Topic: VPN Access - Firewall Settings

[John Hobbs]

Have just installed e-smith 4.1.1 and set up a PPTP limit of 3 for testing purposes. Installed the VPN adapter and 128-bit encryption on my Windows 98 box and attempted to access the e-smith machine. The Windows error message indicated that there was no response from the target machine.

The Windows machine sits behind a firewall. I suspect it is prohibiting communication (it's locked down pretty tightly). When I asked my tech support person to grant me access through the firewall to the IP address of my e-smith server, he said he needed to specify the port in addition to the IP address.

Can anyone tell me what port e-smith uses for VPN communication?

Thanks.

John Hobbs

[Alejandro]

Hi John:
look what i Found!

.....If your network is protected behind a firewall or by a proxy server, an opening must be created to allow the VPN traffic flow. All VPN communication travels through port 1723. Typically, a proxy server and most firewalls disable this port. If you are using a proxy server, open the PPTP port by adding the predefined filter PPTP Receive to the list of open ports. This can be done via the Security button on the WinProxy properties page. If you are using a firewall, please consult your documentation for information on opening port 1723.....

I thik it is four you!!

 hope it helps
alejandro

[Charlie Brady]

Alejandro wrote:

> All VPN communication travels through port 1723.

That's not completely correct. PPTP connection control information occurs on TCP port 1723, but the VPN traffic is GRE packets, which is another protocol alongside UDP,TCP,ICMP etc.

Regards

Charlie

[Alejandro]

john:
Here is another info I found ...."When you place a VPN server behind your firewall, be sure to enable IP protocol 47 (Generic Routing Encapsulation—GRE) and TCP port 1723. The connection uses port 1723 for general housekeeping, such as PPTP tunnel creation, maintenance, and termination. Port 47 passes tunneled data between the client and the server (including the GRE protocol), and you also need TCP port 1723 [established] if you're supporting RAS server-to-server VPN connections.".....
this is the palace where I've been reading from:
http://www.win2000mag.com/Articles/Index.cfm?ArticleID=8290
 

hope it helps more.
Ale

[John Hobbs]

Thanks for your help. I'll let you know what success we have.

John