Hello,
I have a Cisco router in the US and a Symantec Router in China. I have established a Site to Site VPN. I can ping each network from both sides. The problem is that when I use Remote Desktop from the US to China, I am able to connect but I get a black screen, or the connection is very very slow. Any Suggestions?
RDP is a VERY chatty prtocol so do not be surprised if it will not work well/at all over a VPN especailly with many hops.
Couple of things you might try:
Adjust you NIC to use the discovered maximum path MTU size
ping -l 1500 -f
Add a value to the TcpMaxDataRetransmissions subkey under the following registry key:
HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\TcpMaxDataRetransmissions = 10
If the value does not exist, highlight PARAMETERS, go to Edit and select add value. Choose REG_ DWORD format
Hmmm.
I don't think that it is chatty! Maybe compared to telnet but you are getting more bang.
This is true, I checked with ethereal. Beyond belief. !!!
HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\TcpMaxDataRetransmissions
OK.
If you find that you are getting MTU issue than I would drop the MTU on one end (at least) to an appropriate value. Fixing one is sufficient. e.g. 1300.
Alternatively if you have a cisco router in the path you could apply the "ip tcp mss-adjust 1300" [from memory] (or whatever value you need) command to an interface on the path, Note that the length in ping commands is often the ICMP data length and not the MTU or the TCP mss.
Don't worry if you are 50 or 100 bytes below the true min, the extra overhead is negligable. Get it working and go and relax.
I think that the absolute most important thing after MTU is to make sure that you are doing selective ack. This is the default in XP.
Also if you are having to wait on the initial splash screeen look into:-
Remote Desktop RDP mstsc splash screen slow links
Registry Settings System Key: [HKEY_USERS\\.DEFAULT\\Control Panel\\Desktop] Value Name: Wallpaper, TitleWallpaper Data Type: REG_SZ (String Value)
Wallpaper "A filename" Without quotes Pattern "(None)" Without quotes TileWallpaper 0 = don't Old PC Wallpaper was - C:\\Windows\\cpq800h.bmp
NO REBOOT NEEDED has immediate effect.
I do feel that Merv has on this occasion been more negative that I am about RDP. We have people using it from Hong Kong to London over a VPN.
I think that, aside from the MTU thing, the VPN makes no difference.
One thing to do is to make sure that RDP is OK on the target machine. Get someone local to try it out.
There is a nice cisco doc on MTU. I will have a look for it tomorrow. I think if you search for MTU GRE IPSEC you should get it.
Finally my bet is on Merv being right about the MTU.
It has to be chatty since it's moving mouse/key movements around. I don't know that you can change that since it's the nature of the application.
[snip]You mean it does *not* set the DF bit? If you set the DF bit, that's how you do PMTU-D so I think I'm missing something here.
1472 should be the first starting point. 20 bytes for IP header, 8 bytes for ICMP. So you have 1472 left over.
RDP does not allow it's packets to be fragmented, so you most ensure MTU sent does not exceed path MTU.
My thanks to everyone who is providing me with help, I tried all of the above mentioned, but nothing works. I have also tried browsing to the servers share: \\\\server-over-vpn\\share but that times out and I can't access that either. Could the two problems be related?
Merv wrote:
What happens for ping with large packet size ( ie. max MTU and lartge number of packets ( 1000 or more.
What is the latency tiem like ?
ping -l 1500 172.16.64.5
Pinging 172.16.64.5 with 1500 bytes of data:
Reply from 172.16.64.5: bytes=1500 time=295ms TTL=127 Reply from 172.16.64.5: bytes=1500 time=294ms TTL=127 Reply from 172.16.64.5: bytes=1500 time=290ms TTL=127
if I try this:
ping -f -l 1500 172.16.64.5
I can't get a good ping. so I tried reducing the mtu but when I did that web browsing became so slow that it was a problem.
Merv wrote:
Reply from 172.16.64.5: bytes=1500 time=295ms TTL=127
ouch !!!
with the -f flag set what is the largest MTU size for which you get a ping response ?
does ping -f -l 1472 172.16.64.5 give you a ping response ?
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.