Win7，RDP，TLS-Handshake：在路由器上丢失“更改密码规范”数据包。 Win10的作品

首先：我在networking工程上发布了这个消息，但是被build议在这里发布，因为它被搁置了，因为太偏离了应用程序中心。我不这么认为，因为这里发生的所有事情都发生在一个活跃的中介networking设备 – 路由器上。

我们正在尝试build立到外部站点的RDP连接。它适用于来自任意networking（例如UMTS连接）的Windows 7和Windows 10客户端，但是从我们的networking只有Windows 10客户端可以工作。

我们捕获了我们的网关（内部和外部接口，Windows 7和10）上的连接build立/尝试，并注意到DTLSv1数据包（info：“Change Cipher Spec”）在内部和外部接口之间的网关“消失”但只适用于Windows 7客户端。当Windows 10客户端尝试build立连接时，数据包出现在内部和外部接口上，并且连接build立成功。

我们的网关是带有IOS 15.2的Cisco 1921 / K9。

我们已经尝试过了：

远程RDS服务器是一个WinSrv2016。我们第一次尝试解决这个问题的方法是将Windows 7机器上的RDP客户端版本升级到版本。 8.1 – 但它没有帮助。
我们还尝试在Windows 7客户端上降低MTU的大小，如下所示： https : //ask.wireshark.org/questions/29582/mtu-size-on-windows-machine-caused-retransmissions-and-event -你猜猜看; 这也没有帮助。

这里是捕获：

捕获：网关内部接口，Windows 7：

No. Source Destination Protocol Length Info 1 10.128.0.44 xxx.xx.xx.xxx UDP 205 50625 → 15002 Len=163 2 xxx.xx.xx.xxx 10.128.0.44 DTLSv1.0 102 Hello Verify Request 3 10.128.0.44 xxx.xx.xx.xxx DTLSv1.0 211 Client Hello 4 xxx.xx.xx.xxx 10.128.0.44 TCP 192 15001 → 49229 [PSH, ACK] Seq=1 Ack=1 Win=1024 Len=138 5 xxx.xx.xx.xxx 10.128.0.44 TCP 192 15001 → 49229 [PSH, ACK] Seq=139 Ack=1 Win=1024 Len=138 6 10.128.0.44 xxx.xx.xx.xxx TCP 60 49229 → 15001 [ACK] Seq=1 Ack=277 Win=256 Len=0 7 xxx.xx.xx.xxx 10.128.0.44 TCP 60 15001 → 49230 [ACK] Seq=1 Ack=1 Win=1020 Len=0 8 xxx.xx.xx.xxx 10.128.0.44 DTLSv1.0 148 Server Hello 9 xxx.xx.xx.xxx 10.128.0.44 DTLSv1.0 1138 Certificate (Fragment) 10 xxx.xx.xx.xxx 10.128.0.44 DTLSv1.0 1138 Certificate (Fragment) 11 xxx.xx.xx.xxx 10.128.0.44 DTLSv1.0 984 Certificate (Reassembled) 12 xxx.xx.xx.xxx 10.128.0.44 DTLSv1.0 394 Server Key Exchange 13 xxx.xx.xx.xxx 10.128.0.44 DTLSv1.0 73 Certificate Request 14 xxx.xx.xx.xxx 10.128.0.44 DTLSv1.0 67 Server Hello Done 15 xxx.xx.xx.xxx 10.128.0.44 TCP 192 15001 → 49229 [PSH, ACK] Seq=277 Ack=1 Win=1024 Len=138 16 xxx.xx.xx.xxx 10.128.0.44 TCP 192 15001 → 49229 [PSH, ACK] Seq=415 Ack=1 Win=1024 Len=138 17 10.128.0.44 xxx.xx.xx.xxx TCP 60 49229 → 15001 [ACK] Seq=1 Ack=553 Win=255 Len=0 18 10.128.0.44 xxx.xx.xx.xxx DTLSv1.0 148 Certificate, Client Key Exchange 19 10.128.0.44 xxx.xx.xx.xxx DTLSv1.0 60 Change Cipher Spec 20 10.128.0.44 xxx.xx.xx.xxx DTLSv1.0 119 Encrypted Handshake Message 21 xxx.xx.xx.xxx 10.128.0.44 DTLSv1.0 60 Change Cipher Spec 22 xxx.xx.xx.xxx 10.128.0.44 DTLSv1.0 119 Encrypted Handshake Message 23 xxx.xx.xx.xxx 10.128.0.44 TCP 192 15001 → 49229 [PSH, ACK] Seq=553 Ack=1 Win=1024 Len=138 24 xxx.xx.xx.xxx 10.128.0.44 TCP 1434 15001 → 49229 [ACK] Seq=691 Ack=1 Win=1024 Len=1380 25 xxx.xx.xx.xxx 10.128.0.44 TCP 1434 15001 → 49229 [ACK] Seq=2071 Ack=1 Win=1024 Len=1380 26 xxx.xx.xx.xxx 10.128.0.44 TCP 1288 15001 → 49229 [PSH, ACK] Seq=3451 Ack=1 Win=1024 Len=1234 27 10.128.0.44 xxx.xx.xx.xxx TCP 60 49229 → 15001 [ACK] Seq=1 Ack=2071 Win=258 Len=0 28 10.128.0.44 xxx.xx.xx.xxx TCP 60 49229 → 15001 [ACK] Seq=1 Ack=4685 Win=258 Len=0 29 xxx.xx.xx.xxx 10.128.0.44 TCP 176 15001 → 49229 [PSH, ACK] Seq=4685 Ack=1 Win=1024 Len=122 30 10.128.0.44 xxx.xx.xx.xxx TCP 144 49230 → 15001 [PSH, ACK] Seq=1 Ack=1 Win=254 Len=90 31 10.128.0.44 xxx.xx.xx.xxx DTLSv1.0 1239 Application Data

