Azure Site-to-Site VPN works, but RDP/Server Manager/Replication does not.
Hi,
At home, I have a Raspberry Pi with Raspbian as OS. I have installed OpenSwan to make a Site-to-Site VPN between the Raspberry and Azure. The Raspberry has an IP Address of 192.168.1.2 behind NAT. Ping works from both sites, but I'm not able to RDP or for
example manage the servers within the Server Manager. The AD Replication doesn't work either, but I was able to join a VM in Azure over this VPN. I'm using the following configuration:
Network topology:
• 192.168.1.0/24 - Home network
• 192.168.2.0/24 - Azure network
• 192.168.1.1 - Home router's private IP
• 192.168.1.2 - Raspberry Pi
I enabled L2TP Passthrough in the router firewall and I tried to forward the following ports to my RPI:
• UDP 500
• UDP 4500
I also tried to place the Pi in the DMZ.
My ipsec.conf looks like this:
version 2.0
config setup
nat_traversal=yes
virtual_private=%4:192.168.1.0/24
protostack=auto
interfaces="ipsec0=eth0"
conn azure
authby=secret
auto=start
type=tunnel
left=192.168.1.2
leftsubnet=192.168.1.0/24
leftnexthop=192.168.1.1
right=[Azure IP]
rightsubnet=192.168.2.0/24
ike=3des-sha1-modp1024,aes128-sha1-modp1024
esp=3des-sha1,aes128-sha1
pfs=no
ipsec.secrets:
192.168.1.2 [Azure IP] : PSK "AzureSecret"
That got the link up and running, to allow routing between sites:
/etc/sysctl.conf:
net.ipv4.ip_forward = 1
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.icmp_ignore_bogus_error_responses = 1
IPtables rules:
iptables -A FORWARD -s 192.168.2.0/24 -m policy --dir in --pol ipsec -j ACCEPT
iptables -A FORWARD -s 192.168.1.0/24 -m policy --dir out --pol ipsec -j ACCEPT
iptables -A INPUT -p udp -m udp --dport 500 -j ACCEPT
iptables -A INPUT -p udp -m udp --dport 4500 -j ACCEPT
iptables -A INPUT -m policy --dir in --pol ipsec -j ACCEPT
iptables -A INPUT -p esp -j ACCEPT
The NAT table allows the Azure VM's to connect to any machine on my home network:
iptables -A PREROUTING –t nat -i eth0 -p udp -m udp --dport 4500 -j DNAT --to-destination [Azure IP]:4500
iptables -A PREROUTING –t nat -i eth0 -p udp -m udp --dport 500 -j DNAT --to-destination [Azure IP]:500
iptables –t nat -A POSTROUTING -o eth0 -j MASQUERADE
With all this I can ping and communicate in both directions, all Azure VM's can see my home network, all home network machines can see my Azure VM's.
Any idea what's going wrong? Thank you!
Hi Arvind,
I can confirm that RDP from the server in Azure works to my home lab. It doesn't work from my home lab (DC01) to Azure (DC02-1). I did a capture on my DC01 with NetMon.
DC01 is 192.168.1.10 (home)
DC02-1 is 192.168.2.4 (Azure)
I found the following 'errors' in the capture:
- Scale factor not supported
- Checksum: 0x9EBF, Disregarded
Do you know what's the problem?
