search

Ylianst / MeshCentral

A complete web-based remote monitoring and management web site. Once setup you can install agents and perform remote desktop session to devices on the local network or over the Internet.
https://meshcentral.com
Apache License 2.0
4.01k stars 540 forks source link

Mescentrall RDP lost connection after (ping pong =25) amount of time. #5785

Closed Loafter closed 7 months ago

Loafter commented 7 months ago

Mescentrall RDP lost connection after (ping pong =25) amount of time. just set one of ANY of this ping pong param "BrowserPong": 20, "AgentPong":20, "BrowserPing": 25, "AgentPing":25, connect to any windows machine, it will drop connection after 25 second mesconnection works fine, and don't drop connection!

image image

Server Software (please complete the following information):

Client Device (please complete the following information):

Remote Device (please complete the following information):

Lighthttpd config

$HTTP["host"] =~ "mesh\.XXXX\.com$" {
        ssl.pemfile ="/etc/acme/mesh.XXXX.com/mesh.XXXX.com.cer"
        ssl.privkey ="/etc/acme/mesh.XXXX.com/mesh.XXXX.com.key"
        setenv.set-response-header  = (
                               "X-Forwarded-Proto" => "https",
                               "X-Forwarded-Host" => "mesh.XXXX.com",
                               "X-Forwarded-Port" => "443",
                                "Content-Security-Policy" => "script-src 'self' 'unsafe-inline' 'unsafe-eval'"
                              )

        proxy.server = ( "" => ( ( "host" => "192.168.2.1", "port" => "4430" ) ) )
        proxy.header += ( "https-remap" => "enable", "upgrade" => "enable")
}

Config

{
  "$schema": "https://raw.githubusercontent.com/Ylianst/MeshCentral/master/meshcentral-config-schema.json",
  "__comment1__": "This is a simple configuration file, all values and sections that start with underscore (_) are ignored. Edit a section and remove the _ in front of the name. Refer to the user's guide for details.",
  "__comment2__": "See node_modules/meshcentral/sample-config-advanced.json for a more advanced example.",
  "settings": {
    "cert": "mesh.XXXX.com",
    "_WANonly": true,
    "_LANonly": true,
    "_sessionKey": "MyReallySecretPassword1",
    "port": 4430,
    "tlsoffload": true,
    "webRTC": false,
    "wsCompressoin": true,
    "aliasPort": 443,
    "redirPort": 800,
    "Log": "main,web,webrequest,cert",
    "IgnoreAgentHashCheck": false,
    "allowLoginToken": true,
    "allowFraming": false,
    "BrowserPong": 20,
    "AgentPong":20,
    "BrowserPing": 25,
    "AgentPing":25,
    "_redirAliasPort": 80
  },
  "domains": {
    "": {
      "title": "Meshcentral Nodes",
      "_title2": "Servername",
      "_minify": true,
      "certUrl": "https://mesh.XXXXXX.com/",
      "_newAccounts": true,
      "_userNameIsEmail": true
    }
  },
  "_letsencrypt": {
    "__comment__": "Requires NodeJS 8.x or better, Go to https://letsdebug.net/ first before trying Let's Encrypt.",
    "email": "myemail@mydomain.com",
    "names": "myserver.mydomain.com",
    "skipChallengeVerification": true,
    "production": false
  }
}
si458 commented 7 months ago

Yes we are aware of this bug, a simple fix is to just remove all of agentPing,agentPong,browserPing,browserPong from ur config.json and it will carry on working as normal, I will look into why this is happening when I get chance!

Loafter commented 7 months ago

Thanks! for anwer. but if i remove this options from config, my remote nodes dissapear randomly. What root of this case? if you need any details logs i can provide it for you)

si458 commented 7 months ago

basically its a bug thats needs investigating...

websockets have there own ping/pong behaviour/method so you would never need to use agentPing,agentPong,browserPing,browserPong HOWEVER some firewalls/environments block these ping/pong events in websockets so the devices can appear offline (as you are experiencing)

agentPing,agentPong are extra method thats implemented that run every X seconds you set ontop of the websockets to keep the connection alive

but the must be an issue where it thinks the device is not actually online, and disconncting your session even tho the device is actually online? so hense... ITS A 🐞

si458 commented 7 months ago

MY NOTES: found commit where the noping was removed and replaced with something else https://github.com/Ylianst/MeshCentral/commit/93e8f2cdcf1067634908aabeb607a227404ccfbc

silversword411 commented 7 months ago

but if i remove this options from config, my remote nodes dissapear randomly. What root of this case?

Bad network hardware routers/NAT/VPN that are shortening TTLs on TCP sessions and dropping them artificially fast. ping/pong is basically artificially generating traffic to keep the TCP session alive to keep resetting the timeout before NATS tosses the mapping as "expired"

Monitor your sessions in your router, and you'll see sessions disappearing. Find the culprit equipment/tech in your stack.

image

si458 commented 7 months ago

@silversword411 fix for the rdp dropping out is here https://github.com/Ylianst/MeshCentral/pull/5786

It was basically sending the ping ok, the agent was replying pong, then meshcentral decides to try sending the pong to the rdp server, so the rdp server goes sod that and disconnects. What it should be doingel is sending the pong to the web browser instead Doh!