Black screen/error 10054/VPN

Garry Dunn garry "at" trellisconsulting.ca
Tue Nov 15 23:56:01 2005 

James,

You hit the nail on the head.  Its working, after reducing my MTU.

Thanks!

Garry

James Weatherall wrote:
> Garry,
> 
> The problem is probably that your VPN has an MTU smaller than the underlying
> network, but that your servers are not detecting that correctly - this is a
> very common flaw in many VPN setups, and will affect any protocol that
> transfers non-trivial amounts of data, e.g. FTP, HTTP, etc.
> 
> You will find that VNC can connect and will attempt to authenticate you, but
> that you'll then get a blank screen and an eventual disconnect error - this
> is because your server's TCP/IP stack is sending network data segments that
> are larger than the VPN can support, so it's simply dropping them.  To the
> TCP/IP stacks at both ends, it appears that the connection has been lost, as
> a result.  Because connecting & authenticating involve small amounts of
> data, they don't exhibit this problem.
> 
> Regards,
> 
> Wez @ RealVNC Ltd.
> 
> 
> 
>>-----Original Message-----
>>From: vnc-list-admin "at" realvnc.com 
>>[mailto:vnc-list-admin "at" realvnc.com] On Behalf Of Garry Dunn
>>Sent: 15 November 2005 01:20
>>To: vnc-list "at" realvnc.com
>>Subject: Black screen/error 10054/VPN
>>
>>To all,
>>
>>I've been trying to get RealVNC (4.1.1) running through a VPN and I'm 
>>having no luck.  Could someone give me ideas as to what's 
>>going wrong? 
>>Here is the setup:
>>
>>Computer A is in the main office.  It sits behind a 
>>firewall/VPN device.
>>Computer B is in a remote office.  It sits behind a 
>>firewall/VPN device.
>>Computer C is in a second remote office.  It sits behind a 
>>firewall/VPN 
>>device.
>>Computer D is in a test site.  It sits behind a firewall 
>>without a VPN 
>>connection.
>>
>>I've got a public IP address I can hit for Computer A, B and 
>>C and I can 
>>get control over any of those VNC terminals from Computer D.  
>>The same 
>>goes for Computer A to Computers B or C (through the public 
>>IP address).
>>
>>If I try from Computer A to Computer B or C through the VPN 
>>(using the 
>>private IP), I will be asked for the VNC password, which it 
>>will accept 
>>and bring up a black remote screen.  I never get the remote 
>>desktop (the 
>>screen is the correct size, but black).  After roughly 15 
>>seconds I'll 
>>get the error code 10054 and the connection is lost.  The remote user 
>>tells me they can see the mouse moving on their screen.  The 
>>remote end 
>>lists a 'timeout' as the reason for the connectionn being dropped.
>>
>>It seems obvious the problem is related to the VPN (remember: 
>>I can use 
>>the public IP addresses without issues).  But what is the 
>>problem?  I've 
>>run a ping in the background while I'm trying to connect 
>>through the VPN 
>>and the computer will ping consistently (even after the error 10054). 
>>The ping times are roughly 40ms to Computer B and 70ms to Computer C. 
>>All the internet connections are DSL (1Mbit/s or greater--not 
>>dial-up).
>>
>>I've run through the archives and I think I've got everything covered 
>>that is suggested there:
>>
>>1) fast user switching is off
>>2) the rate limiting is on for mouse movements
>>
>>I'm running Windows XP SP2 on Computer A and B.  Computer C 
>>is Windows 
>>XP SP1.  Computer D is Windows 98.  I've tried RealVNC 3.7.7, 4.0 and 
>>4.1.1.  They all do virtually the same thing.  I can telnet to the 
>>private IP address (port 5900) and get the RFB response.
>>
>>I've been playing with the firewall configurations to make sure that 
>>port 5900 is passed through the firewall and it is.  Based on the VNC 
>>authentication being granted, I'd say that is true.  But why do I not 
>>get screen updates and lose the connection 15 seconds later?
>>
>>Any ideas would be greatly appreciated.
>>
>>Thanks,
>>
>>Garry
>>_______________________________________________
>>VNC-List mailing list
>>VNC-List "at" realvnc.com
>>To remove yourself from the list visit:
>>http://www.realvnc.com/mailman/listinfo/vnc-list
> 
> _______________________________________________
> VNC-List mailing list
> VNC-List "at" realvnc.com
> To remove yourself from the list visit:
> http://www.realvnc.com/mailman/listinfo/vnc-list
> 


-- 

Garry Dunn, P.Eng
Trellis Consulting
www.trellisconsulting.ca
705-792-9973 (Office)
905-302-7273 (Cell)