Pfsense will not nat or open firewall port
-
I have setup a windows 2k8 vpn server and can successfully connect to it from within my network So i know the server settings are correct. The NAT and firewall rules I have screenshots attached. I try doing a port scan from a couple different websites and all of them come back saying port 1723 and 47 tcp are blocked…..what am I doing wrong?
-
Someone correct me if I'm wrong, but I think on your Port Forwarding rules, delete the Source Port (they're random ephemeral ports generated by the client). Destination Ports and NAT Ports are correctly specified as tcp/47 and tcp/1723.
Also, consider PPTP VPNs 100% compromised and 100% unsecure. Switch to an SSL/TLS OpenVPN setup or IPSEC setup.
-
Yeah correct those forwards would never work because of the source port being specific.
Also - GRE is not PORT 47, it is PROTOCOL 47 - completely different!!
http://en.wikipedia.org/wiki/List_of_IP_protocol_numbersCouple ways to think about it, a PORT like you listed is normally using either the tcp or udp protocols. While tcp is procotol 6 and udp is 17. A port tells you where, a protocol tells you how.
I have seen this example
ports = ears, mouth, eyeball, touch
protocols = English, Spanish, Sign Language, BraillePeople get confused because protocols that they are use to like http and https, ssh, ftp all have default/standard tcp or udp they talk on like 80, 443, 22, 21 control and source port of 20 for active data channel. But tcp and udp are just 2 of the protocols.. See the listing - there are lots of different protocols for talking over a network.
Also – I agree pptp is deprecated, I would look to current secure options for vpn. If you really wanted to use pptp, why not just let pfsense do it vs forwarding inbound to some other server?
-
well does anyone have instructions of how to go about setting up a L2TP/IPSEC vpn tunnel?
-
To what endpoint pfsense? Or through pfsense to something else. From what client?
https://doc.pfsense.org/index.php/VPN_Capability_IPsec
https://doc.pfsense.org/index.php/L2TP/IPsec_on_Android -
would like to try both but more so through pfsense to a windows 28k box