Black screen/error 10054/VPN

James Weatherall jnw "at" realvnc.com
Tue Nov 15 12:27:00 2005


Garry,

The problem is probably that your VPN has an MTU smaller than the underlying
network, but that your servers are not detecting that correctly - this is a
very common flaw in many VPN setups, and will affect any protocol that
transfers non-trivial amounts of data, e.g. FTP, HTTP, etc.

You will find that VNC can connect and will attempt to authenticate you, but
that you'll then get a blank screen and an eventual disconnect error - this
is because your server's TCP/IP stack is sending network data segments that
are larger than the VPN can support, so it's simply dropping them.  To the
TCP/IP stacks at both ends, it appears that the connection has been lost, as
a result.  Because connecting & authenticating involve small amounts of
data, they don't exhibit this problem.

Regards,

Wez @ RealVNC Ltd.


> -----Original Message-----
> From: vnc-list-admin "at" realvnc.com 
> [mailto:vnc-list-admin "at" realvnc.com] On Behalf Of Garry Dunn
> Sent: 15 November 2005 01:20
> To: vnc-list "at" realvnc.com
> Subject: Black screen/error 10054/VPN
> 
> To all,
> 
> I've been trying to get RealVNC (4.1.1) running through a VPN and I'm 
> having no luck.  Could someone give me ideas as to what's 
> going wrong? 
> Here is the setup:
> 
> Computer A is in the main office.  It sits behind a 
> firewall/VPN device.
> Computer B is in a remote office.  It sits behind a 
> firewall/VPN device.
> Computer C is in a second remote office.  It sits behind a 
> firewall/VPN 
> device.
> Computer D is in a test site.  It sits behind a firewall 
> without a VPN 
> connection.
> 
> I've got a public IP address I can hit for Computer A, B and 
> C and I can 
> get control over any of those VNC terminals from Computer D.  
> The same 
> goes for Computer A to Computers B or C (through the public 
> IP address).
> 
> If I try from Computer A to Computer B or C through the VPN 
> (using the 
> private IP), I will be asked for the VNC password, which it 
> will accept 
> and bring up a black remote screen.  I never get the remote 
> desktop (the 
> screen is the correct size, but black).  After roughly 15 
> seconds I'll 
> get the error code 10054 and the connection is lost.  The remote user 
> tells me they can see the mouse moving on their screen.  The 
> remote end 
> lists a 'timeout' as the reason for the connectionn being dropped.
> 
> It seems obvious the problem is related to the VPN (remember: 
> I can use 
> the public IP addresses without issues).  But what is the 
> problem?  I've 
> run a ping in the background while I'm trying to connect 
> through the VPN 
> and the computer will ping consistently (even after the error 10054). 
> The ping times are roughly 40ms to Computer B and 70ms to Computer C. 
> All the internet connections are DSL (1Mbit/s or greater--not 
> dial-up).
> 
> I've run through the archives and I think I've got everything covered 
> that is suggested there:
> 
> 1) fast user switching is off
> 2) the rate limiting is on for mouse movements
> 
> I'm running Windows XP SP2 on Computer A and B.  Computer C 
> is Windows 
> XP SP1.  Computer D is Windows 98.  I've tried RealVNC 3.7.7, 4.0 and 
> 4.1.1.  They all do virtually the same thing.  I can telnet to the 
> private IP address (port 5900) and get the RFB response.
> 
> I've been playing with the firewall configurations to make sure that 
> port 5900 is passed through the firewall and it is.  Based on the VNC 
> authentication being granted, I'd say that is true.  But why do I not 
> get screen updates and lose the connection 15 seconds later?
> 
> Any ideas would be greatly appreciated.
> 
> Thanks,
> 
> Garry
> _______________________________________________
> VNC-List mailing list
> VNC-List "at" realvnc.com
> To remove yourself from the list visit:
> http://www.realvnc.com/mailman/listinfo/vnc-list