A
Anahaym
Guest
Hi,
we have the MS VPN based on RRAS 2012 R2. L2TP for Apple clients and SSTP for Windows 10 clients.
Randomly some Windows client can't connect to the SSTP VPN. It says - the server isn't available, but meanwhile the other Windows clients are able to connect. Moreover, the 443 port is accessible from problem PC. Sometimes it fixes itself in a few hours. The restart doesn't help even "Winsock reset".
There are Wireshark logs during the connection from the problem PC. I see something related to the TCP Retransmission.
No. Time Source Destination Protocol Length Info
484 4.697279 192.168.157.125 XXX.XXX.XXX.XXX TCP 66 50150 → 443 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 WS=256 SACK_PERM=1
Frame 484: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0
Ethernet II, Src: IntelCor_86:c1:44 (3c:f8:62:86:c1:44), Dst: IETF-VRRP-VRID_30 (00:00:5e:00:01:30)
Internet Protocol Version 4, Src: 192.168.157.125, Dst: XXX.XXX.XXX.XXX
Transmission Control Protocol, Src Port: 50150, Dst Port: 443, Seq: 0, Len: 0
Source Port: 50150
Destination Port: 443
[Stream index: 5]
[TCP Segment Len: 0]
Sequence number: 0 (relative sequence number)
[Next sequence number: 0 (relative sequence number)]
Acknowledgment number: 0
1000 .... = Header Length: 32 bytes (8)
Flags: 0x002 (SYN)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...0 .... = Acknowledgment: Not set
.... .... 0... = Push: Not set
.... .... .0.. = Reset: Not set
.... .... ..1. = Syn: Set
[Expert Info (Chat/Sequence): Connection establish request (SYN): server port 443]
[Connection establish request (SYN): server port 443]
[Severity level: Chat]
[Group: Sequence]
.... .... ...0 = Fin: Not set
[TCP Flags: ··········S·]
Window size value: 64240
[Calculated window size: 64240]
Checksum: 0xc32b [unverified]
[Checksum Status: Unverified]
Urgent pointer: 0
Options: (12 bytes), Maximum segment size, No-Operation (NOP), Window scale, No-Operation (NOP), No-Operation (NOP), SACK permitted
[Timestamps]
No. Time Source Destination Protocol Length Info
1307 7.698394 192.168.157.125 XXX.XXX.XXX.XXX TCP 66 [TCP Retransmission] 50150 → 443 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 WS=256 SACK_PERM=1
Frame 1307: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0
Ethernet II, Src: IntelCor_86:c1:44 (3c:f8:62:86:c1:44), Dst: IETF-VRRP-VRID_30 (00:00:5e:00:01:30)
Internet Protocol Version 4, Src: 192.168.157.125, Dst: XXX.XXX.XXX.XXX
Transmission Control Protocol, Src Port: 50150, Dst Port: 443, Seq: 0, Len: 0
Source Port: 50150
Destination Port: 443
[Stream index: 5]
[TCP Segment Len: 0]
Sequence number: 0 (relative sequence number)
[Next sequence number: 0 (relative sequence number)]
Acknowledgment number: 0
1000 .... = Header Length: 32 bytes (8)
Flags: 0x002 (SYN)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...0 .... = Acknowledgment: Not set
.... .... 0... = Push: Not set
.... .... .0.. = Reset: Not set
.... .... ..1. = Syn: Set
[Expert Info (Chat/Sequence): Connection establish request (SYN): server port 443]
[Connection establish request (SYN): server port 443]
[Severity level: Chat]
[Group: Sequence]
.... .... ...0 = Fin: Not set
[TCP Flags: ··········S·]
Window size value: 64240
[Calculated window size: 64240]
Checksum: 0xc32b [unverified]
[Checksum Status: Unverified]
Urgent pointer: 0
Options: (12 bytes), Maximum segment size, No-Operation (NOP), Window scale, No-Operation (NOP), No-Operation (NOP), SACK permitted
[SEQ/ACK analysis]
[TCP Analysis Flags]
[Expert Info (Note/Sequence): This frame is a (suspected) retransmission]
[This frame is a (suspected) retransmission]
[Severity level: Note]
[Group: Sequence]
[The RTO for this segment was: 3.001115000 seconds]
