Community discussions

MikroTik App
 
revsys
just joined
Topic Author
Posts: 1
Joined: Fri Jul 26, 2013 10:44 pm

DCOM/RPC traffic over IPSEC VPN?

Fri Jul 26, 2013 10:57 pm

Hi there, I just set up a new workstation at a remote location that is a member of our office domain and is connected through a site-to-site IPSEC VPN (Microtik in our office, Cisco firewall on the remote site). The VPN connection seems to be working well, with most communication having no issue, but we have a piece of software that relies on DCOM that just will not work. Additionally, Group Policy fails to update on this workstation. For both issues,"The RPC Server is Unavailable" is the stated problem.

Firewalls on both sides have been set to allow all IP traffic through unrestricted over the VPN link, and no other software firewalls are in place. Still, taking that workstation to our office and connecting it to our LAN does work, making me think there is something else with the Microtik setup that could be interfering.

Does anybody have any experience with this problem or know what might be the issue? Your help would be greatly appreciated!
 
Satowist
just joined
Posts: 7
Joined: Mon Sep 28, 2015 4:43 pm

Re: DCOM/RPC traffic over IPSEC VPN?

Tue Sep 29, 2015 3:45 pm

Have same problem between Mikrotik and RRAS
Topic started Fri Jul 26, 2013, 0 answers. I am doomed. :lol:
 
ulysses
Frequent Visitor
Frequent Visitor
Posts: 85
Joined: Fri Sep 25, 2015 1:26 pm

Re: DCOM/RPC traffic over IPSEC VPN?

Tue Sep 29, 2015 10:36 pm

My guess is that it is not working because you don't have multicast over the tunnel. I think so because DCOM is built on top of UDP, so it should work fine otherwise

To have multicast working over a tunnel you will have to set up PIM (IGMP Proxy is easier, but will only work one way)
 
Satowist
just joined
Posts: 7
Joined: Mon Sep 28, 2015 4:43 pm

Re: DCOM/RPC traffic over IPSEC VPN?

Wed Sep 30, 2015 10:08 am

My guess is that it is not working because you don't have multicast over the tunnel. I think so because DCOM is built on top of UDP, so it should work fine otherwise

To have multicast working over a tunnel you will have to set up PIM (IGMP Proxy is easier, but will only work one way)
Thank you. I will try.
I need PIM only on Mikrotik side? Аs I know RRAS do not support PIM =\
 
andriys
Forum Guru
Forum Guru
Posts: 1395
Joined: Thu Nov 24, 2011 1:59 pm
Location: Kharkiv, Ukraine

Re: DCOM/RPC traffic over IPSEC VPN?

Wed Sep 30, 2015 4:02 pm

As far as I'm aware DCOM has nothing to do with UDP and multicast.

Satowist, I guess ActiveDirectory is used in your setup. Please make sure DNS is setup properly on your remote location, as it is vital for directory services to work properly.
 
Satowist
just joined
Posts: 7
Joined: Mon Sep 28, 2015 4:43 pm

Re: DCOM/RPC traffic over IPSEC VPN?

Wed Sep 30, 2015 4:20 pm

As far as I'm aware DCOM has nothing to do with UDP and multicast.

Satowist, I guess ActiveDirectory is used in your setup. Please make sure DNS is setup properly on your remote location, as it is vital for directory services to work properly.
DNS is fine.
This problem does not occur with DirectAccess and VPN сlients. Only with site-2-site VPN.
 
ulysses
Frequent Visitor
Frequent Visitor
Posts: 85
Joined: Fri Sep 25, 2015 1:26 pm

Re: DCOM/RPC traffic over IPSEC VPN?

Wed Sep 30, 2015 4:54 pm

As far as I'm aware DCOM has nothing to do with UDP and multicast.
https://support.microsoft.com/en-us/kb/832017, see Group Policy section

In short, i meant it uses layer 3 protocols that should flow fine, but usually whatever in windows relies on SMB may suffer from a not working discovery which depends on multicast
 
Satowist
just joined
Posts: 7
Joined: Mon Sep 28, 2015 4:43 pm

Re: DCOM/RPC traffic over IPSEC VPN?

Thu Oct 01, 2015 11:23 am

IP multicasting with RRAS
Windows and RRAS do not include multicast routing protocols, such as Distance Vector Multicast Routing Protocol (DVMRP), Multicast Extensions to Open Shortest Path First (MOSPF), and Protocol Independent Multicast (PIM), although RRAS does support multicast routing protocols developed by independent software vendors (ISVs).
:(
 
andriys
Forum Guru
Forum Guru
Posts: 1395
Joined: Thu Nov 24, 2011 1:59 pm
Location: Kharkiv, Ukraine

Re: DCOM/RPC traffic over IPSEC VPN?

Thu Oct 01, 2015 11:56 am

https://support.microsoft.com/en-us/kb/832017, see Group Policy section

In short, i meant it uses layer 3 protocols that should flow fine, but usually whatever in windows relies on SMB may suffer from a not working discovery which depends on multicast
Ok, I was wrong about UDP. Still multicast should not be required. Classic NetBIOS discovery is largely outdated, and is not required at all in decent ActiveDirectory setups, where DNS is the primary mean for service discovery.

Satowist, I still insist you check your DNS settings. You VPN client may be configured to force your client using remote DNS server, or provides a split-DNS service so that remote DNS server is used to resolve you internal ActiveDirectory domain names. Please make sure your local DNS setup allows you to do the same when accessing remote services via site-to-site VPN tunnel.
 
Satowist
just joined
Posts: 7
Joined: Mon Sep 28, 2015 4:43 pm

Re: DCOM/RPC traffic over IPSEC VPN?

Wed Oct 07, 2015 4:56 pm

There was a loop in the subnet behind the RRAS.
Thanks for all.

Who is online

Users browsing this forum: Baidu [Spider], Bing [Bot], ErfanDL, kamidi, Mike33, Robertemma081 and 213 guests