Jump to content

Recommended Posts

Guest Anahaym
Posted

Hi,

 

we have the MS VPN based on RRAS 2012 R2. L2TP for Apple clients and SSTP for Windows 10 clients.

 

Randomly some Windows client can't connect to the SSTP VPN. It says - the server isn't available, but meanwhile the other Windows clients are able to connect. Moreover, the 443 port is accessible from problem PC. Sometimes it fixes itself in a few hours. The restart doesn't help even "Winsock reset".

 

There are Wireshark logs during the connection from the problem PC. I see something related to the TCP Retransmission.

 

No. Time Source Destination Protocol Length Info

484 4.697279 192.168.157.125 XXX.XXX.XXX.XXX TCP 66 50150 → 443 [sYN] Seq=0 Win=64240 Len=0 MSS=1460 WS=256 SACK_PERM=1

 

Frame 484: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0

Ethernet II, Src: IntelCor_86:c1:44 (3c:f8:62:86:c1:44), Dst: IETF-VRRP-VRID_30 (00:00:5e:00:01:30)

Internet Protocol Version 4, Src: 192.168.157.125, Dst: XXX.XXX.XXX.XXX

Transmission Control Protocol, Src Port: 50150, Dst Port: 443, Seq: 0, Len: 0

Source Port: 50150

Destination Port: 443

[stream index: 5]

[TCP Segment Len: 0]

Sequence number: 0 (relative sequence number)

[Next sequence number: 0 (relative sequence number)]

Acknowledgment number: 0

1000 .... = Header Length: 32 bytes (8)

Flags: 0x002 (SYN)

000. .... .... = Reserved: Not set

...0 .... .... = Nonce: Not set

.... 0... .... = Congestion Window Reduced (CWR): Not set

.... .0.. .... = ECN-Echo: Not set

.... ..0. .... = Urgent: Not set

.... ...0 .... = Acknowledgment: Not set

.... .... 0... = Push: Not set

.... .... .0.. = Reset: Not set

.... .... ..1. = Syn: Set

[Expert Info (Chat/Sequence): Connection establish request (SYN): server port 443]

[Connection establish request (SYN): server port 443]

[severity level: Chat]

[Group: Sequence]

.... .... ...0 = Fin: Not set

[TCP Flags: ··········S·]

Window size value: 64240

[Calculated window size: 64240]

Checksum: 0xc32b [unverified]

[Checksum Status: Unverified]

Urgent pointer: 0

Options: (12 bytes), Maximum segment size, No-Operation (NOP), Window scale, No-Operation (NOP), No-Operation (NOP), SACK permitted

[Timestamps]

 

No. Time Source Destination Protocol Length Info

1307 7.698394 192.168.157.125 XXX.XXX.XXX.XXX TCP 66 [TCP Retransmission] 50150 → 443 [sYN] Seq=0 Win=64240 Len=0 MSS=1460 WS=256 SACK_PERM=1

 

Frame 1307: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0

Ethernet II, Src: IntelCor_86:c1:44 (3c:f8:62:86:c1:44), Dst: IETF-VRRP-VRID_30 (00:00:5e:00:01:30)

Internet Protocol Version 4, Src: 192.168.157.125, Dst: XXX.XXX.XXX.XXX

Transmission Control Protocol, Src Port: 50150, Dst Port: 443, Seq: 0, Len: 0

Source Port: 50150

Destination Port: 443

[stream index: 5]

[TCP Segment Len: 0]

Sequence number: 0 (relative sequence number)

[Next sequence number: 0 (relative sequence number)]

Acknowledgment number: 0

1000 .... = Header Length: 32 bytes (8)

Flags: 0x002 (SYN)

000. .... .... = Reserved: Not set

...0 .... .... = Nonce: Not set

.... 0... .... = Congestion Window Reduced (CWR): Not set

.... .0.. .... = ECN-Echo: Not set

.... ..0. .... = Urgent: Not set

.... ...0 .... = Acknowledgment: Not set

.... .... 0... = Push: Not set

.... .... .0.. = Reset: Not set

.... .... ..1. = Syn: Set

[Expert Info (Chat/Sequence): Connection establish request (SYN): server port 443]

[Connection establish request (SYN): server port 443]

[severity level: Chat]

[Group: Sequence]

.... .... ...0 = Fin: Not set

[TCP Flags: ··········S·]

Window size value: 64240

[Calculated window size: 64240]

Checksum: 0xc32b [unverified]

[Checksum Status: Unverified]

Urgent pointer: 0

Options: (12 bytes), Maximum segment size, No-Operation (NOP), Window scale, No-Operation (NOP), No-Operation (NOP), SACK permitted

[sEQ/ACK analysis]

[TCP Analysis Flags]

[Expert Info (Note/Sequence): This frame is a (suspected) retransmission]

[This frame is a (suspected) retransmission]

[severity level: Note]

[Group: Sequence]

[The RTO for this segment was: 3.001115000 seconds]

[RTO based on delta from frame: 484]

[Timestamps]

 

No. Time Source Destination Protocol Length Info

2718 13.698897 192.168.157.125 XXX.XXX.XXX.XXX TCP 66 [TCP Retransmission] 50150 → 443 [sYN] Seq=0 Win=64240 Len=0 MSS=1460 WS=256 SACK_PERM=1

 

Frame 2718: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0

Ethernet II, Src: IntelCor_86:c1:44 (3c:f8:62:86:c1:44), Dst: IETF-VRRP-VRID_30 (00:00:5e:00:01:30)

Internet Protocol Version 4, Src: 192.168.157.125, Dst: XXX.XXX.XXX.XXX

Transmission Control Protocol, Src Port: 50150, Dst Port: 443, Seq: 0, Len: 0

Source Port: 50150

Destination Port: 443

[stream index: 5]

[TCP Segment Len: 0]

Sequence number: 0 (relative sequence number)

[Next sequence number: 0 (relative sequence number)]

Acknowledgment number: 0

1000 .... = Header Length: 32 bytes (8)

Flags: 0x002 (SYN)

000. .... .... = Reserved: Not set

...0 .... .... = Nonce: Not set

.... 0... .... = Congestion Window Reduced (CWR): Not set

.... .0.. .... = ECN-Echo: Not set

.... ..0. .... = Urgent: Not set

.... ...0 .... = Acknowledgment: Not set

.... .... 0... = Push: Not set

.... .... .0.. = Reset: Not set

.... .... ..1. = Syn: Set

[Expert Info (Chat/Sequence): Connection establish request (SYN): server port 443]

[Connection establish request (SYN): server port 443]

[severity level: Chat]

[Group: Sequence]

.... .... ...0 = Fin: Not set

[TCP Flags: ··········S·]

Window size value: 64240

[Calculated window size: 64240]

Checksum: 0xc32b [unverified]

[Checksum Status: Unverified]

Urgent pointer: 0

Options: (12 bytes), Maximum segment size, No-Operation (NOP), Window scale, No-Operation (NOP), No-Operation (NOP), SACK permitted

[sEQ/ACK analysis]

[TCP Analysis Flags]

[Expert Info (Note/Sequence): This frame is a (suspected) retransmission]

[This frame is a (suspected) retransmission]

[severity level: Note]

[Group: Sequence]

[The RTO for this segment was: 9.001618000 seconds]

[RTO based on delta from frame: 484]

[Timestamps]

 

 

How can I fix it?

 

 

Thank you in advance!

 

More...

  • Replies 0
  • Created
  • Last Reply

Popular Days

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...