Results 1 to 13 of 13

Thread: VPN over port other than 1723

  1. #1
    =?iso-8859-1?q?Tom=E1s_=D3_h=C9ilidhe?=
    Guest

    VPN over port other than 1723


    I'm working on a network at the moment where there's a firewall in
    place that blocks outgoing TCP segments unless their destination port is
    80 or 443 (the ports assigned to HTTP and HTTPS).

    I want to access a VPN, and, so, obviously I'll have to access it
    over port 80 or 443 somehow.

    The VPN I'm trying to access is a private network where all the
    machines have private addresses (e.g. 10.*), but the router that they're
    behind performs NAT in order to enable the machines to access the
    internet via TCP and UDP.

    The router's NAT has an option whereby it can accept a TCP segment on
    the WAN on TCP port 80, and forward it to TCP port 1723 on the LAN,
    meaning I don't need a special VPN daemon that can listen on ports other
    than 1723. Hurray for that.

    I'm running Windows XP on the VPN server, and also on the client that
    wants to connect. The problem, however, is that the built-in Windows XP
    VPN _client_ application won't let met specify a different port.

    The list of possible solutions, I think, are:

    1) Find the .exe/.dll for the Windows VPN client, go thru it with a
    HexEditor and replace 1723 with 443. So does anyone know what file this
    is. . ?

    2) Use a different VPN client application (possibly in conjunction with
    a different VPN daemon application). Can anyone suggest a good one?

    Or if there's any other ideas, please throw them out there!

    --
    Tomás Ó hÉilidhe

  2. #2
    Howard Johnson
    Guest

    Re: VPN over port other than 1723

    In article <Xns9A3EC04D1C356toelavabitcom@194.125.133.14>,
    Tomás Ó hÉilidhe <toe@lavabit.com> wrote:
    >
    > I'm working on a network at the moment where there's a firewall in
    >place that blocks outgoing TCP segments unless their destination port is
    >80 or 443 (the ports assigned to HTTP and HTTPS).
    >
    > I want to access a VPN, and, so, obviously I'll have to access it
    >over port 80 or 443 somehow.


    > The list of possible solutions, I think, are:
    >
    >1) Find the .exe/.dll for the Windows VPN client, go thru it with a
    >HexEditor and replace 1723 with 443. So does anyone know what file this
    >is. . ?


    That won't work even if you do what you describe. The Microsoft VPN
    client uses port 1723 for the control channel only; a different IP
    protocol (not TCP and not UDP) is used for the data channel.

    >2) Use a different VPN client application (possibly in conjunction with
    >a different VPN daemon application). Can anyone suggest a good one?


    See http://openvpn.net for free VPN software that does this. Look for
    proto tcp-client and proto tcp-server configuration parameters to do
    what you want. Port 443 has the best chance of working. The default
    proto udp works better when it can be used, but it probably won't work
    in your situation.

    You will also want to confirm that the people running the local LAN permit
    the use of VPN clients on their network.

  3. #3
    =?iso-8859-1?q?Tom=E1s_=D3_h=C9ilidhe?=
    Guest

    Re: VPN over port other than 1723

    Howard Johnson:


    > That won't work even if you do what you describe. The Microsoft VPN
    > client uses port 1723 for the control channel only; a different IP
    > protocol (not TCP and not UDP) is used for the data channel.



    Are you certain that we need to accomodate a different Transport
    Layer protocol? I set up a VPN daemon on my machine at home which has a
    private IP address (e.g. 10.*). I then went into my router settings at
    home and configured NAT to forward TCP segments whose destination port
    is 1723 from the WAN to my home machine which is running the VPN daemon.

    I then went to a friend's house and tried to connect to my VPN at
    home and it worked perfectly. Seeing as how my router's NAT only
    forwards TCP and UDP, how could it be that we need to accomodate a
    different Layer 4 protocol (keeping in mind that I've already gotten it
    to work perfectly)?


    > See http://openvpn.net for free VPN software that does this. Look for
    > proto tcp-client and proto tcp-server configuration parameters to do
    > what you want. Port 443 has the best chance of working. The default
    > proto udp works better when it can be used, but it probably won't work
    > in your situation.



    But isn't UDP designed for stuff like streaming audio where it's best to
    ignore dropped packets and move on? Since TCP is designed for reliable
    transmission, would it not be better to use TCP rather than UDP?

    Thanks for the reply, I'm going to give openvpn.net a shot.

    --
    Tomás Ó hÉilidhe

  4. #4
    =?iso-8859-1?q?Tom=E1s_=D3_h=C9ilidhe?=
    Guest

    Re: VPN over port other than 1723



    Just to give an update, I got everything working perfectly by using
    OpenVPN. I have a "tap" interface (as opposed to "tun") which encapsulates
    Ethernet rather than just encapsulating IP. The result is that it's as if
    I've got a cable running back to my house and into my network switch; I
    even get my IP address from my broadband router's DHCP server!

