Gnome-rdp (re-post)

Ed Greshko Ed.Greshko at greshko.com
Sun Jul 1 14:56:22 UTC 2012 

On 07/01/2012 09:58 PM, Christopher A. Williams wrote:

Look forward to hearing how your test without the VPN work out....

>> You have a Cisco VPN Gateway with 2 interfaces.  Let's call them "inside" and
>> "outside". 
>> For argument sake I'll assign the IP addresses for the Cisco as
>> inside=192.168.0.1
>> outside=192.168.1.1
> ...Not exactly the IP address ranges used, but for argument's sake the
> basic part here is correct.

OK.  I didn't expect to be able to guess the IP's in use.  :-) :-)
>> You have 2 Linux boxes.  One on the outside and one on the inside.  The one on the
>> inside is running the xrdp server....and the client is on the outside.
>>
>> For argument sake I'll call them IN and OUT with the following IP addresses.
>> IN=192.168.0.20
>> OUT=192.168.1.20
> Again, pretty close. Actually the box (actually, there are several) are
> running Windows Server 2008 and have the standard Windows RDP server
> (Windows Terminal Services) running for remote administration purposes.
> All of these boxes are actually VMs running in a VMware vSphere based
> virtual environment (not necessary to the conversation, but so you have
> the full picture).

OK.  The client side that fails in Linux.  The server sides are Windows Server.
>
>> Now, assuming the topology is correct......
>>
>> Without making a RDP attempt....  Can you ping IN from OUT using the hostname?  IP
>> address?  Can you ssh to IN from OUT using the hostname?  IP address?
> Here's where the answer is a little more complicated:
>
> When using a Windows system with the Cisco VPN client, the answer across
> the board is yes. We can ping, use Remote Desktop, and use all Web
> services on the inside network. We can also use the VI Client from
> VMware to remotely administer the system and all additional feature
> work.
>
> When using the vpnc client and Network Manager, the answers are
> different. We are able to ping (at least to allowed systems), and we can
> use Web based network services. However Gnome-RDP and Reminna fail as
> noted earlier. Host names are not resolved by either client, and both
> are unable to connect and maintain RDP sessions.

OK....  When you say the ping works from the Linux system you are using the IP
address, right?  I say that since you say the "hostnames are not resolved".   Are you
expecting the hostnames to be resolved via DNS?  Are they actually registered in the
DNS...or only in the hosts file?

I ask this since applications will normally resolve hostnames based on the
configuration in /etc/nsswitch.conf.  But, the DNS tools like dig and nslookup ignore
nsswitch.conf and go directly to DNS.

My nsswitch.conf contains....

hosts:      files dns

and my /etc/hosts file has a line

192.168.0.18   nickel nickel.greshko.com

But nickel is not in the DNS.....

So....

[egreshko at meimei ~]$ ping nickel
PING nickel (192.168.0.18) 56(84) bytes of data.
64 bytes from nickel (192.168.0.18): icmp_req=1 ttl=64 time=0.024 ms
64 bytes from nickel (192.168.0.18): icmp_req=2 ttl=64 time=0.033 ms

works....   But....

[egreshko at meimei ~]$ host nickle
Host nickle not found: 3(NXDOMAIN)

fails....  All as expected.

>
> That's why I'm certain there is nothing wrong with the VPN
> configuration. The reason I suspect there couls be something amiss with
> Network Manager / vpnc is that the VPN connection with these does error
> out and drop with a frequency that's best described as frustrating. I'm
> also pretty suspicious that something with RDP is also gone awry.
>

The thing about VPN's and DNS is that in many cases the /etc/resolv.conf should be
altered by the action of connecting the VPN so "internal" servers are used as opposed
to "external" servers since the "internal" servers would contain "private" DNS
information.

I use OpenVPN...  Prior to connecting the VPN the resolv.conf contains....

# Generated by NetworkManager
search greshko.com
nameserver 192.168.0.55

While after it contains....

# Generated by NetworkManager
search greshko.com
nameserver 66.171.178.35
nameserver 66.171.178.34
nameserver 192.168.0.55

I'm not familiar with vpnc .... but I would expect this to be the same. 

When it comes to rdp....the other test that I suggested it to "telnet" from the
client to the server rdp port to see if a connection is made.

telnet WinServerIP 3389

Should make a connection assuming the server side is using the standard port.



-- 
Never be afraid to laugh at yourself, after all, you could be missing out on the joke
of the century. -- Dame Edna Everage

More information about the users mailing list