Black screen/error 10054/VPN

Garry Dunn garry "at" trellisconsulting.ca
Tue Nov 15 01:21:01 2005


To all,

I've been trying to get RealVNC (4.1.1) running through a VPN and I'm 
having no luck.  Could someone give me ideas as to what's going wrong? 
Here is the setup:

Computer A is in the main office.  It sits behind a firewall/VPN device.
Computer B is in a remote office.  It sits behind a firewall/VPN device.
Computer C is in a second remote office.  It sits behind a firewall/VPN 
device.
Computer D is in a test site.  It sits behind a firewall without a VPN 
connection.

I've got a public IP address I can hit for Computer A, B and C and I can 
get control over any of those VNC terminals from Computer D.  The same 
goes for Computer A to Computers B or C (through the public IP address).

If I try from Computer A to Computer B or C through the VPN (using the 
private IP), I will be asked for the VNC password, which it will accept 
and bring up a black remote screen.  I never get the remote desktop (the 
screen is the correct size, but black).  After roughly 15 seconds I'll 
get the error code 10054 and the connection is lost.  The remote user 
tells me they can see the mouse moving on their screen.  The remote end 
lists a 'timeout' as the reason for the connectionn being dropped.

It seems obvious the problem is related to the VPN (remember: I can use 
the public IP addresses without issues).  But what is the problem?  I've 
run a ping in the background while I'm trying to connect through the VPN 
and the computer will ping consistently (even after the error 10054). 
The ping times are roughly 40ms to Computer B and 70ms to Computer C. 
All the internet connections are DSL (1Mbit/s or greater--not dial-up).

I've run through the archives and I think I've got everything covered 
that is suggested there:

1) fast user switching is off
2) the rate limiting is on for mouse movements

I'm running Windows XP SP2 on Computer A and B.  Computer C is Windows 
XP SP1.  Computer D is Windows 98.  I've tried RealVNC 3.7.7, 4.0 and 
4.1.1.  They all do virtually the same thing.  I can telnet to the 
private IP address (port 5900) and get the RFB response.

I've been playing with the firewall configurations to make sure that 
port 5900 is passed through the firewall and it is.  Based on the VNC 
authentication being granted, I'd say that is true.  But why do I not 
get screen updates and lose the connection 15 seconds later?

Any ideas would be greatly appreciated.

Thanks,

Garry