Estamos tentando estabelecer uma conexão RDP com um site externo. Funciona para clientes Windows 7 e Windows 10 a partir de redes arbitrárias (por exemplo, uma conexão UMTS), mas da nossa rede apenas clientes do Windows 10 trabalham.
Capturamos o estabelecimento / tentativas de conexão em nosso gateway (interface interna e externa, Windows 7 e 10) e notamos que um pacote DTLSv1 (info: "Change Cipher Spec") desaparece no gateway "entre" o interno e interfaces externas - mas apenas para clientes Windows 7. Quando os clientes do Windows 10 tentam estabelecer a conexão, o pacote aparece na interface interna e externa e o estabelecimento da conexão é bem-sucedido.
Nosso gateway é um Cisco 1921 / K9 com IOS 15.2.
O que já tentamos:
Aqui estão as capturas:
Captura: interface interna do gateway, Windows 7:
No. Source Destination Protocol Length Info
1 10.128.0.44 xxx.xx.xx.xxx UDP 205 50625 → 15002 Len=163
2 xxx.xx.xx.xxx 10.128.0.44 DTLSv1.0 102 Hello Verify Request
3 10.128.0.44 xxx.xx.xx.xxx DTLSv1.0 211 Client Hello
4 xxx.xx.xx.xxx 10.128.0.44 TCP 192 15001 → 49229 [PSH, ACK] Seq=1 Ack=1 Win=1024 Len=138
5 xxx.xx.xx.xxx 10.128.0.44 TCP 192 15001 → 49229 [PSH, ACK] Seq=139 Ack=1 Win=1024 Len=138
6 10.128.0.44 xxx.xx.xx.xxx TCP 60 49229 → 15001 [ACK] Seq=1 Ack=277 Win=256 Len=0
7 xxx.xx.xx.xxx 10.128.0.44 TCP 60 15001 → 49230 [ACK] Seq=1 Ack=1 Win=1020 Len=0
8 xxx.xx.xx.xxx 10.128.0.44 DTLSv1.0 148 Server Hello
9 xxx.xx.xx.xxx 10.128.0.44 DTLSv1.0 1138 Certificate (Fragment)
10 xxx.xx.xx.xxx 10.128.0.44 DTLSv1.0 1138 Certificate (Fragment)
11 xxx.xx.xx.xxx 10.128.0.44 DTLSv1.0 984 Certificate (Reassembled)
12 xxx.xx.xx.xxx 10.128.0.44 DTLSv1.0 394 Server Key Exchange
13 xxx.xx.xx.xxx 10.128.0.44 DTLSv1.0 73 Certificate Request
14 xxx.xx.xx.xxx 10.128.0.44 DTLSv1.0 67 Server Hello Done
15 xxx.xx.xx.xxx 10.128.0.44 TCP 192 15001 → 49229 [PSH, ACK] Seq=277 Ack=1 Win=1024 Len=138
16 xxx.xx.xx.xxx 10.128.0.44 TCP 192 15001 → 49229 [PSH, ACK] Seq=415 Ack=1 Win=1024 Len=138
17 10.128.0.44 xxx.xx.xx.xxx TCP 60 49229 → 15001 [ACK] Seq=1 Ack=553 Win=255 Len=0
18 10.128.0.44 xxx.xx.xx.xxx DTLSv1.0 148 Certificate, Client Key Exchange
19 10.128.0.44 xxx.xx.xx.xxx DTLSv1.0 60 Change Cipher Spec
20 10.128.0.44 xxx.xx.xx.xxx DTLSv1.0 119 Encrypted Handshake Message
21 xxx.xx.xx.xxx 10.128.0.44 DTLSv1.0 60 Change Cipher Spec
22 xxx.xx.xx.xxx 10.128.0.44 DTLSv1.0 119 Encrypted Handshake Message
23 xxx.xx.xx.xxx 10.128.0.44 TCP 192 15001 → 49229 [PSH, ACK] Seq=553 Ack=1 Win=1024 Len=138
24 xxx.xx.xx.xxx 10.128.0.44 TCP 1434 15001 → 49229 [ACK] Seq=691 Ack=1 Win=1024 Len=1380
25 xxx.xx.xx.xxx 10.128.0.44 TCP 1434 15001 → 49229 [ACK] Seq=2071 Ack=1 Win=1024 Len=1380
26 xxx.xx.xx.xxx 10.128.0.44 TCP 1288 15001 → 49229 [PSH, ACK] Seq=3451 Ack=1 Win=1024 Len=1234
27 10.128.0.44 xxx.xx.xx.xxx TCP 60 49229 → 15001 [ACK] Seq=1 Ack=2071 Win=258 Len=0
28 10.128.0.44 xxx.xx.xx.xxx TCP 60 49229 → 15001 [ACK] Seq=1 Ack=4685 Win=258 Len=0
29 xxx.xx.xx.xxx 10.128.0.44 TCP 176 15001 → 49229 [PSH, ACK] Seq=4685 Ack=1 Win=1024 Len=122
30 10.128.0.44 xxx.xx.xx.xxx TCP 144 49230 → 15001 [PSH, ACK] Seq=1 Ack=1 Win=254 Len=90
31 10.128.0.44 xxx.xx.xx.xxx DTLSv1.0 1239 Application Data
Captura: interface externa do gateway, Windows 7:
No. Source Destination Protocol Length Info
1 our-site rem-site UDP 205 56560 → 15002 Len=163
2 rem-site our-site TCP 192 15001 → 49222 [PSH, ACK] Seq=1 Ack=1 Win=64860 Len=138
3 rem-site our-site DTLSv1.0 102 Hello Verify Request
4 rem-site our-site TCP 192 15001 → 49222 [PSH, ACK] Seq=139 Ack=1 Win=64860 Len=138
5 rem-site our-site TCP 192 15001 → 49222 [PSH, ACK] Seq=277 Ack=1 Win=64860 Len=138
6 our-site rem-site TCP 60 49222 → 15001 [ACK] Seq=1 Ack=277 Win=64292 Len=0
7 our-site rem-site DTLSv1.0 211 Client Hello
8 rem-site our-site TCP 192 15001 → 49222 [PSH, ACK] Seq=415 Ack=1 Win=64860 Len=138
9 rem-site our-site TCP 192 15001 → 49222 [PSH, ACK] Seq=553 Ack=1 Win=64860 Len=138
10 our-site rem-site TCP 60 49222 → 15001 [ACK] Seq=1 Ack=553 Win=64016 Len=0
11 rem-site our-site TCP 60 15001 → 49223 [ACK] Seq=1 Ack=1 Win=63886 Len=0
12 rem-site our-site DTLSv1.0 148 Server Hello
13 rem-site our-site DTLSv1.0 1138 Certificate (Fragment)
14 rem-site our-site DTLSv1.0 1138 Certificate (Fragment)
15 rem-site our-site DTLSv1.0 984 Certificate (Reassembled)
16 rem-site our-site DTLSv1.0 394 Server Key Exchange
17 rem-site our-site DTLSv1.0 73 Certificate Request
18 rem-site our-site DTLSv1.0 67 Server Hello Done
19 rem-site our-site TCP 192 15001 → 49222 [PSH, ACK] Seq=691 Ack=1 Win=64860 Len=138
20 rem-site our-site TCP 1434 15001 → 49222 [ACK] Seq=829 Ack=1 Win=64860 Len=1380
21 rem-site our-site TCP 1434 15001 → 49222 [ACK] Seq=2209 Ack=1 Win=64860 Len=1380
22 rem-site our-site TCP 1336 15001 → 49222 [PSH, ACK] Seq=3589 Ack=1 Win=64860 Len=1282
23 our-site rem-site TCP 60 49222 → 15001 [ACK] Seq=1 Ack=829 Win=63740 Len=0
24 our-site rem-site TCP 60 49222 → 15001 [ACK] Seq=1 Ack=3589 Win=64860 Len=0
25 our-site rem-site TCP 144 49223 → 15001 [PSH, ACK] Seq=1 Ack=1 Win=63683 Len=90
26 rem-site our-site TCP 128 15001 → 49222 [PSH, ACK] Seq=4871 Ack=1 Win=64860 Len=74
27 our-site rem-site TCP 60 49222 → 15001 [ACK] Seq=1 Ack=4945 Win=63504 Len=0
28 our-site rem-site DTLSv1.0 148 Certificate, Client Key Exchange
29 rem-site our-site TCP 60 15001 → 49223 [ACK] Seq=1 Ack=91 Win=63796 Len=0
30 rem-site our-site DTLSv1.0 148 Server Hello
31 rem-site our-site DTLSv1.0 1138 Certificate[Reassembly error, protocol DTLS: New fragment overlaps old data (retransmission?)]
32 rem-site our-site DTLSv1.0 1138 Certificate[Reassembly error, protocol DTLS: New fragment overlaps old data (retransmission?)]
33 rem-site our-site DTLSv1.0 984 Certificate[Reassembly error, protocol DTLS: New fragment overlaps old data (retransmission?)]
34 rem-site our-site DTLSv1.0 394 Server Key Exchange
35 rem-site our-site DTLSv1.0 73 Certificate Request
36 rem-site our-site DTLSv1.0 67 Server Hello Done
37 rem-site our-site DTLSv1.0 148 Server Hello
38 rem-site our-site DTLSv1.0 1138 Certificate[Reassembly error, protocol DTLS: New fragment overlaps old data (retransmission?)]
39 rem-site our-site DTLSv1.0 1138 Certificate[Reassembly error, protocol DTLS: New fragment overlaps old data (retransmission?)]
40 rem-site our-site DTLSv1.0 984 Certificate[Reassembly error, protocol DTLS: New fragment overlaps old data (retransmission?)]
41 rem-site our-site DTLSv1.0 394 Server Key Exchange
42 rem-site our-site DTLSv1.0 73 Certificate Request
43 rem-site our-site DTLSv1.0 67 Server Hello Done
44 rem-site our-site DTLSv1.0 148 Server Hello
Como você pode ver, o "Change Cipher Spec" nunca chega na interface externa. O "Server Hello" é repetido até que o servidor envie um RST final, que é omitido aqui.
Apenas para completar, estas são as capturas para a mesma tentativa de conexão de um cliente Windows 10, na mesma rede / caminho. Este resulta em uma conexão bem-sucedida:
Captura: interface interna do gateway, Windows 10:
No. Source Destination Protocol Length Info
1 10.128.0.1 xxx.xx.xx.xxx UDP 215 51603 → 15002 Len=173
2 xxx.xx.xx.xxx 10.128.0.1 DTLSv1.0 102 Hello Verify Request
3 10.128.0.1 xxx.xx.xx.xxx DTLSv1.0 221 Client Hello
4 xxx.xx.xx.xxx 10.128.0.1 DTLSv1.0 148 Server Hello
5 xxx.xx.xx.xxx 10.128.0.1 DTLSv1.0 1138 Certificate (Fragment)
6 xxx.xx.xx.xxx 10.128.0.1 DTLSv1.0 1138 Certificate (Fragment)
7 xxx.xx.xx.xxx 10.128.0.1 DTLSv1.0 984 Certificate (Reassembled)
8 xxx.xx.xx.xxx 10.128.0.1 DTLSv1.0 361 Server Key Exchange
9 xxx.xx.xx.xxx 10.128.0.1 DTLSv1.0 73 Certificate Request
10 xxx.xx.xx.xxx 10.128.0.1 DTLSv1.0 67 Server Hello Done
11 xxx.xx.xx.xxx 10.128.0.1 TCP 598 15001 → 62695 [PSH, ACK] Seq=1 Ack=1 Win=1023 Len=544
12 10.128.0.1 xxx.xx.xx.xxx DTLSv1.0 115 Certificate, Client Key Exchange
13 10.128.0.1 xxx.xx.xx.xxx DTLSv1.0 60 Change Cipher Spec
14 10.128.0.1 xxx.xx.xx.xxx DTLSv1.0 119 Encrypted Handshake Message
15 10.128.0.1 xxx.xx.xx.xxx TCP 809 62695 → 15001 [PSH, ACK] Seq=1 Ack=545 Win=1021 Len=755
16 10.128.0.1 xxx.xx.xx.xxx TCP 164 62695 → 15001 [PSH, ACK] Seq=756 Ack=545 Win=1021 Len=110
17 10.128.0.1 xxx.xx.xx.xxx TCP 168 62695 → 15001 [PSH, ACK] Seq=866 Ack=545 Win=1021 Len=114
18 10.128.0.1 xxx.xx.xx.xxx TCP 168 62695 → 15001 [PSH, ACK] Seq=980 Ack=545 Win=1021 Len=114
19 10.128.0.1 xxx.xx.xx.xxx TCP 184 62695 → 15001 [PSH, ACK] Seq=1094 Ack=545 Win=1021 Len=130
20 10.128.0.1 xxx.xx.xx.xxx TCP 168 62695 → 15001 [PSH, ACK] Seq=1224 Ack=545 Win=1021 Len=114
21 xxx.xx.xx.xxx 10.128.0.1 DTLSv1.0 60 Change Cipher Spec
22 xxx.xx.xx.xxx 10.128.0.1 DTLSv1.0 119 Encrypted Handshake Message
23 10.128.0.1 xxx.xx.xx.xxx DTLSv1.0 1239 Application Data
24 10.128.0.1 xxx.xx.xx.xxx DTLSv1.0 1111 Application Data
25 10.128.0.1 xxx.xx.xx.xxx DTLSv1.0 583 Application Data
Captura: interface externa do gateway, Windows 10:
No. Source Destination Protocol Length Info
1 our-site rem-site UDP 215 51875 → 15002 Len=173
2 rem-site our-site TCP 160 15001 → 62569 [PSH, ACK] Seq=1 Ack=1 Win=1021 Len=106
3 rem-site our-site DTLSv1.0 102 Hello Verify Request
4 our-site rem-site DTLSv1.0 221 Client Hello
5 rem-site our-site TCP 160 15001 → 62569 [PSH, ACK] Seq=107 Ack=1 Win=1021 Len=106
6 rem-site our-site TCP 160 15001 → 62569 [PSH, ACK] Seq=213 Ack=1 Win=1021 Len=106
7 our-site rem-site TCP 60 62569 → 15001 [ACK] Seq=1 Ack=319 Win=1024 Len=0
8 rem-site our-site DTLSv1.0 148 Server Hello
9 rem-site our-site DTLSv1.0 1138 Certificate (Fragment)
10 rem-site our-site DTLSv1.0 1138 Certificate (Fragment)
11 rem-site our-site DTLSv1.0 984 Certificate (Reassembled)
12 rem-site our-site DTLSv1.0 361 Server Key Exchange
13 rem-site our-site DTLSv1.0 73 Certificate Request
14 rem-site our-site DTLSv1.0 67 Server Hello Done
15 rem-site our-site TCP 160 15001 → 62569 [PSH, ACK] Seq=319 Ack=1 Win=1021 Len=106
16 rem-site our-site TCP 160 15001 → 62569 [PSH, ACK] Seq=425 Ack=1 Win=1021 Len=106
17 our-site rem-site TCP 60 62569 → 15001 [ACK] Seq=1 Ack=531 Win=1023 Len=0
18 our-site rem-site DTLSv1.0 115 Certificate, Client Key Exchange
19 our-site rem-site DTLSv1.0 60 Change Cipher Spec
20 our-site rem-site DTLSv1.0 119 Encrypted Handshake Message
21 rem-site our-site DTLSv1.0 60 Change Cipher Spec
22 rem-site our-site DTLSv1.0 119 Encrypted Handshake Message
23 our-site rem-site DTLSv1.0 1239 Application Data
24 our-site rem-site DTLSv1.0 1111 Application Data
25 our-site rem-site DTLSv1.0 583 Application Data
O que estamos perdendo aqui? Qualquer ideia é apreciada.
Tags ssl windows-7 windows-10 rdp cisco