    If anyone's curious as to how I got it going then just give me a shout
    and I'll send you my OpenVPN config files.

    --
    Tomás Ó hÉilidhe

  5. #5
    Howard Johnson
    Guest

    Re: VPN over port other than 1723

    In article <Xns9A3F8B7A5DA7Atoelavabitcom@194.125.133.14>,
    Tomás Ó hÉilidhe <toe@lavabit.com> wrote:
    >Howard Johnson:
    >
    >
    >> That won't work even if you do what you describe. The Microsoft VPN
    >> client uses port 1723 for the control channel only; a different IP
    >> protocol (not TCP and not UDP) is used for the data channel.

    >
    >
    > Are you certain that we need to accomodate a different Transport
    >Layer protocol? I set up a VPN daemon on my machine at home which has a
    >private IP address (e.g. 10.*). I then went into my router settings at
    >home and configured NAT to forward TCP segments whose destination port
    >is 1723 from the WAN to my home machine which is running the VPN daemon.
    >
    > I then went to a friend's house and tried to connect to my VPN at
    >home and it worked perfectly. Seeing as how my router's NAT only
    >forwards TCP and UDP, how could it be that we need to accomodate a
    >different Layer 4 protocol (keeping in mind that I've already gotten it
    >to work perfectly)?


    I know that's the case with PPTP, but L2TP may be able to use TCP or UDP.
    Also, some routers "know" how to handle these protocols. I don't trust
    things to "just work"; I have to read the details carefully.

    >> See http://openvpn.net for free VPN software that does this. Look for
    >> proto tcp-client and proto tcp-server configuration parameters to do
    >> what you want. Port 443 has the best chance of working. The default
    >> proto udp works better when it can be used, but it probably won't work
    >> in your situation.

    >
    >
    >But isn't UDP designed for stuff like streaming audio where it's best to
    >ignore dropped packets and move on? Since TCP is designed for reliable
    >transmission, would it not be better to use TCP rather than UDP?


    Yes, but you typically run TCP over that UDP channel. You can run TCP
    over TCP, but the overhead can cause problems on lossy connections.

    >Thanks for the reply, I'm going to give openvpn.net a shot.


  6. #6
    Intuitive
    Guest

    Re: VPN over port other than 1723


    Even if you change the port number; you will still need to have GRE
    running over the border router.

    Without it, PPTP won't work :-)


    Tomás Ó hÉilidhe wrote:
    > I'm working on a network at the moment where there's a firewall in
    > place that blocks outgoing TCP segments unless their destination port is
    > 80 or 443 (the ports assigned to HTTP and HTTPS).
    >
    > I want to access a VPN, and, so, obviously I'll have to access it
    > over port 80 or 443 somehow.
    >
    > The VPN I'm trying to access is a private network where all the
    > machines have private addresses (e.g. 10.*), but the router that they're
    > behind performs NAT in order to enable the machines to access the
    > internet via TCP and UDP.
    >
    > The router's NAT has an option whereby it can accept a TCP segment on
    > the WAN on TCP port 80, and forward it to TCP port 1723 on the LAN,
    > meaning I don't need a special VPN daemon that can listen on ports other
    > than 1723. Hurray for that.
    >
    > I'm running Windows XP on the VPN server, and also on the client that
    > wants to connect. The problem, however, is that the built-in Windows XP
    > VPN _client_ application won't let met specify a different port.
    >
    > The list of possible solutions, I think, are:
    >
    > 1) Find the .exe/.dll for the Windows VPN client, go thru it with a
    > HexEditor and replace 1723 with 443. So does anyone know what file this
    > is. . ?
    >
    > 2) Use a different VPN client application (possibly in conjunction with
    > a different VPN daemon application). Can anyone suggest a good one?
    >
    > Or if there's any other ideas, please throw them out there!
    >


  7. #7
    .
    Guest

    Re: VPN over port other than 1723

    On 18 Feb, 10:47, Intuitive <jason_tom...@hotmail.com> wrote:
    > Even if you change the port number; you will still need to have GRE
    > running over the border router.
    >
    > Without it, PPTP won't work :-)
    >
    > Tomás Ó hÉilidhe wrote:
    > > I'm working on a network at the moment where there's a firewall in
    > > place that blocks outgoing TCP segments unless their destination port is
    > > 80 or 443 (the ports assigned to HTTP and HTTPS).

    >
    > > I want to access a VPN, and, so, obviously I'll have to access it
    > > over port 80 or 443 somehow.

    >
    > > The VPN I'm trying to access is a private network where all the
    > > machines have private addresses (e.g. 10.*), but the router that they're
    > > behind performs NAT in order to enable the machines to access the
    > > internet via TCP and UDP.

