[ previous ] [ next ] [ threads ]
 
 From:  <edp dot lists at acerbis dot it>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  R: [m0n0wall] VNC Problem
 Date:  Thu, 7 Oct 2004 11:12:21 +0200
> I've been experiencing troubles using VNC through an IPsec tunnel (based
on DSL connections):
> it sometimes freezes during the 'initial screen loading'
> phase. And I have the same kind
> of problem with an SQL application which sends tons of data through the
wire.

> I'm not sure what the reason is, but I've recently found the following 
> "[...] If you are wondering why UDP is used instead of TCP, 
> source: http://www.sans.org/rr/papers/20/1459.pdf

That's not the case.
IPSEC doesn't use some sort of tcp layer for tunneling but its own protocol
( in some cases is placed only over udp for nat traversing) , that would be
a mess, imagine tunnelling of disconnected and unreliable protocols over
connected ones :)

Maybe your problem was due to MTU differences, fragmentation and incorrect
handling of icmp messages ( it happened to me in the past that a mtu problem
prevented me to connect to a terminal server rdp machine through tunnels).

For the user that can't connect to VNC anymore, he must provide additional
data to the list for problem solving
( server so, personal firewall installed, nmap dump etc. etc.).







.FT