Connection Silently Drops Every Few Minutes When Using RDP with NetBird v0.34.1

[rihards-simanovics]

Describe the problem

Context: Laptop/Mobile device is what we consider a 0-trust or On The Go (OTG) device, we must connect using RDP to our Office PCs in order to do work. Most of it is coding so Frame Rate is most of the time not an issue at all, and besides, over a good network Frame Rate is usually around 60Ghz anyway - hence why it was made mandatory to do everything over RDP. The Access control policy allows only RDP Port and ICMP packets through to the Office PCs, all other traffic is prohibited.

Scenario: So while using RDP and connecting to the Office PC (which is behind Office NAT), using laptop (connected to a mobile carrier cell network, or over WiFi on a NATed home network), the connection drooped very often (in v0.34.0 of the windows client) around every 3~5 minutes from what I managed to witness while it used to not do so nearly as often before if at all.

In version v0.34.1 of the client the connection would just drop, and even though the connection would still remain Connected over Relay (using new netbirdio/relay) no data exchange is possible, not even ICMP packets get through until VPN client is disconnected and re-connected.

To Reproduce

Steps to reproduce the behavior:

1. create a management server (0.34.1) with a public facing IPv4 - VPS is what we use;
2. connect windows 11 Enterprise peer (0.34.1) to the network (RDP destination peer) - a desktop;
3. connect another windows 11 Enterprise peer (0.34.1) to the network (RDP source peer) - a laptop;

Expected behavior

The connection from source peer to destination peer over Relayed connection should remain strong without dropouts.

Are you using NetBird Cloud: No, self hosted.

NetBird version
v0.34.1

NetBird status -dA output:

Peer Laptop

Peers detail:
 gws-rs-main-pc.node.anon-Da4OL.domain:
  NetBird IP: 100.90.213.179
  Public key: [redacted]
  Status: Connected
  -- detail --
  Connection type: Relayed
  ICE candidate (Local/Remote): -/-
  ICE candidate endpoints (Local/Remote): -/-
  Relay server address: rels://vpn.anon-uR7Zu.domain:443
  Last connection update: Now
  Last WireGuard handshake: -
  Transfer status (received/sent) 0 B/0 B
  Quantum resistance: true
  Routes: -
  Latency: 0s

OS: windows/amd64
Daemon version: 0.34.1
CLI version: 0.34.1
Management: Connected to https://vpn.anon-uR7Zu.domain:443
Signal: Connected to https://vpn.anon-uR7Zu.domain:443
Relays:
  [rels://vpn.anon-uR7Zu.domain:443] is Available
Nameservers:
FQDN: gws-rs-thinkpad.node.griffin-web.services
NetBird IP: 100.90.188.102/16
Interface type: Userspace
Quantum resistance: true (permissive)
Routes: -
Peers count: 1/1 Connected

Peer Office PC

Peers detail:

… more peers

gws-rs-thinkpad.node.anon-aWjkb.domain:
  NetBird IP: 100.90.188.102
  Public key: [redacted]
  Status: Connected
  -- detail --
  Connection type: Relayed
  ICE candidate (Local/Remote): -/-
  ICE candidate endpoints (Local/Remote): -/-
  Relay server address: rels://vpn.anon-aWjkb.domain:443
  Last connection update: 51 seconds ago
  Last WireGuard handshake: 50 seconds ago
  Transfer status (received/sent) 244 B/336 B
  Quantum resistance: true
  Routes: -
  Latency: 4.2316ms

… more peers

OS: windows/amd64
Daemon version: 0.34.1
CLI version: 0.34.1
Management: Connected to https://vpn.anon-aWjkb.domain:443
Signal: Connected to https://vpn.anon-aWjkb.domain:443
Relays:
  [stun:vpn.anon-aWjkb.domain:3478] is Available
  [turn:vpn.anon-aWjkb.domain:3478?transport=udp] is Available
  [rels://vpn.anon-aWjkb.domain:443] is Available
Nameservers:
FQDN: gws-rs-main-pc.vpn.anon-aWjkb.domain
NetBird IP: 100.90.213.179/16
Interface type: Userspace
Quantum resistance: true (permissive)
Routes: -
Peers count: 1/xx Connected

netbird debug for 5m -AS output

look out for 2024-12-13T00:50:24Z mark this is when the issues begun.

debug-bundle.zip

Screenshots

N/A