PPTP Site-to-site problem

gunarsonelv · June 11, 2013, 1:56pm

2 MikroTik 2011 routers. Both v5.22
Connected with site-to-sote PPTP VPN.
Each has Windows Domain controller in internal network.
Internal networks 10.161.1.0/24 and 10.164.1.0/24.

I can ping servers both directions. i.e. i can ping on server from another.
I can browse SMB shares both directions.
AD replication seems to work.
RDP connection is not working either way.
Windows firewalls off.
MikroTik allows all traffic.
However I can RDP from each server to/from (port forwarding) internet, to/from other computers in local network.
What is very strange to me - when I create Logging rule in firewall, I see SMB traffic, I see ICMP traffic, I see LDAP traffic but RDP traffic seems not to reach router(default gateway).
Any ideas are welcome.

Thanks!
Gunars

CelticComms · June 11, 2013, 5:06pm

Random thought… make sure that neither end is NATing RDP traffic - e.g. a historical DST NAT rule left in place.

gunarsonelv · June 12, 2013, 8:43am

Routers are completetly new - no old NATing rules

Topology is as follows:
[server]<–>[basic unmanaged switch]<–>[MikroTik]<—>[Internet and PPTP tunnel]<—>[MikroTik]<–>[basic managed switch]<–>[server]

I’ve found that I can do RDP on port 3388 (default is 3389) and then it works. I see traffic in router and I get connection.
Seems like there’s traffic filtering somwhere between [server] and [MikroTik] on 3389 port but there’s nothing there, just basic unmanaged switch.

I am completely clueless.

Gunārs