[RTO based on delta from frame: 484]
[Timestamps]
No. Time Source Destination Protocol Length Info
2718 13.698897 192.168.157.125 XXX.XXX.XXX.XXX TCP 66 [TCP Retransmission] 50150 → 443 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 WS=256 SACK_PERM=1
Frame 2718: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0
Ethernet II, Src: IntelCor_86:c1:44 (3c:f8:62:86:c1:44), Dst: IETF-VRRP-VRID_30 (00:00:5e:00:01:30)
Internet Protocol Version 4, Src: 192.168.157.125, Dst: XXX.XXX.XXX.XXX
Transmission Control Protocol, Src Port: 50150, Dst Port: 443, Seq: 0, Len: 0
Source Port: 50150
Destination Port: 443
[Stream index: 5]
[TCP Segment Len: 0]
Sequence number: 0 (relative sequence number)
[Next sequence number: 0 (relative sequence number)]
Acknowledgment number: 0
1000 .... = Header Length: 32 bytes (8)
Flags: 0x002 (SYN)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...0 .... = Acknowledgment: Not set
.... .... 0... = Push: Not set
.... .... .0.. = Reset: Not set
.... .... ..1. = Syn: Set
[Expert Info (Chat/Sequence): Connection establish request (SYN): server port 443]
[Connection establish request (SYN): server port 443]
[Severity level: Chat]
[Group: Sequence]
.... .... ...0 = Fin: Not set
[TCP Flags: ··········S·]
Window size value: 64240
[Calculated window size: 64240]
Checksum: 0xc32b [unverified]
[Checksum Status: Unverified]
Urgent pointer: 0
Options: (12 bytes), Maximum segment size, No-Operation (NOP), Window scale, No-Operation (NOP), No-Operation (NOP), SACK permitted
[SEQ/ACK analysis]
[TCP Analysis Flags]
[Expert Info (Note/Sequence): This frame is a (suspected) retransmission]
[This frame is a (suspected) retransmission]
[Severity level: Note]
[Group: Sequence]
[The RTO for this segment was: 9.001618000 seconds]
[RTO based on delta from frame: 484]
[Timestamps]
How can I fix it?
Thank you in advance!
More...
we have the MS VPN based on RRAS 2012 R2. L2TP for Apple clients and SSTP for Windows 10 clients.
Randomly some Windows client can't connect to the SSTP VPN. It says - the server isn't available, but meanwhile the other Windows clients are able to connect. Moreover, the 443 port is accessible from problem PC. Sometimes it fixes itself in a few hours. The restart doesn't help even "Winsock reset".
There are Wireshark logs during the connection from the problem PC. I see something related to the TCP Retransmission.
No. Time Source Destination Protocol Length Info
484 4.697279 192.168.157.125 XXX.XXX.XXX.XXX TCP 66 50150 → 443 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 WS=256 SACK_PERM=1
Frame 484: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0
Ethernet II, Src: IntelCor_86:c1:44 (3c:f8:62:86:c1:44), Dst: IETF-VRRP-VRID_30 (00:00:5e:00:01:30)
Internet Protocol Version 4, Src: 192.168.157.125, Dst: XXX.XXX.XXX.XXX
Transmission Control Protocol, Src Port: 50150, Dst Port: 443, Seq: 0, Len: 0
Source Port: 50150
Destination Port: 443
[Stream index: 5]
[TCP Segment Len: 0]
Sequence number: 0 (relative sequence number)
[Next sequence number: 0 (relative sequence number)]
Acknowledgment number: 0
1000 .... = Header Length: 32 bytes (8)
Flags: 0x002 (SYN)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...0 .... = Acknowledgment: Not set
.... .... 0... = Push: Not set
.... .... .0.. = Reset: Not set
.... .... ..1. = Syn: Set
[Expert Info (Chat/Sequence): Connection establish request (SYN): server port 443]
[Connection establish request (SYN): server port 443]
[Severity level: Chat]
[Group: Sequence]
.... .... ...0 = Fin: Not set
[TCP Flags: ··········S·]
Window size value: 64240
[Calculated window size: 64240]
Checksum: 0xc32b [unverified]
[Checksum Status: Unverified]
Urgent pointer: 0
