Hello everyone
I have a Windows 2012R2 server with a VPN server installed on my local network. I've configured the router so that I can easily open a VPN tunnel from anywhere, but when I try to connect to the aforementioned server via RDP, I get a message that "the remote computer is unavailable." I'm configuring a new router mikrotik hap because the old one (hap ac lite) was damaged. Everything worked perfectly on the old router. Unfortunately, I haven't been able to recover the old configuration, and I don't remember what the settings were. What could I have missed in the settings that caused the remote computer to not be visible?
Hi,
Edited your post to make reading easier. No need to put format marks around simple text.
According your question, look there Port forwarding - RouterOS knowledge base - MikroTik Documentation
Do you have 3389 port NATted and proper forwarding (!!!) firewall rule for natted packets set?
For me it's SPAM: I find no trace of anything that leads to a MikroTik device...
Hello, my posts may look strange because I'm using a translator. How would I forward port 3389 to which interface? Forwarding it to the WAN interface is very insecure and essentially opens up access to my network to everyone, completely bypassing the VPN.
So you open a VPN connection and then do RDP over VPN connection?
What addresses VPN server assigns to VPN interfaces on it's site?
What are routes sent to the remote PC?
Does PC get proper information to route RDP connection to the IP of the server?
Does server knows how to send packets back to remote PC?
What addresses of PCs the server sees in RDP packets?
Are they from VPN subnet?
Could they be properly routed back?
The router does not know anything about tarffic remotePC <-> RDP server as it is hidden in remotePC's VPN tunnel. Therefore nothing is to be set on the router. Check and diagnose Windows Server.
Hello, in Windows Server there is probably no need to check or change anything because before the HAP AC Lite router was damaged, everything was working correctly. Several users connected remotely from their homes to the server. Now the remote connection only works in the local network and it is not possible to connect from the outside via a VPN tunnel. For Tefo, I think I missed something when configuring the router. Someone suggested that I change the LAN in proxy-arp, but I can't check it at the moment.
That's why I asked these questions for.
As RDP client does not receive the answer from RDP server, it's obvious that packets are lost somewhere in the middle. Why?
Does simple ping to server work over the VPN?
If yes, then: what size of ping packet is accepted? Why that sieze?
Is it a MSS problem?
and so on ...
Use Occam's razor principle and eliminate "unknowns" step by step. It's the best attitude.
Some thoughts:
If your VPN router clients get different IP addresses to the LAN IP range, you will need to do one of the following.
- NAT the client connections to the LAN network eg. src-nat to the VPN router LAN IP.
- Add an appropriate static route in the default gateway router to your VPN router for the client IP addresses.
- Add an appropriate static route in the RDP server to your VPN router for the VPN client IP addresses.
If your VPN router clients get IP addresses that are in a small portion of the LAN IP range. You will
likely need to use proxy arp on the VPN router.
Recent versions of RouterOS allow you to publish certain IPs for ARP. (much less blunt than full proxy arp)
I'm not an advanced user of MikroTik routers, so you need to explain it to me in simple language, I'm just starting out. The ping doesn't go through to the server via VPN, 100% loss
So it means that PC does not know the route to server or server route to PC:
- PC does not get IP assigned from VPN tunnel
- server has no proper IP for VPN tunnels set
- server has no proper route set for VPN's subnet
- PC has no route installed by VPN client even it gets it from server
- no route is sent to the client from server, so if even client tries to install it, it has nothing to install
- route is properly sent&received but it's distance value makes it non-functional
for me,for that moment, it is purely Windows problem. Forget RDP. Simple ping should work.
I had to temporarily stop restarting my Windows VPN + MikroTik setup because I urgently needed a remote connection. So I started an L2TP + IPSEC server on the MikroTik, and everything worked—the VPN on the MikroTik router and RDP. It worked fine until a second user tried to connect, but then it kicked out the already logged-in user. This means that MikroTik doesn't allow more than one user to connect. Is there any way to fix this?
