Go Back  DVD Talk Forum > General Discussions > Tech Talk
Reload this Page >

Terminal services + VPN = not good

Tech Talk Discuss PC Hardware, Software, Internet and Other Technology

Terminal services + VPN = not good

Old 12-15-03, 08:16 PM
  #1  
DVD Talk Legend
Thread Starter
 
Join Date: Oct 1999
Location: |-|@><0r [email protected]|)
Posts: 17,214
Likes: 0
Received 0 Likes on 0 Posts
Terminal services + VPN = not good

So I Remote Desktop Connection-ed from one machine (call it X) into a machine (call it Y) the other day... and then VPN'd Y into another network. Naturally, my terminal services connection went dead, and since VPN almost always assigns a dynamic IP address, I couldn't even begin to think about finding Y on the other network. I had to VPN into the same network on X in order to find Y.

Honestly, I'm surprised that terminal services is this stupid. Each machine on the terminal services should just monitor its IP address, and if it changes, it initiates an attempt to re-connect to the other machine with the new address. Why doesn't it do that? For security, this process could always begin with the host machine logging out the RDC'd user and just providing a new login screen to the remote user.

- David Stein
Old 12-15-03, 08:25 PM
  #2  
X
Administrator
 
X's Avatar
 
Join Date: Oct 1987
Location: AA-
Posts: 10,764
Likes: 0
Received 4 Likes on 3 Posts
Whose VPN? The built-in MS stuff? I never used that one.

But I've never had a problem mixing VPN and TS, but I always used fixed IPs and never quite did what you did.

VPN isn't always so good about passing Netbios names. Depending on the subnets you tried to connect, it's possible that your VPN session put Y on a different subnet that the machine you were on at the time (X). Or it routed all traffic out through the VPN and X wasn't on VPN.

I have a software VPN that will lose connections to all my internal machines as soon as I connect to a remote VPN network even though all machines are on the same subnet.
Old 12-15-03, 08:40 PM
  #3  
DVD Talk Legend
Thread Starter
 
Join Date: Oct 1999
Location: |-|@><0r [email protected]|)
Posts: 17,214
Likes: 0
Received 0 Likes on 0 Posts
Originally posted by X
Whose VPN? The built-in MS stuff? I never used that one.
Nah, this was the Cisco VPN client. I don't think it matters, though - does any VPN suite support this sort of dynamic connection?
Originally posted by X
Depending on the subnets you tried to connect, it's possible that your VPN session put Y on a different subnet that the machine you were on at the time (X).
That's exactly what it did. Y went from having 1.2.x.x to having 3.4.x.x: it went from my home broadband ISP's network to the school network, with predictable results. Of course, Y could then access all machines on the 3.4.x.x subnet.

Basically, I'm just surprised that terminal services doesn't have this facility built in: when Y sees that its IP address changes, it just contacts X (at X's IP address, presuming it's the same) and says, "Hey, I was just at 1.2.x.x but now I"m at 3.4.x.x." Authentication should be trivial... I think terminal services does some kind of session public-key exchange, right? - each side could just authenticate with those session keys.

- David Stein

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Thread Tools
Search this Thread

Archive - Advertising - Cookie Policy - Privacy Statement - Terms of Service - Do Not Sell My Personal Information

Copyright 2018 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.