Open ports to VPN server



  • Hello..

    I have been trying to open ports on my pfsense box so that i can connect to my VPN server (Windows Server 2016 Essentials) when im not at home.
    I have opened the following ports from wan to my lokal server IP.
    500
    1701
    1723
    4500
    5500
    But for some reson can't i connect to the VPN.

    Is there a setting i am missing or something?


  • LAYER 8 Global Moderator

    And where did you get those ports from 1723 is PPTP.. You sure and the F shouldn't be running PPTP which has been DEAD for over 5 years.  And I find it highly likely that 2016 even supports it??  If it does that is yet another strike against MS for promoting or even allowing such a DEAD and not secure vpn option.

    What exact vpn solution are you running on your 2016 server?



  • As far as i know am i using the build in solution theres using PPTP and that have been working fine for me until now.

    When i had those ports open on my old router running DD-WRT and now i can't use my VPN.

    So i must have done something wrong in my config.



  • If you use PPTP, you need opened:

    tcp/1723
    GRE (proto 47)

    Most probably your previous router had "PPTP transparency" check box, hence no specific GRE rule was needed.

    OT: Unbelievable Microsoft still support PPTP in their VPN server implementations.



  • Thanks..

    I will try that on monday now that i have to reconfigure the ISP router first and don't have the time to it the rest of the week.

    But i will return on monday whit the result of the GRE port been open.


  • LAYER 8 Global Moderator

    Your still using PPTP??  Wow - dude its been dead for over 5 years!!  It is NOT secure by any means of the imagination..



  • It also just for my home private network I play around whit.

    And I have to start somewhere there's not to pricy and work it up all by myself.

    I don't care if it unsecured and dead.
    I don't know others there's working whit this stuff and do you seek help to learn on forums then you basically got told that google can tell you all you know..

    And just for the fun to all that I you an old dead protocol on my setup.
    There's no one there took the liber to ask me if I knew it was old and dead.
    And not even one of you came and told me about a better solution I could look at.

    But a hole 3 times out of the 3 times other have respondent to the post was it stated that's it's old.

    But hey. As long others can have fun of others instead of help them further in securing the network its all good.

    By the way opening port 1723 and 47 did not do the trick..


  • LAYER 8 Global Moderator

    Your 2k16 box can run more than just PPTP..

    Use L2TP/IPsec, or SSTP..

    If you used SSTP you only need port 443..

    Here is article from MS on what firewall ports need to be open/forwarded for pptp, l2tp/ipsec or sstp
    https://technet.microsoft.com/en-us/library/dd458955(v=ws.10).aspx

    Your running pfsense - why do you not just use it as your vpn into your network?? It can do ipsec, l2tp or openvpn vs trying to forward inbound to something behind, which if you want to access anything else in  your network your going to run into issue with asymmetrical routing and hairpins, etc. etc.



  • That's an answer I can work with.

    The reason for my configuration is what it is, is because I was searching for VPN on server 2012 R2 which was my old configuration and my old router was a home d-link with DD-WRT (wich is my AP now) could not work as a VPN server. So I hade to make it on my server box.

    So back to my search that time.. I ended up on YouTube whit a video on how to set it up on my server from start to end. And that was on PPTP.

    An every search I have done afterward have directed me to PPTP. And as a newbie in all this whit now knowledge to other to ask and getting turned away from forums is it hard to work with all this and be better and help others.

    But now I have some to read up on. Right now I can sort out SSTS because of I use port 443 as HTTPS for my web server.

    And I just discovered I did the port 47 wrong (new folks you know)


Log in to reply