I have an IPSec VPN tunnel going between a main office and a home office (Cisco router at the main office end and Draytek at the home office end). I am wanting the user to be able to log into the Terminal Server down the tunnel from home to the main office. From her computer I can RDP to any other server but I can't RDP to the Terminal server. It gets stuck on 'Securing remote Connection' after entering the credentials for up to 2 mins before eventually erroring out with a non-descript general 'Can't connect' error. We've tried on a different laptop (Win 10 vs Win7, and wired and wireless) and have replaced the home office router with another model Draytek but the issue has remained the same.
After A LOT of googling and a little bit of Wiresharking, and trial and error I think the issue is down to MTU issues but I'm not an expert in this field and I'm trying to learn all I can.
My testing with 'ping -f -l' I've found:
- Terminal Server at the main office can ping with a limit of 1472 to the router at the main office and out to Google (18.104.22.168)
- Terminal Server cannot ping the home office router at 1472 - its too big. I cut it down to 1400 and the first ping timed out and then was too big
- On the laptop at the home office end I can ping with a limit of 1472 to the home office router, to Google, AND to the router at the main office end.
Another interesting and likely related symptom is that the internet at the home office end is very slow. Its meant to be Ultra Fast Broadband (fibre), but on various Ookla speed tests I've done at different times, I've gotten anywhere from 12Mbps up to 50Mbps, although most of the time its at the lower end of that scale. I have a call logged with the ISP to check that theres nothing wrong at their end.
Am I barking up the right tree with chasing the MTU tail? What else should I look at? How do I solve this one?