Options: (12 bytes), Maximum segment size, No-Operation (NOP), Window scale, No-Operation (NOP), No-Operation (NOP), SACK permitted
[Timestamps]
No. Time Source Destination Protocol Length Info
1307 7.698394 192.168.157.125 XXX.XXX.XXX.XXX TCP 66 [TCP Retransmission] 50150 → 443 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 WS=256 SACK_PERM=1
Frame 1307: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0
Ethernet II, Src: IntelCor_86:c1:44 (3c:f8:62:86:c1:44), Dst: IETF-VRRP-VRID_30 (00:00:5e:00:01:30)
Internet Protocol Version 4, Src: 192.168.157.125, Dst: XXX.XXX.XXX.XXX
Transmission Control Protocol, Src Port: 50150, Dst Port: 443, Seq: 0, Len: 0
Source Port: 50150
Destination Port: 443
[Stream index: 5]
[TCP Segment Len: 0]
Sequence number: 0 (relative sequence number)
[Next sequence number: 0 (relative sequence number)]
Acknowledgment number: 0
1000 .... = Header Length: 32 bytes (8)
Flags: 0x002 (SYN)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...0 .... = Acknowledgment: Not set
.... .... 0... = Push: Not set
.... .... .0.. = Reset: Not set
.... .... ..1. = Syn: Set
[Expert Info (Chat/Sequence): Connection establish request (SYN): server port 443]
[Connection establish request (SYN): server port 443]
[Severity level: Chat]
[Group: Sequence]
.... .... ...0 = Fin: Not set
[TCP Flags: ··········S·]
Window size value: 64240
[Calculated window size: 64240]
Checksum: 0xc32b [unverified]
[Checksum Status: Unverified]
Urgent pointer: 0
Options: (12 bytes), Maximum segment size, No-Operation (NOP), Window scale, No-Operation (NOP), No-Operation (NOP), SACK permitted
[SEQ/ACK analysis]
[TCP Analysis Flags]
[Expert Info (Note/Sequence): This frame is a (suspected) retransmission]
[This frame is a (suspected) retransmission]
[Severity level: Note]
[Group: Sequence]
[The RTO for this segment was: 3.001115000 seconds]
[RTO based on delta from frame: 484]
[Timestamps]
No. Time Source Destination Protocol Length Info
2718 13.698897 192.168.157.125 XXX.XXX.XXX.XXX TCP 66 [TCP Retransmission] 50150 → 443 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 WS=256 SACK_PERM=1
Frame 2718: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0
Ethernet II, Src: IntelCor_86:c1:44 (3c:f8:62:86:c1:44), Dst: IETF-VRRP-VRID_30 (00:00:5e:00:01:30)
Internet Protocol Version 4, Src: 192.168.157.125, Dst: XXX.XXX.XXX.XXX
Transmission Control Protocol, Src Port: 50150, Dst Port: 443, Seq: 0, Len: 0
Source Port: 50150
Destination Port: 443
[Stream index: 5]
[TCP Segment Len: 0]
Sequence number: 0 (relative sequence number)
[Next sequence number: 0 (relative sequence number)]
Acknowledgment number: 0
1000 .... = Header Length: 32 bytes (8)
Flags: 0x002 (SYN)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...0 .... = Acknowledgment: Not set
.... .... 0... = Push: Not set
.... .... .0.. = Reset: Not set
.... .... ..1. = Syn: Set
[Expert Info (Chat/Sequence): Connection establish request (SYN): server port 443]
[Connection establish request (SYN): server port 443]
[Severity level: Chat]
[Group: Sequence]
.... .... ...0 = Fin: Not set
[TCP Flags: ··········S·]
Window size value: 64240
[Calculated window size: 64240]
Checksum: 0xc32b [unverified]
[Checksum Status: Unverified]
Urgent pointer: 0
Options: (12 bytes), Maximum segment size, No-Operation (NOP), Window scale, No-Operation (NOP), No-Operation (NOP), SACK permitted
[SEQ/ACK analysis]
[TCP Analysis Flags]
[Expert Info (Note/Sequence): This frame is a (suspected) retransmission]
[This frame is a (suspected) retransmission]
[Severity level: Note]
[Group: Sequence]
[The RTO for this segment was: 9.001618000 seconds]
[RTO based on delta from frame: 484]
[Timestamps]
How can I fix it?
Thank you in advance!
More...