    >
    > > The router's NAT has an option whereby it can accept a TCP segment on
    > > the WAN on TCP port 80, and forward it to TCP port 1723 on the LAN,
    > > meaning I don't need a special VPN daemon that can listen on ports other
    > > than 1723. Hurray for that.

    >
    > > I'm running Windows XP on the VPN server, and also on the client that
    > > wants to connect. The problem, however, is that the built-in Windows XP
    > > VPN _client_ application won't let met specify a different port.

    >
    > > The list of possible solutions, I think, are:

    >
    > > 1) Find the .exe/.dll for the Windows VPN client, go thru it with a
    > > HexEditor and replace 1723 with 443. So does anyone know what file this
    > > is. . ?

    >
    > > 2) Use a different VPN client application (possibly in conjunction with
    > > a different VPN daemon application). Can anyone suggest a good one?

    >
    > > Or if there's any other ideas, please throw them out there!

    http://secure-vpn.com/
    this site offer l2tp pptp and openvpn accounts over 3 server CA-DE-
    USA!!

  8. #8

    openvpn config

    ok i cant seem to figure any of this out and i have read the stuff is there a video somewhere or a config file i can be sent because this is all very confusing im trying to integrate a open source vpn software into my software and i belive this is it however i cant figure it out
    thank you

  9. #9
    Quote Originally Posted by =?iso-8859-1?q?Tom=E1s_=D3_h=C9ilidhe?= View Post
    Just to give an update, I got everything working perfectly by using
    OpenVPN. I have a "tap" interface (as opposed to "tun") which encapsulates
    Ethernet rather than just encapsulating IP. The result is that it's as if
    I've got a cable running back to my house and into my network switch; I
    even get my IP address from my broadband router's DHCP server!

    If anyone's curious as to how I got it going then just give me a shout
    and I'll send you my OpenVPN config files.

    --
    Tomás Ó hÉilidhe
    Hi Tomás,

    I am in the same situation as you where. Please send me your config files to help me out easily.

    Thanks
    /Sixpackbud

  10. #10
    Junior Member
    Join Date
    Aug 2009
    Posts
    1

    The config files

    Hi. I've been playing around some with this, and would appreciate the config files.

  11. #11
    Junior Member
    Join Date
    Aug 2011
    Location
    Dusseldorf, Germany
    Posts
    1

    OpenVPN config files

    I've got a home network which I want to access on a different port, so where can I grab your config files?
    Many thanks

    Gustav
    ----

    Quote Originally Posted by =?iso-8859-1?q?Tom=E1s_=D3_h=C9ilidhe?= View Post
    Just to give an update, I got everything working perfectly by using
    OpenVPN. I have a "tap" interface (as opposed to "tun") which encapsulates
    Ethernet rather than just encapsulating IP. The result is that it's as if
    I've got a cable running back to my house and into my network switch; I
    even get my IP address from my broadband router's DHCP server!

    If anyone's curious as to how I got it going then just give me a shout
    and I'll send you my OpenVPN config files.

    --
    Tomás Ó hÉilidhe

  12. #12
    could i please have the the openVPN config files - and if i can how do i get them.

  13. #13
    Junior Member
    Join Date
    May 2013
    Posts
    1
    Quote Originally Posted by =?iso-8859-1?q?Tom=E1s_=D3_h=C9ilidhe?= View Post
    Just to give an update, I got everything working perfectly by using
    OpenVPN. I have a "tap" interface (as opposed to "tun") which encapsulates
    Ethernet rather than just encapsulating IP. The result is that it's as if
    I've got a cable running back to my house and into my network switch; I
    even get my IP address from my broadband router's DHCP server!

    If anyone's curious as to how I got it going then just give me a shout
    and I'll send you my OpenVPN config files.

    --
    Tomás Ó hÉilidhe

    Could you send me the config files too? I am trying to connect to a server from my other site but I want to use 443 on the remote end to connect to my server. do i need to give u my email add?

Similar Threads

  1. what the heck is all this on my logs?
    By Faction in forum Wireless Networks & Routers
    Replies: 13
    Last Post: 08-11-08, 08:03 PM
  2. Remote Desktop Access
    By Excelsius in forum Networking Forum
    Replies: 6
    Last Post: 10-04-06, 08:35 PM
  3. VPN Port problem
    By AimeeLou1984 in forum Networking Forum
    Replies: 1
    Last Post: 08-21-06, 01:09 PM
  4. A routing query
    By dileepviswa in forum Wireless Networks & Routers
    Replies: 1
    Last Post: 02-22-06, 11:26 PM
  5. can't close port 1723! trojan?
    By haller in forum Network Security
    Replies: 0
    Last Post: 01-04-06, 02:35 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •