Rras vpn server and vyos

hyper-v

#1

Hi, We set up a rras server using windows server 2012, right now, it connects successfully to LAN, domain, and sub-domains connected to the main network, however, when we try to connect via the internet, it can’t reach the rras server. on our vyos we allow 1723, 1701, 500, 4500, gre, esp and nat it. On our rras ipv4 nat it is showing mappings but won’t connect. TIA

eth1 -> interface to internet
eth0 -> to our private network

Our configuration(firewall, interface and nat):

firewall {
        name WAN_IN {
        }
        rule 10 {
            action accept
            destination {
                port 1723
            }
            protocol tcp_udp
            state {
                established enable
                new enable
                related enable
            }
        }
        rule 11 {
            action accept
            protocol gre
            state {
                established enable
                new enable
                related enable
            }
        }
        rule 12 {
            action accept
            destination {
                port 1701
            }
            protocol tcp_udp
            state {
                established enable
                new enable
                related enable
            }
        }
        rule 13 {
            action accept
            destination {
                port 4500
            }
            protocol tcp_udp
            state {
                established enable
                new enable
                related enable
            rule 12 {
            action accept
            destination {
                port 500
            }
            protocol tcp_udp
            state {
                established enable
                new enable
                related enable
           
            rule 14 {
            action accept
            destination {
                port esp
            }
            protocol tcp_udp
            state {
                established enable
                new enable
                related enable
            }
        }
interfaces {
    ethernet eth0 {
        address 10.0.0.x/24
        duplex auto
        smp_affinity auto
        speed auto
    }
    ethernet eth1 {
        address <our_public_ip_address>
        address <our_public_ip_address>
        duplex auto
        firewall {
            in {
                name WAN_IN
            }
            local {
                name WAN_LOCAL
            }
        }


nat {
    destination {
        rule 3 {
            destination {
                address <pub_ip>
                port 500
            }
            inbound-interface eth1
            protocol tcp_udp
            translation {
                address 10.0.2.x
                port 500
            }
        }
        rule 4 {
            destination {
                address <pub_ip>
                port 4500
            }
            inbound-interface eth1
            protocol tcp_udp
            translation {
                address 10.0.2.x
                port 4500
            }
        }
        rule 5 {
            destination {
                address <pub_ip>
            }
            inbound-interface eth1
            protocol esp
            translation {
                address 10.0.2.x
            }
        }
        rule 6 {
            destination {
                address <pub_ip>
                port 1723
            }
            inbound-interface eth1
            protocol tcp_udp
            translation {
                address 10.0.2.x
                port 1723
            }
        }
        rule 7 {
            destination {
                address <pub_ip>
            }
            inbound-interface eth1
            protocol gre
            translation {
                address 10.0.2.x
            }
        }
        rule 8 {
            destination {
                address <public_ip>
                port 1701
            }
            inbound-interface eth1
            protocol tcp_udp
            translation {
                address 10.0.2.x
                port 1701
            }
        }

    source {
        rule 10 {
            outbound-interface eth1
            source {
                address 10.0.2.x/26
            }
            translation {
                address <pub_ip>
            }
        }

#2

Hi
is it virtual or hardware?


#3

Hey Syncer,

It’s running on a virtual machine (Hyper-V)


#4

Can you do tcpdump while you try to connect to RRAS server
wondering if there is no other FW in place (can you do rdp port forward and see if that works?)