Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Citrix thru VPN connection problems

Status
Not open for further replies.
silentrain

silentrain

MIS
Feb 3, 2003
18
AP
Howdy everyone,

I have searched through the forum for this issue and it seems that someone may have had the problem before. I was wondering if anyone had solved it or could shed some light on my problem:

I have some users connecting from remote locations to the company network via a Watchguard Firebox VPN. Their VPN connections connect fine, they can ping Citrix servers etc. We're running Citrix Metaframe XP on Windows 2000 Terminal servers. When the users dial an ISP, then connect to the VPN, they can ping the citrix servers, they can telnet in on port 1494 and get the ICA banner etc etc. When they open their client, they get the Citrix logins ok. Finding new application sets also searches for and finds the application set name Ok - this along with the fact that they can ping the citrix servers tells me that the low level connection b/n server and client is fine. Now, after entering their usernames and IP addresses for their Citrix logins, the client window will appear, yet the desktop is never loaded - not even wall paper etc. The window opens as though it will reveal their remote desktops yet nothing happens. The window is simply transparent and displays the local desktop underneath.

Some interesting things to note are: * If the clients dial directly into the network through our Shiva box (even at 28.8kbps), they have no problems with the ICA clients!!!

* This only occurs on Windows 95 machines connecting through the VPN. If it's a Win 2000/XP/NT machine there are no problems!

* We have the latest ICA client, patches etc for servers.

This thread was the closest I'd found to my problem. It's quite old and I'm hoping there have been some discoveries since then, as there was no solution found to this thread:
thread48-247852

Thank you all in advance for the help.

Regards,

Steve.
 
Sort by date Sort by votes
I remember a problem with the size of packages that are sent through the VPN.
DrTCP is a small program that can change the maximum size of your packages.
You can download the program here, and read about it

This is also useful if you need to use GPRS connection to your citrix server. The size of pacages can improve the preformance on GPRS.

Using VPN you should find out what the maximum MTU size is, and then set your servers to use that.

Good luck
 
Upvote 0 Downvote
Hi Traver,

Thanks for the help and info. I have played around with the MTU after seeing your reply. I've tried several different sizes after seeing some recommendations around on the internet.

So far this has not fixed the problem, yet I may have to toy with it some more. However, one program I found called easyMTU will test the max MTU that the connection can handle. This software tested right through up to 1500 ok. I did change it to 576 for 56k modems as most ppl recommend. Same problem. It was a valid train of thought though.

I'm still working on it. Does anyone think it may have something to do with the encryption level? MSoft say that DUN 1.3 for Windows 95 supports both 40 and 128 bit encryption, yet I'm not sure which one the VPN connection would be using. Maybe I'm off on a tangent that has nothing to do with the problem.

Thanks for any ideas or thoughts.

Regards,

Steve
 
Upvote 0 Downvote
DrTCP works for me! It was great and solved my problem
after I changed the settings by following the simple steps
and reboot my pc.

Thanks to everyone to put an effort for this good contribution!
 
Upvote 0 Downvote
Howdy PPL,

Thanks for your info and replies. As yet I still haven't found a solution, yet I have noticed that Windows 9x clients receive a subnet mask of 255.0.0.0 and Windows NT/2K/XP clients receive a subnet mask of 255.255.255.255. Note that our network uses class A IP address: 10.1.x.y and so on. Does anyone see this as the source of the problem? I'm kind of overlooking this as clients can still ping the Citrix servers and are given a login prompt by the Citrix servers.

We are using auto-assigned IP addresses for VPN clients, so I thought I'd try to specify and IP address and sub mask for a test, however with VPN connections on all O/S's I can specify an IP address yet not the subnet mask.

I'm not sure why the difference in O/S causes the difference in sub mask. Unfortunately I don't have access to the VPN server (a watchguard firebox), as it's our mother company that looks after that.

Any further ideas? As mentioned before, DrTCP and the MTU change has not solved the problem.

Thanks and regards to all,

Steve.
 
Upvote 0 Downvote
Hi,

Are you using Windows 2000 SP2 if so you will need to apply the following patch to your clients for mtu size, as with the install of SP2 there is no communication between client and server about mtu size.
Try and see how you go I have used this patch at many sites for RAS connections using VPN.


Cheers

Tanya
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

damienenglish
  • Locked
  • Question
Citrix Replication Fault Detection
Replies
0
Views
104
damienenglish
damienenglish
DreemaGurl
  • Locked
  • Question
Can't log on to Citrix through emote access portal
Replies
1
Views
261
ntinlin
ntinlin
Hfnet
  • Locked
  • Question
Office 2010 KMS stoppped working on PVS Citrix
Replies
0
Views
82
Hfnet
Hfnet
dpsmith
  • Locked
  • Question
Citrix Policy disappears?
Replies
0
Views
76
dpsmith
dpsmith
smokey7244521
  • Locked
  • Question
Citrix Published apps thru VPN
Replies
0
Views
64
smokey7244521
smokey7244521

Part and Inventory Search

Sponsor

Back
Top