Tutti211
Enthusiast
Enthusiast

Horizon Client Timeout

Hello,

in my homelab I have the following configuration

internet -> fritzbox subnet 192.168.178.0/24 this is normal home configuration

then i have the

192.168.178.0 -> 192.168.0.0/24 subnet where my vmware infastructure is vCenter, Horizon etc

the firewall between 192.168.178.0 and 192.168.0.0 is a Software UTM9 where I can monitor traffic etc anything

When I try to connect with the horizon client in the same subnet (192.168.0.0) it connect to anything perfectly

now my problem If I try to connect from the other subnet over the firewall I get a timeout/not respond

on the firewall I see the package that tries to connect to the other subnet,

I have installed wireshark on both securegatway and connectionserver on both the package arrive but it seem nothing comes back

on the firewall conmes no package the comes from the Horizon Servers.

So what do I wrong.

0 Kudos
8 Replies
RyanH84
Expert
Expert

Hi, what are you using to route between the layer 3 traffic between the two subnets?

------------------------------------------------------------------------------------------------------------------------------------------------- Regards, Ryan vExpert, VCP5, VCAP5-DCA, MCITP, VCE-CIAE, NPP4 @vRyanH http://vRyan.co.uk
0 Kudos
Tutti211
Enthusiast
Enthusiast

sry I'm not so good at network things, so I do say what I do and what I see on my firewall

I Connect with my windows pc win8.1 installed horizon 3.1.0 build-2085634 ip 192.168.178.34 dhcp adress to

192.168.178.253 thats my sophos UTM9 firewall there I see the 443 package from the horizon client this package will now be NAT to my Horizon secureserver on ip 192.168.2.9 windows 2012 r2 local firewall disabled (wireshark said the package is comming is and there is a packe to the horizon client) but I don't see a answer package on my firewall 192.168.178.253 that goes to my horizon client on 192.168.178.34 so I get a time out.

hope that was the question.

0 Kudos
RyanH84
Expert
Expert

I am really not too sure on your configuration but there needs to be a route from 192.168.178.0/24 "client" network to your 192.168.2.0/24 "host" network where your security servers/connection servers/vcenter servers reside.

Have you only done a wireshark trace on your client side? Have you performed a capture on the host side also (on the security server?).

------------------------------------------------------------------------------------------------------------------------------------------------- Regards, Ryan vExpert, VCP5, VCAP5-DCA, MCITP, VCE-CIAE, NPP4 @vRyanH http://vRyan.co.uk
0 Kudos
Tutti211
Enthusiast
Enthusiast

Hello,

I have attached the wireshark cap from the client and the server.

I have a static route on my fireall at 192.168.178.1 that is at the same time the dns server for the client 192.168.178.XX

the static route is:

192.168.0.0255.255.255.0

192.168.178.253

192.168.0.0 is the Server subnet where the VMware infastructure is

192.168.178.253 is the sophos firewall and gateway

0 Kudos
RyanH84
Expert
Expert

There is nothing in your zip files, no wireshark captures - only 1kb files. Can you try and re-capture or re-upload?

------------------------------------------------------------------------------------------------------------------------------------------------- Regards, Ryan vExpert, VCP5, VCAP5-DCA, MCITP, VCE-CIAE, NPP4 @vRyanH http://vRyan.co.uk
0 Kudos
Tutti211
Enthusiast
Enthusiast

It is a .csv you can open it with notepad or excel I filtered the cap and exported it.

Or do you realy want the whole capture with 400+ x2 packages? Smiley Happy

0 Kudos
RyanH84
Expert
Expert

Hi,


It's not presented as an Excel file within the zip file, and it's reporting only 1Kb. I'm fairly confident there is no data in them. Download and take a look for yourself.