捕获：网关外部接口，Windows 7：

 No. Source Destination Protocol Length Info 1 our-site rem-site UDP 205 56560 → 15002 Len=163 2 rem-site our-site TCP 192 15001 → 49222 [PSH, ACK] Seq=1 Ack=1 Win=64860 Len=138 3 rem-site our-site DTLSv1.0 102 Hello Verify Request 4 rem-site our-site TCP 192 15001 → 49222 [PSH, ACK] Seq=139 Ack=1 Win=64860 Len=138 5 rem-site our-site TCP 192 15001 → 49222 [PSH, ACK] Seq=277 Ack=1 Win=64860 Len=138 6 our-site rem-site TCP 60 49222 → 15001 [ACK] Seq=1 Ack=277 Win=64292 Len=0 7 our-site rem-site DTLSv1.0 211 Client Hello 8 rem-site our-site TCP 192 15001 → 49222 [PSH, ACK] Seq=415 Ack=1 Win=64860 Len=138 9 rem-site our-site TCP 192 15001 → 49222 [PSH, ACK] Seq=553 Ack=1 Win=64860 Len=138 10 our-site rem-site TCP 60 49222 → 15001 [ACK] Seq=1 Ack=553 Win=64016 Len=0 11 rem-site our-site TCP 60 15001 → 49223 [ACK] Seq=1 Ack=1 Win=63886 Len=0 12 rem-site our-site DTLSv1.0 148 Server Hello 13 rem-site our-site DTLSv1.0 1138 Certificate (Fragment) 14 rem-site our-site DTLSv1.0 1138 Certificate (Fragment) 15 rem-site our-site DTLSv1.0 984 Certificate (Reassembled) 16 rem-site our-site DTLSv1.0 394 Server Key Exchange 17 rem-site our-site DTLSv1.0 73 Certificate Request 18 rem-site our-site DTLSv1.0 67 Server Hello Done 19 rem-site our-site TCP 192 15001 → 49222 [PSH, ACK] Seq=691 Ack=1 Win=64860 Len=138 20 rem-site our-site TCP 1434 15001 → 49222 [ACK] Seq=829 Ack=1 Win=64860 Len=1380 21 rem-site our-site TCP 1434 15001 → 49222 [ACK] Seq=2209 Ack=1 Win=64860 Len=1380 22 rem-site our-site TCP 1336 15001 → 49222 [PSH, ACK] Seq=3589 Ack=1 Win=64860 Len=1282 23 our-site rem-site TCP 60 49222 → 15001 [ACK] Seq=1 Ack=829 Win=63740 Len=0 24 our-site rem-site TCP 60 49222 → 15001 [ACK] Seq=1 Ack=3589 Win=64860 Len=0 25 our-site rem-site TCP 144 49223 → 15001 [PSH, ACK] Seq=1 Ack=1 Win=63683 Len=90 26 rem-site our-site TCP 128 15001 → 49222 [PSH, ACK] Seq=4871 Ack=1 Win=64860 Len=74 27 our-site rem-site TCP 60 49222 → 15001 [ACK] Seq=1 Ack=4945 Win=63504 Len=0 28 our-site rem-site DTLSv1.0 148 Certificate, Client Key Exchange 29 rem-site our-site TCP 60 15001 → 49223 [ACK] Seq=1 Ack=91 Win=63796 Len=0 30 rem-site our-site DTLSv1.0 148 Server Hello 31 rem-site our-site DTLSv1.0 1138 Certificate[Reassembly error, protocol DTLS: New fragment overlaps old data (retransmission?)] 32 rem-site our-site DTLSv1.0 1138 Certificate[Reassembly error, protocol DTLS: New fragment overlaps old data (retransmission?)] 33 rem-site our-site DTLSv1.0 984 Certificate[Reassembly error, protocol DTLS: New fragment overlaps old data (retransmission?)] 34 rem-site our-site DTLSv1.0 394 Server Key Exchange 35 rem-site our-site DTLSv1.0 73 Certificate Request 36 rem-site our-site DTLSv1.0 67 Server Hello Done 37 rem-site our-site DTLSv1.0 148 Server Hello 38 rem-site our-site DTLSv1.0 1138 Certificate[Reassembly error, protocol DTLS: New fragment overlaps old data (retransmission?)] 39 rem-site our-site DTLSv1.0 1138 Certificate[Reassembly error, protocol DTLS: New fragment overlaps old data (retransmission?)] 40 rem-site our-site DTLSv1.0 984 Certificate[Reassembly error, protocol DTLS: New fragment overlaps old data (retransmission?)] 41 rem-site our-site DTLSv1.0 394 Server Key Exchange 42 rem-site our-site DTLSv1.0 73 Certificate Request 43 rem-site our-site DTLSv1.0 67 Server Hello Done 44 rem-site our-site DTLSv1.0 148 Server Hello

正如你所看到的，“更改密码规格”永远不会到达外部接口。重复“服务器问候”，直到服务器发送一个最终的RST，此处省略。

为了完整起见，这些是通过相同的networking/path从Windows 10客户端获取相同连接尝试的捕获。这一个成功的连接：

捕获：网关内部接口，Windows 10：

 No. Source Destination Protocol Length Info 1 10.128.0.1 xxx.xx.xx.xxx UDP 215 51603 → 15002 Len=173 2 xxx.xx.xx.xxx 10.128.0.1 DTLSv1.0 102 Hello Verify Request 3 10.128.0.1 xxx.xx.xx.xxx DTLSv1.0 221 Client Hello 4 xxx.xx.xx.xxx 10.128.0.1 DTLSv1.0 148 Server Hello 5 xxx.xx.xx.xxx 10.128.0.1 DTLSv1.0 1138 Certificate (Fragment) 6 xxx.xx.xx.xxx 10.128.0.1 DTLSv1.0 1138 Certificate (Fragment) 7 xxx.xx.xx.xxx 10.128.0.1 DTLSv1.0 984 Certificate (Reassembled) 8 xxx.xx.xx.xxx 10.128.0.1 DTLSv1.0 361 Server Key Exchange 9 xxx.xx.xx.xxx 10.128.0.1 DTLSv1.0 73 Certificate Request 10 xxx.xx.xx.xxx 10.128.0.1 DTLSv1.0 67 Server Hello Done 11 xxx.xx.xx.xxx 10.128.0.1 TCP 598 15001 → 62695 [PSH, ACK] Seq=1 Ack=1 Win=1023 Len=544 12 10.128.0.1 xxx.xx.xx.xxx DTLSv1.0 115 Certificate, Client Key Exchange 13 10.128.0.1 xxx.xx.xx.xxx DTLSv1.0 60 Change Cipher Spec 14 10.128.0.1 xxx.xx.xx.xxx DTLSv1.0 119 Encrypted Handshake Message 15 10.128.0.1 xxx.xx.xx.xxx TCP 809 62695 → 15001 [PSH, ACK] Seq=1 Ack=545 Win=1021 Len=755 16 10.128.0.1 xxx.xx.xx.xxx TCP 164 62695 → 15001 [PSH, ACK] Seq=756 Ack=545 Win=1021 Len=110 17 10.128.0.1 xxx.xx.xx.xxx TCP 168 62695 → 15001 [PSH, ACK] Seq=866 Ack=545 Win=1021 Len=114 18 10.128.0.1 xxx.xx.xx.xxx TCP 168 62695 → 15001 [PSH, ACK] Seq=980 Ack=545 Win=1021 Len=114 19 10.128.0.1 xxx.xx.xx.xxx TCP 184 62695 → 15001 [PSH, ACK] Seq=1094 Ack=545 Win=1021 Len=130 20 10.128.0.1 xxx.xx.xx.xxx TCP 168 62695 → 15001 [PSH, ACK] Seq=1224 Ack=545 Win=1021 Len=114 21 xxx.xx.xx.xxx 10.128.0.1 DTLSv1.0 60 Change Cipher Spec 22 xxx.xx.xx.xxx 10.128.0.1 DTLSv1.0 119 Encrypted Handshake Message 23 10.128.0.1 xxx.xx.xx.xxx DTLSv1.0 1239 Application Data 24 10.128.0.1 xxx.xx.xx.xxx DTLSv1.0 1111 Application Data 25 10.128.0.1 xxx.xx.xx.xxx DTLSv1.0 583 Application Data

捕获：网关外部接口，Windows 10：

 No. Source Destination Protocol Length Info 1 our-site rem-site UDP 215 51875 → 15002 Len=173 2 rem-site our-site TCP 160 15001 → 62569 [PSH, ACK] Seq=1 Ack=1 Win=1021 Len=106 3 rem-site our-site DTLSv1.0 102 Hello Verify Request 4 our-site rem-site DTLSv1.0 221 Client Hello 5 rem-site our-site TCP 160 15001 → 62569 [PSH, ACK] Seq=107 Ack=1 Win=1021 Len=106 6 rem-site our-site TCP 160 15001 → 62569 [PSH, ACK] Seq=213 Ack=1 Win=1021 Len=106 7 our-site rem-site TCP 60 62569 → 15001 [ACK] Seq=1 Ack=319 Win=1024 Len=0 8 rem-site our-site DTLSv1.0 148 Server Hello 9 rem-site our-site DTLSv1.0 1138 Certificate (Fragment) 10 rem-site our-site DTLSv1.0 1138 Certificate (Fragment) 11 rem-site our-site DTLSv1.0 984 Certificate (Reassembled) 12 rem-site our-site DTLSv1.0 361 Server Key Exchange 13 rem-site our-site DTLSv1.0 73 Certificate Request 14 rem-site our-site DTLSv1.0 67 Server Hello Done 15 rem-site our-site TCP 160 15001 → 62569 [PSH, ACK] Seq=319 Ack=1 Win=1021 Len=106 16 rem-site our-site TCP 160 15001 → 62569 [PSH, ACK] Seq=425 Ack=1 Win=1021 Len=106 17 our-site rem-site TCP 60 62569 → 15001 [ACK] Seq=1 Ack=531 Win=1023 Len=0 18 our-site rem-site DTLSv1.0 115 Certificate, Client Key Exchange 19 our-site rem-site DTLSv1.0 60 Change Cipher Spec 20 our-site rem-site DTLSv1.0 119 Encrypted Handshake Message 21 rem-site our-site DTLSv1.0 60 Change Cipher Spec 22 rem-site our-site DTLSv1.0 119 Encrypted Handshake Message 23 our-site rem-site DTLSv1.0 1239 Application Data 24 our-site rem-site DTLSv1.0 1111 Application Data 25 our-site rem-site DTLSv1.0 583 Application Data

我们在这里错过了什么？任何想法都表示赞赏。