Using VPN (PPTP) behind Windows XP Firewall
in [Firewalls]
|
Prev: port forwarding/ opening port
Next: blocking port 6346
From: google on 3 Nov 2005 07:17 Hi I'm trying to set up incoming VPN connections on an XP Pro Machine. I have it all working with the XP firewall disabled, but not with it enabled... I have opened port 1723/tcp but how do I open IP port 47 ie GRE protocal? Thanks for any help Dave
From: Volker Birk on 3 Nov 2005 10:41 google(a)dave-marks.co.uk wrote: > I have opened port 1723/tcp but how do I open IP port 47 ie GRE > protocal? This is not port 47, but protocol 47 of the transport layer. If you don't understand the difference, please don't offer services to the Internet at all, but first learn much more about networking in general and about the TCP/IP network protocol family. A good starting point would be "TCP/IP" from Craig Hunt, or at least: http://en.wikipedia.org/wiki/Internet_protocol_suite as well as reading RFC 791, 792, 1701, 1702 and 2784 on www.rfc-editor.org. Yours, VB. -- "Ich bin ein freier Mensch und werde jetzt von meinen Freiheitsrechten Gebrauch machen - und zwar ausgiebig - nat?rlich nur in dem Rahmen, den Otto Schily mir noch zur Verf?gung stellt." Wolfgang Clement am 10.10.05 als Noch-Superminister
From: Triffid on 3 Nov 2005 15:07 google(a)dave-marks.co.uk wrote: > Hi > > I'm trying to set up incoming VPN connections on an XP Pro Machine. > > I have it all working with the XP firewall disabled, but not with it > enabled... > > I have opened port 1723/tcp but how do I open IP port 47 ie GRE > protocal? > > Thanks for any help > > Dave > According to Microsoft you don't have to open IP protocol (not port) 47: "Any PPTP traffic that uses a GRE header to encapsulate Point-to-Point Protocol (PPP) frames will pass directly through Windows Firewall. Non-PPTP traffic that uses GRE is filtered by Windows Firewall." http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/TechRef/3ccb6af5-d960-4a8d-b12b-70692dc47bf4.mspx So either Microsoft is mistaken, or your traffic doesn't look like PPTP to Windows Firewall - or perhaps Windows Firewall behaves differently on Server 2003 vs. XP Pro, but if so I can't find the equivalent documentation for XP. Triffid
From: Triffid on 3 Nov 2005 19:34 Leythos wrote: > In article <g6uaf.7906$LF3.772616(a)news20.bellglobal.com>, > triffid(a)nebula.net says... > >>According to Microsoft you don't have to open IP protocol (not port) 47: >> >>"Any PPTP traffic that uses a GRE header to encapsulate Point-to-Point >>Protocol (PPP) frames will pass directly through Windows Firewall. >>Non-PPTP traffic that uses GRE is filtered by Windows Firewall." >> >>http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/TechRef/3ccb6af5-d960-4a8d-b12b-70692dc47bf4.mspx >> >>So either Microsoft is mistaken, or your traffic doesn't look like PPTP >>to Windows Firewall - or perhaps Windows Firewall behaves differently on >>Server 2003 vs. XP Pro, but if so I can't find the equivalent >>documentation for XP. > > > Many cheap NAT devices don't properly handle PPTP inbound, some don't > properly handle it outbound. > > If you want to PPTP inbound to a device behind a NAT appliance, there is > a workaround where you Forward PORT 47 inbound the the VPN device. Yea, > it isn't pretty, but that's how Linksys and others get around their > broken PPTP firmware. The OP says it works until he turns on Windows Firewall, so he suspects Windows Firewall is the problem (you snipped that part). Are you saying his PPTP traffic may have been mangled by a NAT appliance such that Windows Firewall doesn't recognise it as PPTP? Triffid
From: google on 6 Nov 2005 05:37
Thanks for your replies.... XP firewall must operate differently to 2k3 Server.... I actually have a VPN running on a 2K3 server machine without any problems - didn't even need to make any exceptions for the firewall.... I've actually read some MS documentation that actually states - to use the vpn of xp, you have to disable the firewall - how stupid is that!! So I think my plan now, is to experiment with third party firewalls - preferably free ones... Anyone got any experience on this front? Gonna try ZoneAlarm first..... Cheers |