------------------------------------------------------------------------------------------------------------------------------------------------- Regards, Ryan vExpert, VCP5, VCAP5-DCA, MCITP, VCE-CIAE, NPP4 @vRyanH http://vRyan.co.uk
0 Kudos
Tutti211
Enthusiast
Enthusiast

I opened with notepad and it works, it is compressed to 1 from 5kb

then I just post it here.

server

"No.","Time","Source","Destination","Protocol","Length","Info"

"18","0.323939000","192.168.178.29","192.168.0.8","TCP","66","49765 > 443 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1"

"19","0.324010000","192.168.0.8","192.168.178.29","TCP","66","443 > 49765 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=2 SACK_PERM=1"

"20","0.324475000","192.168.178.29","192.168.0.8","TCP","60","49765 > 443 [ACK] Seq=1 Ack=1 Win=131328 Len=0"

"21","0.326227000","192.168.178.29","192.168.0.8","TLSv1.1","211","Client Hello"

"22","0.335299000","192.168.0.8","192.168.178.29","TCP","54","443 > 49765 [ACK] Seq=1 Ack=158 Win=65378 Len=0"

"23","0.360269000","192.168.0.8","192.168.178.29","TLSv1.1","1075","Server Hello, Certificate, Server Key Exchange, Server Hello Done"

"24","0.386587000","192.168.178.29","192.168.0.8","TLSv1.1","284","Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message"

"25","0.397283000","192.168.0.8","192.168.178.29","TCP","54","443 > 49765 [ACK] Seq=1022 Ack=388 Win=65148 Len=0"

"26","0.404559000","192.168.0.8","192.168.178.29","TLSv1.1","60","Change Cipher Spec"

"27","0.404995000","192.168.0.8","192.168.178.29","TLSv1.1","123","Encrypted Handshake Message"

"28","0.405371000","192.168.178.29","192.168.0.8","TCP","60","49765 > 443 [ACK] Seq=388 Ack=1097 Win=130304 Len=0"

"29","0.405940000","192.168.178.29","192.168.0.8","TLSv1.1","363","Application Data"

"30","0.416349000","192.168.0.8","192.168.178.29","TCP","54","443 > 49765 [ACK] Seq=1097 Ack=697 Win=64840 Len=0"

"31","0.417101000","192.168.178.29","192.168.0.8","TLSv1.1","235","Application Data"

"32","0.430012000","192.168.0.8","192.168.178.29","TLSv1.1","315","Application Data"

"33","0.430135000","192.168.0.8","192.168.178.29","TLSv1.1","219","Application Data"

"34","0.431046000","192.168.178.29","192.168.0.8","TCP","60","49765 > 443 [ACK] Seq=878 Ack=1523 Win=131328 Len=0"

"35","0.435972000","192.168.178.29","192.168.0.8","TLSv1.1","411","Application Data"

"36","0.436200000","192.168.178.29","192.168.0.8","TLSv1.1","107","Encrypted Alert"

"37","0.436215000","192.168.0.8","192.168.178.29","TCP","54","443 > 49749 [RST] Seq=1 Win=0 Len=0"

"38","0.436354000","192.168.178.29","192.168.0.8","TCP","60","49749 > 443 [RST, ACK] Seq=54 Ack=1 Win=0 Len=0"

"39","0.446324000","192.168.0.8","192.168.178.29","TCP","54","443 > 49765 [ACK] Seq=1523 Ack=1235 Win=64302 Len=0"

"40","0.446662000","192.168.178.29","192.168.0.8","TLSv1.1","363","Application Data"

"41","0.466337000","192.168.0.8","192.168.178.29","TCP","54","443 > 49765 [ACK] Seq=1523 Ack=1544 Win=65536 Len=0"

"42","0.634279000","192.168.0.8","192.168.178.29","TLSv1.1","219","Application Data"

"43","0.634446000","192.168.0.8","192.168.178.29","TLSv1.1","651","Application Data"

"44","0.634692000","192.168.178.29","192.168.0.8","TCP","60","49765 > 443 [ACK] Seq=1544 Ack=2285 Win=130560 Len=0"

