[windows2000] RES: Re: VPN and Firewall
- From: "Eduardo Freitas" <eduardofreitas@xxxxxxxxxxxx>
- To: <windows2000@xxxxxxxxxxxxx>
- Date: Mon, 4 Aug 2003 17:21:22 -0300
----------------------------------------- (Em mail.irisa.com.br)
---------------------------------------------------------
Hi Daniel.... I tried using rinetd to redirect the ports 1723 and 47
from the linux box to the win 2k server with ras working (I tested it).
It connects!? But then it says verifying login and password and it gets
stuck... Any clues? Even if I try to connect to port 47 on the server it
says connect failed... Here is the TCPDUMP.... Are you sure its port
47?????
Thanks for your help!!!
Eduardo
tcpdump: listening on eth0
17:09:47.226234 192.168.0.50.3497 > 192.168.0.1.1723: S
2311556756:2311556756(0) win 64240 <mss 1460,nop,nop,sackOK> (DF)
17:09:47.226306 192.168.0.1.1723 > 192.168.0.50.3497: S
1698163687:1698163687(0) ack 2311556757 win 5840 <mss
1460,nop,nop,sackOK>
(DF)
17:09:47.226502 192.168.0.50.3497 > 192.168.0.1.1723: P 1:157(156) ack 1
win 64240 (DF)
17:09:47.226551 192.168.0.1.1723 > 192.168.0.50.3497: . ack 157 win 5840
(DF)
17:09:47.228158 192.168.0.1.1723 > 192.168.0.50.3497: P 1:157(156) ack
157
win 5840 (DF)
17:09:47.228418 192.168.0.50.3497 > 192.168.0.1.1723: P 157:325(168) ack
157 win 64084 (DF)
17:09:47.229958 192.168.0.1.1723 > 192.168.0.50.3497: P 157:189(32) ack
325 win 6432 (DF)
17:09:47.414047 192.168.0.50.3497 > 192.168.0.1.1723: . ack 189 win
64052
(DF)
17:09:47.645975 192.168.0.50.3497 > 192.168.0.1.1723: P 325:349(24) ack
189 win 64052 (DF)
17:09:47.654667 192.168.0.50 > 192.168.0.1: gre-proto-0x880B (gre encap)
17:09:47.654715 192.168.0.1 > 192.168.0.50: icmp: 192.168.0.1 protocol
47
unreachable [tos 0xc0]
17:09:47.680034 192.168.0.1.1723 > 192.168.0.50.3497: . ack 349 win 6432
(DF)
17:09:49.650222 192.168.0.50 > 192.168.0.1: gre-proto-0x880B (gre encap)
17:09:49.650276 192.168.0.1 > 192.168.0.50: icmp: 192.168.0.1 protocol
47
unreachable [tos 0xc0]
17:09:52.650095 192.168.0.50 > 192.168.0.1: gre-proto-0x880B (gre encap)
17:09:52.650149 192.168.0.1 > 192.168.0.50: icmp: 192.168.0.1 protocol
47
unreachable [tos 0xc0]
17:09:52.867259 arp who-has hades tell 192.168.0.50 17:09:56.650060
192.168.0.50 > 192.168.0.1: gre-proto-0x880B (gre encap) 17:09:56.650116
192.168.0.1 > 192.168.0.50: icmp: 192.168.0.1 protocol 47
unreachable [tos 0xc0]
17:10:00.650089 192.168.0.50 > 192.168.0.1: gre-proto-0x880B (gre encap)
17:10:00.650148 192.168.0.1 > 192.168.0.50: icmp: 192.168.0.1 protocol
47
unreachable [tos 0xc0]
17:10:03.521314 192.168.0.50.3497 > 192.168.0.1.1723: P 349:373(24) ack
189 win 64052 (DF)
17:10:03.521385 192.168.0.1.1723 > 192.168.0.50.3497: . ack 373 win 6432
(DF)
17:10:03.521662 192.168.0.50 > 192.168.0.1: gre-proto-0x880B (gre encap)
17:10:03.521692 192.168.0.1 > 192.168.0.50: icmp: 192.168.0.1 protocol
47
unreachable [tos 0xc0]
17:10:06.664002 192.168.0.50 > 192.168.0.1: gre-proto-0x880B (gre encap)
17:10:06.664057 192.168.0.1 > 192.168.0.50: icmp: 192.168.0.1 protocol
47
unreachable [tos 0xc0]
17:10:10.664472 192.168.0.50.3497 > 192.168.0.1.1723: P 373:389(16) ack
189 win 64052 (DF)
17:10:10.664536 192.168.0.1.1723 > 192.168.0.50.3497: . ack 389 win 6432
