Carlyle Sutphen wrote:
Hi John,
From: "John Mangan" <[EMAIL PROTECTED]> To: [email protected] Subject: Yet another back screen problem. Date: Mon, 31 Jan 2005 12:52:49 +0000
I have set up VNC Server 4.0 on a Windows 2000 SBS box behind a firewall. I have forwarded ports 5900 and 5800. I have successfully connected to the server locally, via a dial-up laptop and from a remote PC behind another firewall (all running Windows XP Pro SP2, VNC Client 4.0).
When the support organisation that this was set up for try to connect they authenticate successully but then get the dreaded black screen. I can see the cursor moving but they get nothing. They use VNC Client 4.0 regularly to provide remote support so we are confident that their setup is correct as well.
Any ideas, suggestions, (hope)?
I solved that problem by lowering my MTU. I'm still analyzing the source of the problem. At first I thought that Linux was being too paranoid and blocking all ICMP packets, particularly the ones enabling path MTU discovery. Now after some preliminary tests (specifically allowing incoming "fragmentation needed and DF set" packets), I am beginning to suspect the dialup server to be blocking these. Tonight, I'll be setting iptables up to log all ICMP traffic.
The support organization may be blocking all ICMP packets thinking they are being especially safe but if so they are actually crippling their network. If this is the case and you can't get them to reconfigure to allow useful ICMP traffic, have them lower their MTUs to 1385. That works for me. I have also seen values from 1480 recommended. It depends on the overhead of your VPN software's encryption.
Regards,
Carlyle
the high-speed DSL we use here requires a MTU of 1492 [or less] ;-) _______________________________________________ VNC-List mailing list [email protected] To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