"111","4.402753000","192.168.178.29","192.168.0.8","TLSv1.1","411","Application Data"

"112","4.413532000","192.168.0.8","192.168.178.29","TCP","54","443 > 49765 [ACK] Seq=2285 Ack=1901 Win=65178 Len=0"

"113","4.413982000","192.168.178.29","192.168.0.8","TLSv1.1","747","Application Data"

"114","4.423536000","192.168.0.8","192.168.178.29","TCP","54","443 > 49765 [ACK] Seq=2285 Ack=2594 Win=64486 Len=0"

"145","4.677803000","192.168.0.8","192.168.178.29","TLSv1.1","315","Application Data"

"146","4.677916000","192.168.0.8","192.168.178.29","TLSv1.1","635","Application Data"

"147","4.678458000","192.168.178.29","192.168.0.8","TCP","60","49765 > 443 [ACK] Seq=2594 Ack=3127 Win=131328 Len=0"

"148","4.682276000","192.168.178.29","192.168.0.8","TLSv1.1","411","Application Data"

"149","4.691548000","192.168.0.8","192.168.178.29","TCP","54","443 > 49765 [ACK] Seq=3127 Ack=2951 Win=64128 Len=0"

"150","4.691877000","192.168.178.29","192.168.0.8","TLSv1.1","203","Application Data"

"151","4.701584000","192.168.0.8","192.168.178.29","TCP","54","443 > 49765 [ACK] Seq=3127 Ack=3100 Win=65536 Len=0"

"152","4.794856000","192.168.0.8","192.168.178.29","TLSv1.1","219","Application Data"

"153","4.794972000","192.168.0.8","192.168.178.29","TLSv1.1","635","Application Data"

"154","4.795270000","192.168.178.29","192.168.0.8","TCP","60","49765 > 443 [ACK] Seq=3100 Ack=3873 Win=130560 Len=0"

client

"No.","Time","Source","Destination","Protocol","Length","Info"

"308","1.768750000","192.168.178.29","192.168.0.8","TCP","66","49749 > 443 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1"

"309","1.769172000","192.168.178.1","192.168.178.29","ICMP","94","Redirect             (Redirect for host)"

"312","1.770650000","192.168.0.8","192.168.178.29","TCP","66","443 > 49749 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=2 SACK_PERM=1"

"313","1.770720000","192.168.178.29","192.168.0.8","TCP","54","49749 > 443 [ACK] Seq=1 Ack=1 Win=131328 Len=0"

"314","1.774480000","192.168.178.29","192.168.0.8","TLSv1.1","211","Client Hello"

"315","1.780436000","192.168.0.8","192.168.178.29","TCP","60","443 > 49749 [ACK] Seq=1 Ack=158 Win=65378 Len=0"

"318","1.811578000","192.168.0.8","192.168.178.29","TLSv1.1","1075","Server Hello, Certificate, Server Key Exchange, Server Hello Done"

"319","1.859810000","192.168.178.29","192.168.0.8","TCP","54","49749 > 443 [ACK] Seq=158 Ack=1022 Win=130304 Len=0"

"320","1.883643000","192.168.178.29","192.168.0.8","TLSv1.1","284","Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message"

"321","1.905421000","192.168.0.8","192.168.178.29","TCP","60","443 > 49749 [ACK] Seq=1022 Ack=388 Win=65148 Len=0"

"322","1.905493000","192.168.0.8","192.168.178.29","TLSv1.1","60","Change Cipher Spec"

"323","1.905945000","192.168.0.8","192.168.178.29","TLSv1.1","123","Encrypted Handshake Message"

"324","1.905991000","192.168.178.29","192.168.0.8","TCP","54","49749 > 443 [ACK] Seq=388 Ack=1097 Win=130304 Len=0"

"325","1.907570000","192.168.178.29","192.168.0.8","TLSv1.1","363","Application Data"

"326","1.936678000","192.168.0.8","192.168.178.29","TCP","60","443 > 49749 [ACK] Seq=1097 Ack=697 Win=64840 Len=0"

"327","1.936758000","192.168.178.29","192.168.0.8","TLSv1.1","235","Application Data"

"328","1.944983000","192.168.0.8","192.168.178.29","TLSv1.1","315","Application Data"

"329","1.944988000","192.168.0.8","192.168.178.29","TLSv1.1","219","Application Data"

"330","1.945060000","192.168.178.29","192.168.0.8","TCP","54","49749 > 443 [ACK] Seq=878 Ack=1523 Win=131328 Len=0"

"331","1.954532000","192.168.178.29","192.168.0.8","TLSv1.1","411","Application Data"

"332","1.957461000","192.168.0.8","192.168.178.29","TCP","60","443 > 49749 [ACK] Seq=1523 Ack=1235 Win=64302 Len=0"

"333","1.957515000","192.168.178.29","192.168.0.8","TLSv1.1","363","Application Data"

"334","1.967477000","192.168.0.8","192.168.178.29","TCP","60","443 > 49749 [ACK] Seq=1523 Ack=1544 Win=65536 Len=0"

"335","2.003445000","192.168.0.8","192.168.178.29","TLSv1.1","219","Application Data"

"336","2.003523000","192.168.0.8","192.168.178.29","TLSv1.1","651","Application Data"

"337","2.003566000","192.168.178.29","192.168.0.8","TCP","54","49749 > 443 [ACK] Seq=1544 Ack=2285 Win=130560 Len=0"

"358","6.893649000","192.168.178.29","192.168.0.8","TLSv1.1","411","Application Data"

"359","6.903774000","192.168.0.8","192.168.178.29","TCP","60","443 > 49749 [ACK] Seq=2285 Ack=1901 Win=65178 Len=0"

"360","6.903836000","192.168.178.29","192.168.0.8","TLSv1.1","747","Application Data"

"361","6.914856000","192.168.0.8","192.168.178.29","TCP","60","443 > 49749 [ACK] Seq=2285 Ack=2594 Win=64486 Len=0"

"362","7.030341000","192.168.0.8","192.168.178.29","TLSv1.1","315","Application Data"

"363","7.030343000","192.168.0.8","192.168.178.29","TLSv1.1","635","Application Data"

"364","7.030403000","192.168.178.29","192.168.0.8","TCP","54","49749 > 443 [ACK] Seq=2594 Ack=3127 Win=131328 Len=0"

"365","7.034850000","192.168.178.29","192.168.0.8","TLSv1.1","411","Application Data"

"366","7.044746000","192.168.0.8","192.168.178.29","TCP","60","443 > 49749 [ACK] Seq=3127 Ack=2951 Win=64128 Len=0"

"367","7.044785000","192.168.178.29","192.168.0.8","TLSv1.1","203","Application Data"

"368","7.055910000","192.168.0.8","192.168.178.29","TCP","60","443 > 49749 [ACK] Seq=3127 Ack=3100 Win=65536 Len=0"

"369","7.144626000","192.168.0.8","192.168.178.29","TLSv1.1","219","Application Data"

"370","7.144628000","192.168.0.8","192.168.178.29","TLSv1.1","635","Application Data"

"371","7.144683000","192.168.178.29","192.168.0.8","TCP","54","49749 > 443 [ACK] Seq=3100 Ack=3873 Win=130560 Len=0"

"406","34.169460000","192.168.0.8","192.168.178.29","TLSv1.1","107","Encrypted Alert"

"407","34.169464000","192.168.0.8","192.168.178.29","TCP","60","443 > 49749 [FIN, ACK] Seq=3926 Ack=3100 Win=65536 Len=0"

"408","34.169571000","192.168.178.29","192.168.0.8","TCP","54","49749 > 443 [ACK] Seq=3100 Ack=3927 Win=130560 Len=0"

0 Kudos