Re: security question regarding opening up ports



"Sooner Al [MVP]" wrote:

Repost...

Yes, the XP PPTP VPN server function will only allow one incoming connection
at a time. I misread your post and thought you could not connect to more
than one PC through the VPN tunnel with RDC. The bottom line is you need
more than one simultaneous incoming VPN connection and be able to access any
of your workstations with RDC through the tunnel. I understand now.

thanks for clarifying... I wasn't sure if I explained it well enough.


SSH would get around that limitation since you are not in a position to
upgrade to a server class OS or additional hardware. Be aware that if your
behind a supported router then reflashing with third-party firmware like
DD-WRT would give you a PPTP server function on the router. DD-WRT also
includes a SSH server function. Just another option for little to no cost.

http://www.dd-wrt.com/wiki/index.php/Main_Page


unfortunately, our router (D-Link DIR-655) is not supported - my luck :(

so it looks like setting up ssh vpn tunnel is the way to go. I am familiar
with putty and I suppose it is similar to tunnelier? I just checked putty
and it
does seem to have support for tunnels and port forwarding.
Would an instance of putty run on a dedicated machine then as a 'server', or
is this all initiated and configured on the client?


--

Al Jarvi (MS-MVP Windows – Desktop User Experience)

Please post *ALL* questions and replies to the news group for the
mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no
rights...
How to ask a question
http://support.microsoft.com/KB/555375

"Schnitzel" <Schnitzel@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:A6C1ED01-8191-4B9C-B988-68471DF382F0@xxxxxxxxxxxxxxxx

thanks for your quick reply.

<snip>

You could also use high number ports versus 3389/3390/3391, ie. use
45671/45672/45673 for example. Sort of security through obscurity so to
speak. Not fool proof but it does cut down on port probes on TCP Port
3389
for example. In all cases use strong passwords.

good point.


What type of VPN did you setup? When connected with the VPN can you ping
the
RDC hosts? If you can't ping the RDC host through the VPN tunnel then you
will never connect using RDC. I ran RDC through a PPTP VPN, OpenVPN and
Secure Shell [SSH] tunnel in the past and had no problems connecting to
multiple PCs with RDC.

I used windows xp built in vpn client/server:

For server:
Add new connection
set up an advanced connection
accept incoming connections
etc.

For client:
Add new connection
Connect to the network at my workplace
Virtual private network connection
etc.

I then opened up port associated with pptp on my router. This
configuration
works fine, but only allows one connection from outside to a computer
behind
the router - Windows XP VPN limitation !?

Is this PPTP VPN?



If you can't get a VPN to work then look at SSH. An added advantage of
SSH
versus PPTP VPN is you can use a private/public key pair protected by a
strong password for authentication making it very safe and secure. Here
are
some links...

http://theillustratednetwork.mvps.org/Ssh/SecureShell.html

I like Tunnelier as the SSH client because you can set it up to
automatically connect to one RDC host PC when the SSH tunnel is
established.
Very convenient.

this looks promising and I will probably go this way unless I can get the
built-in vpn to work.


.

Relevant Pages

  • Re: vpn access
    ... PPTP VPN traffic, and the GRE protocol. ... >> connection issues and you may need to spend more time on troubleshooting. ... >> register the IP address of this PPP adapter in the DNS or the WINS ...
    (microsoft.public.windows.server.networking)
  • Re: Norton AntiVirus 2007s Internet Worm Protection Killing PPTP VPN
    ... installed and configured a PPTP VPN Server (XP's built-in VPN ... General Rule which allows for the VPN connection to connect ... for a proper configuration of a PPTP VPN pass-through rule, ...
    (microsoft.public.windowsxp.work_remotely)
  • Re: Simultaneos incoming VPN requests
    ... Is the DI-624 a VPN end-point router? ... acting as a PPTP VPN server then your out of luck. ... incoming PPTP VPN connection at a time. ...
    (microsoft.public.windowsxp.work_remotely)
  • VPN problems....
    ... I cannot establish a PPTP VPN from my PDA to my work environment. ... to successfully surf the Internet via GPRS on a "My ISP" connection. ... I choose to save my password in the "My Work" VPN connection settings, ...
    (microsoft.public.pocketpc.phone_edition)
  • RE: PPTP VPN connection problems
    ... Since you want to contact your local MS support for help, ... Additional, you can establish the VPN connection from internal client, that ... | A ping to the server would result in "Request timed out". ...
    (microsoft.public.windows.server.sbs)