switching to TCP for testing.

Answer 2 · 2022-02-01T20:10:52.000Z

That must be it, thank you!