Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Citrix thru VPN connection problems

Status
Not open for further replies.
Feb 3, 2003
18
AP
Howdy everyone,

I have searched through the forum for this issue and it seems that someone may have had the problem before. I was wondering if anyone had solved it or could shed some light on my problem:

I have some users connecting from remote locations to the company network via a Watchguard Firebox VPN. Their VPN connections connect fine, they can ping Citrix servers etc. We're running Citrix Metaframe XP on Windows 2000 Terminal servers. When the users dial an ISP, then connect to the VPN, they can ping the citrix servers, they can telnet in on port 1494 and get the ICA banner etc etc. When they open their client, they get the Citrix logins ok. Finding new application sets also searches for and finds the application set name Ok - this along with the fact that they can ping the citrix servers tells me that the low level connection b/n server and client is fine. Now, after entering their usernames and IP addresses for their Citrix logins, the client window will appear, yet the desktop is never loaded - not even wall paper etc. The window opens as though it will reveal their remote desktops yet nothing happens. The window is simply transparent and displays the local desktop underneath.

Some interesting things to note are: * If the clients dial directly into the network through our Shiva box (even at 28.8kbps), they have no problems with the ICA clients!!!

* This only occurs on Windows 95 machines connecting through the VPN. If it's a Win 2000/XP/NT machine there are no problems!

* We have the latest ICA client, patches etc for servers.

This thread was the closest I'd found to my problem. It's quite old and I'm hoping there have been some discoveries since then, as there was no solution found to this thread:
thread48-247852

Thank you all in advance for the help.

Regards,

Steve.
 
I remember a problem with the size of packages that are sent through the VPN.
DrTCP is a small program that can change the maximum size of your packages.
You can download the program here, and read about it

This is also useful if you need to use GPRS connection to your citrix server. The size of pacages can improve the preformance on GPRS.

Using VPN you should find out what the maximum MTU size is, and then set your servers to use that.

Good luck
 
Hi Traver,

Thanks for the help and info. I have played around with the MTU after seeing your reply. I've tried several different sizes after seeing some recommendations around on the internet.

So far this has not fixed the problem, yet I may have to toy with it some more. However, one program I found called easyMTU will test the max MTU that the connection can handle. This software tested right through up to 1500 ok. I did change it to 576 for 56k modems as most ppl recommend. Same problem. It was a valid train of thought though.

I'm still working on it. Does anyone think it may have something to do with the encryption level? MSoft say that DUN 1.3 for Windows 95 supports both 40 and 128 bit encryption, yet I'm not sure which one the VPN connection would be using. Maybe I'm off on a tangent that has nothing to do with the problem.

Thanks for any ideas or thoughts.

Regards,

Steve
 
DrTCP works for me! It was great and solved my problem
after I changed the settings by following the simple steps
and reboot my pc.

Thanks to everyone to put an effort for this good contribution!
 
Howdy PPL,

Thanks for your info and replies. As yet I still haven't found a solution, yet I have noticed that Windows 9x clients receive a subnet mask of 255.0.0.0 and Windows NT/2K/XP clients receive a subnet mask of 255.255.255.255. Note that our network uses class A IP address: 10.1.x.y and so on. Does anyone see this as the source of the problem? I'm kind of overlooking this as clients can still ping the Citrix servers and are given a login prompt by the Citrix servers.

We are using auto-assigned IP addresses for VPN clients, so I thought I'd try to specify and IP address and sub mask for a test, however with VPN connections on all O/S's I can specify an IP address yet not the subnet mask.

I'm not sure why the difference in O/S causes the difference in sub mask. Unfortunately I don't have access to the VPN server (a watchguard firebox), as it's our mother company that looks after that.

Any further ideas? As mentioned before, DrTCP and the MTU change has not solved the problem.

Thanks and regards to all,

Steve.
 
Hi,

Are you using Windows 2000 SP2 if so you will need to apply the following patch to your clients for mtu size, as with the install of SP2 there is no communication between client and server about mtu size.
Try and see how you go I have used this patch at many sites for RAS connections using VPN.


Cheers

Tanya
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top