Results 1 to 10 of 10

Thread: VPN Trough Firewall

  1. #1
    Trumpet-Eared Gentoo Freak
    Join Date
    Jan 2003
    Posts
    992

    Question VPN Trough Firewall

    I set up a VPN with PPTP to a host-server.

    Is there a possibility to access this server not filtering on ip-adress, but filtering on incoming port on that host-server ?
    If yes, wich are most common ports used for VPN Tunneling ?

    Greetz,

    If this is possibel , i should set those ports inbound trusted, i think.
    I was forgotten to tell this ,

    Greetz,
    Come and check out our wargame-site @ http://www.rootcontest.org
    We chat @ irc.smdc-network.org #lobby

  2. #2
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207
    As far as I know, you can't filter it by port number because it doesn't use a protocol which supports port numbers. For the same reason, you can't host more than one VPN between the same two IP addresses.

    I *could* be wrong, but AFAIK, it uses an IP protocol which is neither TCP nor UDP (no idea what it is). I'm sure the protocol number can be looked up, and you can set up your firewall based on protocol number.

    Depending on how you have it configured, the firewall *may* let it in anyway (A common configuration is to block TCP and UDP, and ignore other protocols)

  3. #3
    Senior Member
    Join Date
    Nov 2001
    Posts
    742
    One simple test is to set up a small LAN with server and client and install personal firewalls on them, then try to initiate contact and see what ports/protocolls the personal firewall asks/warns you about.

    Cryptanalysis of Microsoft's Point-to-Point Tunneling Protocol (PPTP)
    Linux PPTP Masquerading Page

    ~micael

  4. #4
    Trumpet-Eared Gentoo Freak
    Join Date
    Jan 2003
    Posts
    992
    Hi,

    So MS´s PPTP is not so well encrypted as i thought it would be,
    and is there a great difference with L2TP then ?

    I´m searching a well security configured VPN-solution, and as I understand L2TP, according to thread http://www.antionline.com/showthread...readid=238681, id using specified ports I can use. ex. UDP-500

    Greetz,
    Come and check out our wargame-site @ http://www.rootcontest.org
    We chat @ irc.smdc-network.org #lobby

  5. #5
    Trumpet-Eared Gentoo Freak
    Join Date
    Jan 2003
    Posts
    992
    Hi,

    I found this one and as it helped and learned me a lot , i'd like to share you guys this one.
    It's created by someone on George Mason University , Fairfax.

    Hope you like it,

    http://ece.gmu.edu/courses/ECE543/reportsF01/arveal.pdf

    Greetz,
    Come and check out our wargame-site @ http://www.rootcontest.org
    We chat @ irc.smdc-network.org #lobby

  6. #6
    Antionline's Security Dude instronics's Avatar
    Join Date
    Dec 2002
    Posts
    901
    erm....i think im missing something here, what OS and what firewall are we talking about?

    Cause with iptables i can filter ports, destination aswell as source ports

    Ubuntu-: Means in African : "Im too dumb to use Slackware"

  7. #7
    Trumpet-Eared Gentoo Freak
    Join Date
    Jan 2003
    Posts
    992
    Instronics,

    The VPN is working fine, but I'm searchin' various ways to improve security, variable between
    ports, ip-adress, protocol ... who knows what... you perhaps.

    I'm working with a win 2k host and a win xp client both with NS2003 as firewall,

    Like to here your ideas,

    Greetz,
    Come and check out our wargame-site @ http://www.rootcontest.org
    We chat @ irc.smdc-network.org #lobby

  8. #8
    Antionline's Security Dude instronics's Avatar
    Join Date
    Dec 2002
    Posts
    901
    Oh, im sorry, unfortunately im no familiar with NS2003 at all. On win systems i think i recall the possibility to actually define ports (source and destination) with Tinys firewall. I couild be mistaken though. Im only familiar with linux firewalls, or firewall strategies. (iptables for example). Sorry i cant be of any help here, but im willing to learn and test all the things that this thread might come up with (xcept for NS2003 ) which i do not like for personal reasons)

    Ubuntu-: Means in African : "Im too dumb to use Slackware"

  9. #9
    Trumpet-Eared Gentoo Freak
    Join Date
    Jan 2003
    Posts
    992
    No prob instronics, if you're an linux expert, i will possibly come and search you soon because i'm going to set Red Hat on another computer to play with.

    Concernin' NS 2003 there is a way to define specific ports to a connection but it hasn't worked yet. I'll keep on searchin'. Thanks anyway,

    Greetz,
    Come and check out our wargame-site @ http://www.rootcontest.org
    We chat @ irc.smdc-network.org #lobby

  10. #10
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885
    I know that you can install FreeSwan on Linux thus you may be able to find a VPN solution that can support IPSec. I only know of a few VPNs that are actually good at passing this protocol and one that I like is made by V-One Corporation. www.v-one.com
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •