384.12 can no longer RDP through ssh tunnel

[VanillaXtract]

While at work, I typically use PuTTY to connect to my home network. In PuTTY, I have a couple of tunnels established to RDP into my home machines. With 384.12 (and the beta), this no longer works. I can establish the ssh tunnel, but RDP fails to connect. Rolling back to 384.11 fixes the issue. Any ideas on what changed to break this functionality?

 

[L&LD]

While at work, I typically use PuTTY to connect to my home network. In PuTTY, I have a couple of tunnels established to RDP into my home machines. With 384.12 (and the beta), this no longer works. I can establish the ssh tunnel, but RDP fails to connect. Rolling back to 384.11 fixes the issue. Any ideas on what changed to break this functionality?

Did something change on the work network?

 

[martinr]

While at work, I typically use PuTTY to connect to my home network. In PuTTY, I have a couple of tunnels established to RDP into my home machines. With 384.12 (and the beta), this no longer works. I can establish the ssh tunnel, but RDP fails to connect. Rolling back to 384.11 fixes the issue. Any ideas on what changed to break this functionality?

You won’t get into trouble doing that, will you? I’m just thinking if, heavens forbid, you suffer a data breach at work, and the network admins start going through the logs with a fine tooth-comb, you’re won’t get hauled over the coals, will you, as a possible suspect for the point of entry?




From the excellent SSH Mastery by Michael W Lucas:

"As a user, the ability to tunnel arbitrary traffic over SSH does not mean you should. If your organization's security policy forbids port forwarding or tunneling, don't do it. If the policy says "use the Web proxy and stay off IRC," then listen. I am not responsible if you use these techniques and are reprimanded, terminated, or exterminated. (Even if we IT security officers are all petty tinpot despots who don't understand your very personaland deeply urgent need for IRCand Google+.)"

 

[martinr]

Try temporarily turning on logging in Putty and the have a look in the log. You should get a good idea from that where the problem is.

 

[VanillaXtract]

Did something change on the work network?

Nothing has changed. The behavior is specific to the new build of the firmware (and the betas for that matter).

You won’t get into trouble doing that, will you? I’m just thinking if, heavens forbid, you suffer a data breach at work, and the network admins start going through the logs with a fine tooth-comb, you’re won’t get hauled over the coals, will you, as a possible suspect for the point of entry?




From the excellent SSH Mastery by Michael W Lucas:

"As a user, the ability to tunnel arbitrary traffic over SSH does not mean you should. If your organization's security policy forbids port forwarding or tunneling, don't do it. If the policy says "use the Web proxy and stay off IRC," then listen. I am not responsible if you use these techniques and are reprimanded, terminated, or exterminated. (Even if we IT security officers are all petty tinpot despots who don't understand your very personaland deeply urgent need for IRCand Google+.)"

No, I won't. I guess I am doing precisely what Master Lucas is saying not to do. I do it merely because I can. Thank you for this.

Try temporarily turning on logging in Putty and the have a look in the log. You should get a good idea from that where the problem is.

For the sake of curiosity, I will do this because I would like to know what behavior change has occurred.

 

[dave14305]

How is your tunnel setup to make the hop to the RDP machine? By IP or hostname? 384.12 changed how the router resolves hostnames for itself. By default, the router won't know how to resolve local hostnames within your LAN. See Tools - Other Settings "Wan: Use local caching DNS server as system resolver (default: No)".

 

[martinr]

Nothing has changed. The behavior is specific to the new build of the firmware (and the betas for that matter).


No, I won't. I guess I am doing precisely what Master Lucas is saying not to do. I do it merely because I can. Thank you for this.


For the sake of curiosity, I will do this because I would like to know what behavior change has occurred.

Please do let us know the outcome; we’re as keen as you to know where the problem lies.