I created GRE tunnel between 2 locations(A and B). Everything working great. I have couple machines in “A” with standard SSH and RDP ports and I can connect to them fine from any locations.
But I have one machine in B with RDP on 4005 and RDP from A does not work. From B it does.
Any suggestions on where I should look?
Of course, the two routers need to make sure they have an IP route that points to the remote site’s addresses via the GRE interface (or if you put IP addresses on the GRE interfaces at both ends, use the IP of the remote site)
Check the forward chains of your IP firewall filter rules.
Check the NAT rules to make sure packets aren’t getting masqueraded at either end.
I would also double check to make sure that the device in ‘B’ is actually listening on port 4005.
Do you have any firewalls in between these two devices? Have you verified accept/permit statements?
Have you verified that the device on ‘B’ can accept RDP? Only certain versions of Windows allow inbound RDP connections.
Have you also checked the host/Windows Firewall?
If the device in ‘A’ can ping the device in ‘B’ then your problem will lie with a firewall or at the application.
I setup very general GRE tunnel that suppose to allow anything both ways. As I mentioned, from location B I can RDP to location’s A computers.
This particular computer at B should be open because I can RDP to it just fine when on B network. I was curious if there might be something about special port number 3389 that works and 4005 being not standard and it somehow makes difference in Mikrotik?
Unless you have specific accept/deny statements or routes, Mikrotik will not care what data you are sending.
Can the device in ‘A’ ping the device in ‘B’?
Yep. It wasn’t tunnel. I couldn’t ping PC in B when on A network, but it pings just fine when I’m on A network. I haven’t seen this stuff before. It was Windows 7 machine and it’s firewall. I had exception for 4005 but it didn’t work.
After I disabled firewall everything works. I did add rule to allow for ICMPv4 and YEP, RDP started to work. So, does it mean if machine doesn’t ping it wouldn’t connect via TCP?
I’ve never analyzed packets for RDP connections, nor am I very familiar with its dependencies; unfortunately I just don’t know if RDP requires ping to work.
Glad you got it working!