(DF)
17:10:10.665388 192.168.0.1.1723 > 192.168.0.50.3497: P 189:337(148) ack
389 win 6432 (DF)
17:10:10.665556 192.168.0.50.3497 > 192.168.0.1.1723: P 389:405(16) ack
337 win 63904 (DF)
17:10:10.666361 192.168.0.1.1723 > 192.168.0.50.3497: P 337:353(16) ack
405 win 6432 (DF)
17:10:10.666764 192.168.0.50.3497 > 192.168.0.1.1723: F 405:405(0) ack
353
win 63888 (DF)
17:10:10.666890 192.168.0.1.1723 > 192.168.0.50.3497: F 353:353(0) ack
406
win 6432 (DF)
17:10:10.667023 192.168.0.50.3497 > 192.168.0.1.1723: . ack 354 win
63888
(DF)
-----Mensagem original-----
De: windows2000-bounce@xxxxxxxxxxxxx
[mailto:windows2000-bounce@xxxxxxxxxxxxx] Em nome de Daniel Curry
Enviada em: segunda-feira, 4 de agosto de 2003 15:50
Para: windows2000@xxxxxxxxxxxxx
Assunto: [windows2000] Re: VPN
I missed your previous message describing what you are trying to do.
If your firewall is Linux based (assumption form squid reference),
adding a couple of packages would permit that machine to act as your VPN
server as well. There area great many packages to help with this, but
the one I like best is free/Swan (spelling?) from freshmeat.net. Check
them out. The build and install has gotten much easier over the last
couple of years.
-----Mensagem original-----
De: windows2000-bounce@xxxxxxxxxxxxx
[mailto:windows2000-bounce@xxxxxxxxxxxxx] Em nome de Daniel Curry
Enviada em: segunda-feira, 4 de agosto de 2003 15:46
Para: windows2000@xxxxxxxxxxxxx
Assunto: [windows2000] Re: VPN and Firewall
This would largely depend upon which VPN protocol you decided to use.
PPTP uses port 1723/tcp to establish communications.
PPTP then uses protocol 47 -- GRE, generic routing encapsulation -- to
tunnel the data.
PPTP should take care of MOST simplified VPN issues.
IPSEC is a whole other matter. However, for 'office-to-office' or
static VPN connections, I tend to use routers with IPSEC.
-----Original Message-----
From: Eduardo Freitas [mailto:eduardofreitas@xxxxxxxxxxxxxxxxx]
Sent: Monday, August 04, 2003 11:38 AM
To: windows2000@xxxxxxxxxxxxx
Subject: [windows2000] VPN and Firewall
Hi guys,
Lets suppose I have a remote access VPN inside my network behind my
firewall. What ports would I have to have open forwarding to my VPN
server
so it works through the firewall?
Would that be reasonably safe?
Eduardo
This weeks sponsor - RTOSoft TScale
Complaints about applications response time - DO SOMETHING ABOUT IT!
TScale 2.0 improves applications response time and increases terminal
server capacity. Really get MORE from your existing servers! Free eval:
http://www.rtosoft.com/enter.asp?id=131
==================================
To Unsubscribe, set digest or vacation
mode or view archives use the below link.
http://thethin.net/win2000list.cfm
This weeks sponsor - RTOSoft TScale
Complaints about applications response time - DO SOMETHING ABOUT IT!
TScale 2.0 improves applications response time and increases terminal
server capacity. Really get MORE from your existing servers! Free eval:
http://www.rtosoft.com/enter.asp?id=131
==================================
To Unsubscribe, set digest or vacation
mode or view archives use the below link.
http://thethin.net/win2000list.cfm
Other related posts:
