Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Site to Site TCP Port 135 just will not pass

    Scheduled Pinned Locked Moved OpenVPN
    10 Posts 3 Posters 3.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      fthomasr
      last edited by

      I have a site to site OpenVPN between two 2.3.2 pfSense units that has been in place for years. I noticed this week that a domain controller which had previously been connected for YEARS on the other side had not replicated since last November! I dug through MS kb's and troubleshot it down to one thing and one thing only. RPC TCP 135 is showing 'filtered' when using MS prtqry tool one way. As a matter of fact it can't connect to the other server I have at that site either (a non-dc). However BOTH of those servers DC and Non-DC show listening on Port 135 when using the tool pointed to one another on their network so that eliminates a software firewall as I know that DC is listening on 135! If you use prtqry on port 53 no issues across the VPN but port 135 is blocked somehow. OpenVPN rules on both sides are wide open:

      IPv4 * * * * * * none

      IPv4 * * * * * * none

      A packet capture set for 135 TCP on LAN on the source side shows the 135 packets going out. NOTHING on the packet capture on the receiving side. There was no need to run the packet capture the other way as it establishes a 135 connection that way.

      There is another router involved but it shouldn't be in the way. 1:1 NAT with a dedicated IP for the tunnel as seen here:
      (DC1) –--> pfSense Router 1[OpenVPN Tunnel] –-> Internet <-------pfSense Router 2[VIP IP Alias<>1:1 NAT] <–-- pfSense Router 3[OpenVPN Tunnel] <–--- (DC2)

      So going this way it's blocked ----------------------->>>>>>>>>>>>> Again only 135 blocked NOTHING else that I can find. IE DNS port 53 passes with no issue.
      (DC1) ----> pfSense Router 1[OpenVPN Tunnel] –-> Internet <-------pfSense Router 2[VIP IP Alias<>1:1 NAT] <–-- pfSense Router 3[OpenVPN Tunnel] <–--- (DC2)

      This way not blocked  <<<<<<<<<<<<<--------------------------
      (DC1) ----> pfSense Router 1[OpenVPN Tunnel] –-> Internet <-------pfSense Router 2[VIP IP Alias<>1:1 NAT] <–-- pfSense Router 3[OpenVPN Tunnel] <–--- (DC2)

      Again, behind router 3 a member server and DC2 establish connections 135 with no issue with each other.

      Nothing in the firewall logs either. Help.

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        A packet capture set for 135 TCP on WAN on the source side shows the 135 packets going out. NOTHING on the packet capture on the receiving side.

        A packet capture on WAN should not see any traffic that is supposed to be going across OpenVPN so there is something wrong there. A packet capture on OpenVPN should show that traffic. If it is on WAN then it is not being routed over OpenVPN.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • F
          fthomasr
          last edited by

          @Derelict:

          A packet capture on WAN should not see any traffic that is supposed to be going across OpenVPN so there is something wrong there. A packet capture on OpenVPN should show that traffic. If it is on WAN then it is not being routed over OpenVPN.

          Oops. I went back and looked and that capture was done on the LAN not the WAN.

          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by

            Capture on LAN tells you nothing. Capture on OpenVPN out and OpenVPN in.

            OpenVPN does. not. care. if the traffic is on port 135 unless you told it to care via your OpenVPN firewall rules..

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • F
              fthomasr
              last edited by

              @Derelict:

              Capture on LAN tells you nothing. Capture on OpenVPN out and OpenVPN in.

              OpenVPN does. not. care. if the traffic is on port 135 unless you told it to care via your OpenVPN firewall rules..

              Ok I did that just now.

              PCap in blocked direction show NOTHING on both routers when running test.

              PCap in other direction showed 135 traffic on both routers when re-running test.
              Router 1:
              20:45:22.634883 IP 10.1.2.26.50351 > 10.1.1.15.135: tcp 0
              20:45:22.635303 IP 10.1.1.15.135 > 10.1.2.26.50351: tcp 0
              20:45:22.650105 IP 10.1.2.26.50351 > 10.1.1.15.135: tcp 0
              20:45:22.651637 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 0
              20:45:22.652042 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 0
              20:45:22.666995 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 0
              20:45:22.668234 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 116
              20:45:22.668530 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 84
              20:45:22.684613 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
              20:45:22.685898 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 180
              20:45:22.703096 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
              20:45:22.703638 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 188
              20:45:22.720344 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
              20:45:22.720880 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 216
              20:45:22.738945 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
              20:45:22.739369 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 180
              20:45:22.759817 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
              20:45:22.760232 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 192
              20:45:22.780809 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
              20:45:22.781357 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 192
              20:45:22.803922 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
              20:45:22.804460 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 192
              20:45:22.827403 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
              20:45:22.827832 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 192
              20:45:22.853156 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
              20:45:22.853559 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 192
              20:45:22.880173 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
              20:45:22.880672 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 204
              20:45:22.908214 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
              20:45:22.908656 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 216
              20:45:22.925346 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
              20:45:22.925905 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 180
              20:45:22.941073 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
              20:45:22.941640 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 200
              20:45:22.956187 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
              20:45:22.956631 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 180
              20:45:22.973337 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
              20:45:22.973747 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 200
              20:45:22.989318 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
              20:45:22.989872 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 180
              20:45:23.008577 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
              20:45:23.009102 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 212
              20:45:23.027734 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
              20:45:23.028218 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 192
              20:45:23.049541 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
              20:45:23.050082 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 204
              20:45:23.071147 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
              20:45:23.071707 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 208
              20:45:23.094661 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
              20:45:23.095183 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 188
              20:45:23.119257 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
              20:45:23.119798 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 200
              20:45:23.145869 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
              20:45:23.146406 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 212
              20:45:23.171981 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
              20:45:23.172645 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 192
              20:45:23.198327 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
              20:45:23.198761 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 204
              20:45:23.216320 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
              20:45:23.216871 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 200
              20:45:23.229199 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
              20:45:23.229614 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 208
              20:45:23.243692 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
              20:45:23.244105 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 200
              20:45:23.260435 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
              20:45:23.260972 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 220
              20:45:23.276594 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
              20:45:23.277089 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 220
              20:45:23.295669 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
              20:45:23.296077 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 204
              20:45:23.315153 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
              20:45:23.315703 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 212
              20:45:23.336398 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
              20:45:23.336934 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 212
              20:45:23.358382 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
              20:45:23.358815 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 212
              20:45:23.382499 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
              20:45:23.383032 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 208
              20:45:23.406612 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
              20:45:23.407145 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 216
              20:45:23.431957 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
              20:45:23.432517 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 232
              20:45:23.456693 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
              20:45:23.457127 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 204
              20:45:23.473438 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
              20:45:23.473859 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 208
              20:45:23.487063 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
              20:45:23.487628 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 208
              20:45:23.500918 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
              20:45:23.501360 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 228
              20:45:23.517171 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
              20:45:23.517597 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 208
              20:45:23.533669 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
              20:45:23.534089 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 208
              20:45:23.553906 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
              20:45:23.554359 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 220
              20:45:23.574512 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
              20:45:23.574941 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 220
              20:45:23.595751 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
              20:45:23.596170 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 204

              Router 3:
              20:45:22.648116 IP 10.1.2.26.50351 > 10.1.1.15.135: tcp 0
              20:45:22.662873 IP 10.1.1.15.135 > 10.1.2.26.50351: tcp 0
              20:45:22.663219 IP 10.1.2.26.50351 > 10.1.1.15.135: tcp 0
              20:45:22.664820 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 0
              20:45:22.679816 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 0
              20:45:22.680079 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 0
              20:45:22.681184 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 116
              20:45:22.697396 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 84
              20:45:22.697711 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
              20:45:22.715807 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 180
              20:45:22.716175 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
              20:45:22.733090 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 188
              20:45:22.733463 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
              20:45:22.751632 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 216
              20:45:22.752006 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
              20:45:22.772536 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 180
              20:45:22.772885 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
              20:45:22.793394 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 192
              20:45:22.793827 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
              20:45:22.816707 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 192
              20:45:22.816986 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
              20:45:22.840022 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 192
              20:45:22.840334 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
              20:45:22.865701 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 192
              20:45:22.866197 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
              20:45:22.892838 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 192
              20:45:22.893189 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
              20:45:22.920833 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 204
              20:45:22.921212 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
              20:45:22.938097 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 216
              20:45:22.938411 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
              20:45:22.953918 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 180
              20:45:22.954239 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
              20:45:22.969016 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 200
              20:45:22.969329 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
              20:45:22.986070 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 180
              20:45:22.986415 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
              20:45:23.002056 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 200
              20:45:23.002361 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
              20:45:23.021421 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 180
              20:45:23.021712 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
              20:45:23.040270 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 212
              20:45:23.040594 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
              20:45:23.062274 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 192
              20:45:23.062628 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
              20:45:23.083863 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 204
              20:45:23.084274 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
              20:45:23.107445 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 208
              20:45:23.107763 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
              20:45:23.131858 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 188
              20:45:23.132283 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
              20:45:23.158534 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 200
              20:45:23.158887 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
              20:45:23.184671 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 212
              20:45:23.185014 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
              20:45:23.211079 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 192
              20:45:23.211412 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
              20:45:23.229134 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 204
              20:45:23.229461 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
              20:45:23.242054 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 200
              20:45:23.242315 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
              20:45:23.256463 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 208
              20:45:23.256782 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
              20:45:23.273161 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 200
              20:45:23.273467 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
              20:45:23.289151 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 220
              20:45:23.289559 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
              20:45:23.308470 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 220
              20:45:23.308748 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
              20:45:23.327880 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 204
              20:45:23.328150 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
              20:45:23.348956 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 212
              20:45:23.349295 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
              20:45:23.371039 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 212
              20:45:23.371407 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
              20:45:23.395193 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 212
              20:45:23.395518 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
              20:45:23.419304 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 208
              20:45:23.419630 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
              20:45:23.444791 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 216
              20:45:23.445097 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
              20:45:23.469429 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 232
              20:45:23.469741 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
              20:45:23.486092 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 204
              20:45:23.486457 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
              20:45:23.499915 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 208
              20:45:23.500181 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
              20:45:23.513659 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 208
              20:45:23.514014 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
              20:45:23.529971 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 228
              20:45:23.530247 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
              20:45:23.546344 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 208
              20:45:23.546702 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
              20:45:23.565608 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 208
              20:45:23.566855 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
              20:45:23.587190 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 220
              20:45:23.587522 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
              20:45:23.608492 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 220
              20:45:23.608850 IP 10.1.2.26.50352 > 10.1.1.15.135: tcp 100
              20:45:23.630265 IP 10.1.1.15.135 > 10.1.2.26.50352: tcp 204

              1 Reply Last reply Reply Quote 0
              • DerelictD
                Derelict LAYER 8 Netgate
                last edited by

                Looks like two-way traffic to me. I think you need to talk to someone more familiar with that traffic than I am.

                It doesn;t look like your problem is the VPN.

                Chattanooga, Tennessee, USA
                A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                1 Reply Last reply Reply Quote 0
                • johnpozJ
                  johnpoz LAYER 8 Global Moderator
                  last edited by

                  RPC traffic.. You do understand that with rpc you talk to the server originally via 135, just to figure out what other port to connect too.  135 is just the endpoint mapper

                  These will help you find your issue
                  https://technet.microsoft.com/en-us/library/cc738291(v=ws.10).aspx
                  How RPC Works

                  https://support.microsoft.com/en-us/kb/159298

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 24.11 | Lab VMs 2.8, 24.11

                  1 Reply Last reply Reply Quote 0
                  • F
                    fthomasr
                    last edited by

                    @johnpoz:

                    RPC traffic.. You do understand that with rpc you talk to the server originally via 135, just to figure out what other port to connect too.  135 is just the endpoint mapper

                    These will help you find your issue
                    https://technet.microsoft.com/en-us/library/cc738291(v=ws.10).aspx
                    How RPC Works

                    https://support.microsoft.com/en-us/kb/159298

                    I don't care how it works. If it does not make it across my servers will not REPLICATE. End of story. Done. Over.

                    For example:
                    Starting portqry.exe -n DC2 -e 135 -p TCP …

                    Querying target system called:

                    DC2

                    Attempting to resolve name to IP address...

                    Name resolved to 10.1.2.20

                    querying...

                    TCP port 135 (epmap service): FILTERED
                    portqry.exe -n appassure2 -e 135 -p TCP exits with return code 0x00000002.

                    OR:

                    Force replicate from DC1 to DC2 in sites and services:

                    1 Reply Last reply Reply Quote 0
                    • johnpozJ
                      johnpoz LAYER 8 Global Moderator
                      last edited by

                      "I don't care how it works"

                      Well how and the F do you expect to troubleshoot it then??  Clearly your seeing two traffic when talking to 135 in your sniffs.  Your seeing a connection and then an answer.

                      20:45:22.634883 IP 10.1.2.26.50351 > 10.1.1.15.135: tcp 0
                      20:45:22.635303 IP 10.1.1.15.135 > 10.1.2.26.50351: tcp 0

                      So your replication issue looks to me like you can not resolve fs01 which is what domain techlink.local

                      I would suggest you run dcdiag on your DC and validate your dns is all good.  your portquery isn't even going to fs01, etc.

                      An intelligent man is sometimes forced to be drunk to spend time with his fools
                      If you get confused: Listen to the Music Play
                      Please don't Chat/PM me for help, unless mod related
                      SG-4860 24.11 | Lab VMs 2.8, 24.11

                      1 Reply Last reply Reply Quote 0
                      • F
                        fthomasr
                        last edited by

                        @johnpoz:

                        "I don't care how it works"

                        Well how and the F do you expect to troubleshoot it then??  Clearly your seeing two traffic when talking to 135 in your sniffs.  Your seeing a connection and then an answer.

                        20:45:22.634883 IP 10.1.2.26.50351 > 10.1.1.15.135: tcp 0
                        20:45:22.635303 IP 10.1.1.15.135 > 10.1.2.26.50351: tcp 0

                        So your replication issue looks to me like you can not resolve fs01 which is what domain techlink.local

                        I would suggest you run dcdiag on your DC and validate your dns is all good.  your portquery isn't even going to fs01, etc.

                        Ok Johnpoz please move on to other threads. I have troubleshot it down to the issue. You are poking down other avenues that are unneeded. BTW, DUH. That prtqry was for the other server on the other side of the vpn.

                        Anyone else please help. Thanks.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.