Take a look at the capture below:
215 11:24:20 27-12-2014 1.8730574 mstsc.exe 192.168.1.10 192.168.2.4 TCP TCP:Flags=CE....S., SrcPort=50487, DstPort=MS WBT Server(3389), PayloadLen=0, Seq=4073688143, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) = 8192 {TCP:5, IPv4:11}
222 11:24:20 27-12-2014 1.9105602 mstsc.exe 192.168.2.4 192.168.1.10 TCP TCP:Flags=.E.A..S., SrcPort=MS WBT Server(3389), DstPort=50487, PayloadLen=0, Seq=3665192609, Ack=4073688144, Win=64000 ( Scale factor not supported ) = 64000 {TCP:5, IPv4:11}
223 11:24:20 27-12-2014 1.9106166 mstsc.exe 192.168.1.10 192.168.2.4 TCP TCP:Flags=...A...., SrcPort=50487, DstPort=MS WBT Server(3389), PayloadLen=0, Seq=4073688144, Ack=3665192610, Win=515 (scale factor 0x8) = 131840 {TCP:5, IPv4:11}
224 11:24:20 27-12-2014 1.9118241 mstsc.exe 192.168.1.10 192.168.2.4 RDP RDP:Windows stub parser: Requires full Common parsers. See the "How Do I Change Parser Set Options(Version 3.3 or before) or Configure Parser Profile (Version 3.4)" help topic for tips on loading these parser sets. {TCP:5, IPv4:11}
236 11:24:20 27-12-2014 2.2214169 mstsc.exe 192.168.1.10 192.168.2.4 TCP TCP:[ReTransmit #224]Flags=...AP..., SrcPort=50487, DstPort=MS WBT Server(3389), PayloadLen=19, Seq=4073688144 - 4073688163, Ack=3665192610, Win=515 (scale factor 0x8) = 131840 {TCP:5, IPv4:11}
262 11:24:21 27-12-2014 2.8307052 mstsc.exe 192.168.1.10 192.168.2.4 TCP TCP:[ReTransmit #224]Flags=...AP..., SrcPort=50487, DstPort=MS WBT Server(3389), PayloadLen=19, Seq=4073688144 - 4073688163, Ack=3665192610, Win=515 (scale factor 0x8) = 131840 {TCP:5, IPv4:11}
338 11:24:22 27-12-2014 4.0339011 mstsc.exe 192.168.1.10 192.168.2.4 TCP TCP:[ReTransmit #224]Flags=...AP..., SrcPort=50487, DstPort=MS WBT Server(3389), PayloadLen=19, Seq=4073688144 - 4073688163, Ack=3665192610, Win=515 (scale factor 0x8) = 131840 {TCP:5, IPv4:11}
370 11:24:23 27-12-2014 4.9156751 mstsc.exe 192.168.2.4 192.168.1.10 TCP TCP:Flags=.E.A..S., SrcPort=MS WBT Server(3389), DstPort=50487, PayloadLen=0, Seq=3665192609, Ack=4073688144, Win=64000 ( Scale factor not supported ) = 64000 {TCP:5, IPv4:11}
371 11:24:23 27-12-2014 4.9157253 mstsc.exe 192.168.1.10 192.168.2.4 TCP TCP:Flags=...A...., SrcPort=50487, DstPort=MS WBT Server(3389), PayloadLen=0, Seq=4073688163, Ack=3665192610, Win=515 (scale factor 0x8) = 131840 {TCP:5, IPv4:11}
383 11:24:23 27-12-2014 5.2369090 mstsc.exe 192.168.1.10 192.168.2.4 TCP TCP:[ReTransmit #224]Flags=...AP..., SrcPort=50487, DstPort=MS WBT Server(3389), PayloadLen=19, Seq=4073688144 - 4073688163, Ack=3665192610, Win=515 (scale factor 0x8) = 131840 {TCP:5, IPv4:11}
429 11:24:25 27-12-2014 6.4450070 mstsc.exe 192.168.1.10 192.168.2.4 TCP TCP:[ReTransmit #224]Flags=...AP..., SrcPort=50487, DstPort=MS WBT Server(3389), PayloadLen=19, Seq=4073688144 - 4073688163, Ack=3665192610, Win=515 (scale factor 0x8) = 131840 {TCP:5, IPv4:11}
520 11:24:27 27-12-2014 8.8541736 mstsc.exe 192.168.1.10 192.168.2.4 TCP TCP:[ReTransmit #224]Flags=...AP..., SrcPort=50487, DstPort=MS WBT Server(3389), PayloadLen=19, Seq=4073688144 - 4073688163, Ack=3665192610, Win=515 (scale factor 0x8) = 131840 {TCP:5, IPv4:11}
