VPN with ADSL

[lsaiher]

Hello everybody,
I am quite new to VPN and I'm a little bit confused.
I have a LAN which has access to Internet through a Nokia ADSL router.
I want to connect to this LAN from a computer which has a dial-ip
access to the Internet.

I think that if I use PPTP I have to configure NAPT and redirect
information sent to ports TCP 1723 and UDP 47 to the W2K server which
I'm going to use as a VPN Server.
Is this correct?

I've heard that using IPSEC is more secure but I don't know if I can
use it. I think that I need a router that can do "IPSEC passthrough",
but I'm not sure.

Any help would be appreciated,

Best Regards,

Luis

 

[Jetro]

This is not an UDP port 47 but an IP protocol 47.
ADSL is not good to provide the Internet services 'cause it's asymmetric.

If you have VPN connections using PPTP, you will need to allow TCP port 1723
and IP protocol port 47 to pass through your firewall. If you are using
L2TP/IPSec, you will need UDP port 500 and IP protocol port 50 to pass
through the firewall. If you are using AH/ESP in your IPSec policies, you
will also need IP protocol port 51 to pass.

SOHO router might have the settings for IPSec pass-through and PPTP
pass-through. Read the router manual.

 

[David Efflandt]

Hello everybody,
I am quite new to VPN and I'm a little bit confused.
I have a LAN which has access to Internet through a Nokia ADSL router.
I want to connect to this LAN from a computer which has a dial-ip
access to the Internet.

I think that if I use PPTP I have to configure NAPT and redirect
information sent to ports TCP 1723 and UDP 47 to the W2K server which
I'm going to use as a VPN Server.
Is this correct?

The TCP port 1723 is correct, but 47 is a "protocol", not a port (not the
same thing). So you would need something that could direct incoming
protocol 47 to the VPN server.

I've heard that using IPSEC is more secure but I don't know if I can
use it. I think that I need a router that can do "IPSEC passthrough",
but I'm not sure.

IPSEC uses "protocol" 50 (ESP) and UDP port 500 (IKE). Protocol 51 (AH)
is an alternate protocol, but it does not work through NAT (fails if
packets are altered). I have done IPSEC (freeswan) to and through Linux,
but through a broadband router (Linux was my router). I would think that
"IPSEC passthrough" is what it says.

Even an article on msdn.microsoft.com did not know the difference between
ports and protocols. Besides UDP port 500, it "incorrectly" said that
IPSEC used TCP ports 50 and 51, which my /etc/services says are
re-mail-ck (remote mail check) and la-maint (IMP logical address
maintenance). Neither TCP "port" has anything to do with IPSEC.