Remote Access & VPN
Site-to-site and remote-access VPN failures — IPSec SA negotiation, split tunnelling, routing conflicts, overlapping subnets, OpenVPN throughput, and Cisco ASA tunnel management.
-
VPN not connecting for remote workersRemote staff can't connect. Vendor-neutral diagnostic flow: certificate → authentication → routing → policy → licence → client.
-
VPN Connectivity Fails Due to Overlapping IPv4 Subnet Between Local LAN and Remote NetworkWhen a VPN client's local LAN subnet is identical to the remote network subnet exposed through the VPN tunnel, routing ambiguity causes the OS to resolve traffic locally rather than forwarding it thr…
-
Cisco ASA Site-to-Site IPSec VPN Drops Traffic When SA kB Lifetime Reaches Zero (Bug CSCtq57752)A site-to-site IPSec VPN on a Cisco ASA running 8.6.1 shows the tunnel as up but stops passing traffic for an affected subnet under heavy load. The outbound Security Association's remaining key lifet…
-
Cisco ASA site-to-site IPSec VPN tunnel stops passing traffic until SA is clearedOn a site-to-site IPSec VPN between Cisco ASA devices (commonly 5520/5540), traffic can stop passing through an established tunnel — sometimes only for specific traffic selectors/ACLs — particularly…
-
Windows 10 VPN DNS resolution fails with split tunneling due to interface metric priorityOn Windows 10 VPN clients with split tunneling enabled, DNS queries are routed to the LAN DNS servers instead of the VPN-assigned DNS servers, breaking name resolution for internal/remote hosts. Wind…
-
Windows VPN Hijacks Default Route — Configure Split Tunneling with Static RoutesBy default, a Windows VPN client sets itself as the default gateway, forcing all traffic (including general internet) through the tunnel. This can cripple local network access and degrade browsing pe…
-
OpenVPN TCP Throughput Capped (~6 Mbps) Due to Hardcoded 64 KB Socket BufferOpenVPN's hardcoded 64 KB socket buffer (sndbuf/rcvbuf) prevents TCP Window Size Scaling from growing beyond 64 KB, capping throughput to approximately 5–7 Mbps on high-latency links regardless of av…
-
Cisco ASA site-to-site VPN flaps between dual ISP interfaces at remote officeA Cisco ASA remote office with two ISP-connected outside interfaces and ISAKMP enabled on both, paired with a central ASA crypto map listing both remote peer IPs, brings the IPsec tunnel up on both i…
-
RDP Sessions Disconnect After ~65 Seconds Over UDP — Windows 11 24H2 Clients to Server 2016 RDS HostsA Windows update regression causes RDP sessions using UDP transport to disconnect approximately 65 seconds after connection establishment. Windows 11 24H2 and Server 2025 clients connecting to Server…
-
RDS & AVD Black Screen on Connection — Session Initiation Deadlock Between rdpinit.exe and Credential Providers (Early 2026 Patch Regression)Users connecting via RDP or Azure Virtual Desktop receive a black screen persisting 30–60 seconds before session drops. Root cause is handshake and display container management flaws introduced in ea…
-
RDS & AVD Black Screen on Connection — rdpinit.exe Session Initiation Deadlock (Early 2026 Patches)Users connecting via RDP or Azure Virtual Desktop encounter a black screen lasting 30–60 seconds before disconnection. A deadlock between the Remote Desktop Graphics Service (rdpinit.exe) and local c…