587 11:24:29 27-12-2014 10.9267084 mstsc.exe 192.168.2.4 192.168.1.10 TCP TCP:Flags=...A..S., SrcPort=MS WBT Server(3389), DstPort=50487, PayloadLen=0, Seq=3665192609, Ack=4073688144, Win=64000 ( Scale factor not supported ) = 64000 {TCP:5, IPv4:11}
Frame: Number = 587, Captured Frame Length = 62, MediaType = ETHERNET
+ Ethernet: Etype = Internet IP (IPv4),DestinationAddress:[MAC Address],SourceAddress:[B8-27-EB-8C-CA-84]
+ Ipv4: Src = 192.168.2.4, Dest = 192.168.1.10, Next Protocol = TCP, Packet ID = 17414, Total IP Length = 48
- Tcp: Flags=...A..S., SrcPort=MS WBT Server(3389), DstPort=50487, PayloadLen=0, Seq=3665192609, Ack=4073688144, Win=64000 ( Scale factor not supported ) = 64000
SrcPort: MS WBT Server(3389)
DstPort: 50487
SequenceNumber: 3665192609 (0xDA7666A1)
AcknowledgementNumber: 4073688144 (0xF2CF8C50)
+ DataOffset: 112 (0x70)
+ Flags: ...A..S.
Window: 64000 ( Scale factor not supported ) = 64000
Checksum: 0x57F9, Good
UrgentPointer: 0 (0x0)
+ TCPOptions:
588 11:24:29 27-12-2014 10.9267808 mstsc.exe 192.168.1.10 192.168.2.4 TCP TCP:[Dup Ack #371]Flags=...A...., SrcPort=50487, DstPort=MS WBT Server(3389), PayloadLen=0, Seq=4073688163, Ack=3665192610, Win=515 (scale factor 0x8) = 131840 {TCP:5, IPv4:11}
698 11:24:32 27-12-2014 13.6755119 mstsc.exe 192.168.1.10 192.168.2.4 TCP TCP:[ReTransmit #224]Flags=...AP..., SrcPort=50487, DstPort=MS WBT Server(3389), PayloadLen=19, Seq=4073688144 - 4073688163, Ack=3665192610, Win=515 (scale factor 0x8) = 131840 {TCP:5, IPv4:11}
Frame: Number = 698, Captured Frame Length = 73, MediaType = ETHERNET
+ Ethernet: Etype = Internet IP (IPv4),DestinationAddress:[MAC Address],SourceAddress:[MAC Address]
+ Ipv4: Src = 192.168.1.10, Dest = 192.168.2.4, Next Protocol = TCP, Packet ID = 17408, Total IP Length = 59
- Tcp: [ReTransmit #224]Flags=...AP..., SrcPort=50487, DstPort=MS WBT Server(3389), PayloadLen=19, Seq=4073688144 - 4073688163, Ack=3665192610, Win=515 (scale factor 0x8) = 131840
SrcPort: 50487
DstPort: MS WBT Server(3389)
SequenceNumber: 4073688144 (0xF2CF8C50)
AcknowledgementNumber: 3665192610 (0xDA7666A2)
+ DataOffset: 80 (0x50)
+ Flags: ...AP...
Window: 515 (scale factor 0x8) = 131840
Checksum: 0x9EBF, Disregarded
UrgentPointer: 0 (0x0)
RetransmitPayload: Binary Large Object (19 Bytes)
722 11:24:32 27-12-2014 14.3901288 mstsc.exe 192.168.1.10 192.168.2.4 TCP TCP:Flags=C..A.R.., SrcPort=50487, DstPort=MS WBT Server(3389), PayloadLen=0, Seq=4073688163, Ack=3665192610, Win=0 (scale factor 0x8) = 0 {TCP:5, IPv4:11}
Similar Messages
-
DDTS-100 Issue - PC Switchbox Works but Stereo Input to Decoder does not
I recently sold a DDTS-100 to someone on eBay. It was working fine for me when I shipped it. I had an XBOX, PS2, PC, and TV Tuner connected to a Creative Inspire P5800 5.1. The new owner states that the PC works fine with the switchbox, but when switched to "decoder" he gets no audio from stereo inputs from his XBOX. Anyone have recommendations or link to a site, forum post, or other, for him as far as root causing the issue?
Yes, I read it here: http://www.ausmedia.com.au/Creative%20DDTS-00.htm
I was thinking, the only way I can think of doing this, and I'm not definately sure you could either, is to connect a 7.1 sound card to the switchbox of the DDTS-100 decoder with a 7.1 audio cable (lime green, black, orange and grey), with only the standard 5.1 connects (lime green, black and orange) going to the switchbox, and the grey/side speaker connect going into a pair of active speakers or a hi-fi. As I say, I'm not sure - but maybe this is something along the lines of what they meant? Other than that, maybe the reviewer was high at the time! :manvery-happy: -
That is the details. When I click on "new tab" it will not open a new tab in the current window. When I click on something that will open a new tab it works that way. I can open new windows, that is not problem This only happened the last week or so.
This issue can be caused by the Ask<i></i>.com toolbar (Tools > Add-ons > Extensions)
Your system details show that toolbar in the user agent as AskTbEPC/3.13.1.18107
*https://support.mozilla.com/kb/Troubleshooting+extensions+and+themes -
I have I.O.S. 6.0.1 and i live in Georgia, Tbilisi. I have got the problem with maps. It does not get directions. Per exemple it was working in italy but in my cuntry it does not work. Could u explain me what can i do to make my maps work in Georgia?
Thank uClear the cache and the cookies from sites that cause problems.
"Clear the Cache":
*Tools > Options > Advanced > Network > Offline Storage (Cache): "Clear Now"
"Remove Cookies" from sites causing problems:
*Tools > Options > Privacy > Cookies: "Show Cookies" -
I have 2 email accounts which both worked perfectly well on my ipone 4 but since going over to iphone 5 my msn account will not allow me to reply to any emails. It places a message on my screen stating a copy has been placed in your Outbox. The recipient @.com was rejected by the server because it does not allow relaying. Any ideas on how I can sort this. Would it be worth deleting my MSN account ant putting re-inputting the details again?
Your email provider has blocked the standard mail port 25 for sending emails and is requiring a different port. This is to avoid mail relays that use mail clients to send spam. You need to find the port that is used by your provider for sending outgoing mail. Then change the settings in your email account on your phone to match the port. You will also have to provide some security credentials for the account.
You can also try deleting the email account from your iphone, and the adding the email account back as this will many times set the correct port for sending emails.
You could also do a Google search on the the settings for your device with your email provider. That will provide you with the proper settings. -
I am a windows user that has converted to Mac and loving it but when I updated to Lion my wireless internet dongle would not work anymore and the Macbook Pro does not recognise the device at all so I am unable to reinstall it again. Any ideas would be greatly appreciated.
Go to Finder > Preferences then select the General tab
Make sure External disks is selected. -
I had an iphone 4s and it worked nice with facetime and imessage using my phone number but it was stolen on December so I buy a new iphone 4s using the same cellphone number but now imessage and facetime does not work with my number, it only works with my apple ID. Please Help me I speak Spanish so if my English is not ok I´m sorry about it.
Do you think that apple has to reset in their database of the old serial number attached with my phone number and that’s why I can´t activate imessage and facetime with my number in the new iphone 4s??I understand all of this Meg; that is why I bought an Iphone; but never expected my phone not even give a at least a 24 or even 12 hours....I work 12 hour shifts and also would expect to have to charge each night but not twice a day or more. I am not always somewhere I can charge my phone.
Your points are true; however it doesn't help me...... -
After updating OS X 10.8.5, bluetooth is not available in the menu bar.
The Magic Mouse is recognized and working but the bluetooth mouse functions do not work.
I have downloaded and installed 10.8.5 combo but it does not help.
Menu bar - System Preferences/ there is no bluetooth item
I restarted with cmd + alt + P + R it doesn't help.Did you try the suggestions from your other post on this?
-
My laptop with macbook pro with maverick was working fine with a dongle AVERTV VOLARGO to capture tv programmes but now with yosmite it does not recognise what options have
I also understand that there is particular software 'TRIM' a software introduced by CINDORI SOFTWARE which will disable KEXT SIGNING a security application of YOSEMITE ,Is it the only option or there are any better options for this
-
I have reinstalled both updates as advised above but mail v4.6 still does not work and mail v4.5 continues to have the same error message?
Maybe some help here.
http://support.apple.com/kb/TS4424 -
I use iPhone, iPad and MacPro, all works fine but the newly purchased iMac does not receive emails on time - always later than other devices. Why and how to fix?
Go to Mail Preferences
Click on the General tab
Set "Check for New Messages:" to "Every Minute"
Hope this helps -
I had this app on my IPhone 4S and never had a problem. Now on my IPhone 5 it only works sporadicly. If I do a hard reboot it will access the Apple tv but on most occacciosn it does not connect. Any one else?
Do you mean the Remote app?
This app requires both devices be connected to the same Wi-Fi network, are they? -
HT4946 I backed up and encrypted with password but on restore the password does not work. Advice
I backed up and encrypted with password but on restore the password does not work. Advice
After a HD failure on my 2009 iMac,, fittgyed new oner, installedf os (tiger), from original disk, restored all documents etc. changed password with disk utility. over 48 hrs re3setting permissions so switched off. all seemed ok. downloaded combined os updates. Now my password does not work. tried rersetting, no go. Terminal does not have rest password on.
Any suggestions please -
Work order to cost center settlement does not post to GL module (FI)
Dear Expert,
I find the Maintenance Work order to cost center settlement does not post to GL module (FI)?Also, the settlement cost element is primary element define in GL chart of account.
When an maintenance order is settled with KO88 or KO8G the work order value posted cost center and the value is display in cost center report but not post to GL module in FI.As I notice only good issue or receive to/from work order is posted in GL but not the settlement of work order.Why?
Between, Kindly advise what are the report or T-code to view the maintenance order is done the settlement and what are the value is settle for maintenance work order?
Kindly advice under what circumstance when maintenance work order to cost center settlement is posted to GL(FI module)?
Please advice.
Thank you.
KHHi Kiran,
The error message clearly says that "Cost Center validity starts from 01.10.2014" i.e. in the future period.
Change the cost center from period in the past date and try.
BR, Srinivas Salpala -
Can't send mail, get message: the smtp server rejected the password. I tried lock and unlock keychain. I tried unlock captcha. Gmail works okay, it is Mail that does not. Help!!
Hi
You need to check with your ISP whether or not the send mail server (SMTP) requires a password. Some do, but many do not. When you know the correct password to send mail, then you need to tell Mail as follows:
Mail menu > Preferences > Accounts > Select the account
Click on the Outgoing Mail Server (SMTP) combo box, and select Edit SMTP Server List...
In the Account Information tab put the server name
In the Advanced Tab, set up the authentication information from your ISP.
Good luck
Bob
Maybe you are looking for
-
Hi, I have exported and imported two schemas to a different server. Now when a user fires a select query it takes more time than before. When I saw the execution plan for some of 'select' queries,I found that the queries are using wrong index.This is
-
Why can't I open some pictures sent to my emai?
-
Color Changes when saving psd to jpg
Some of my psd when saved to jpg take on a distinctly bluish cast. Has anyone seen this? What is the cause? How can it be defeated?
-
Please correct me if Im wrong : Isnt Ipods supposed to be portable devices? Doesnt that include taking advantage of the Ipod probably everywhere? Why Apple reduced the original 4th gens volume? To fit into pockets they said. Well all of these ar
-
Purchase Macbook vs Macbook Air?
I need to purchase a laptop and would like your opinion on a Macbook versus a Macbook Air. If Macbook which size , 13" or 15 "? If you recommend a Macbook Air - which size do you prefer 11" or 13"? Thanks for any advice and recommendations