3 Replies Latest reply: Jun 13, 2011 5:08 PM by rcamm RSS

    Configuring VPN port server-side




      I'm looking for a way to configure a VPN server on a SG565 (either PPTP or L2TP/IPSec) to listen on a port other than 1723 or 1701. Typically, what I wish to achieve is to bypass a firewall client-side that blocks the aforementioned ports. I have not read indication on how to configure VPN server listening port in Administration guide.


      Running firmware 4.0.8, I tried tweaking Configuration Files in the Advanced tab but :

      1. I'm afraid this is not possible with PoPToP PPTP daemon;

      2. the "port" option for xl2tpd either is not recognized or not applied when added to config files (e.g. l2tpd-pppd)


      Is this too simple for my understanding? Or do I need to look for alternative ways to bypass the firewall?


      Also, in case I eventually find out, which VPN client would you recommend?

        • 1. Re: Configuring VPN port server-side

          There is more to the picture.


          The VPN's you mention both use control and data channels, and the ports you refer to are the control channels.


          The data channel, protocols 47 and 50 respectively, are tightly linked with the control channel, and changing the control channel is going to create other challenges.


          If you are trying to get through a firewall you dont administer, I doubt you will get this operational.

          If you do administer the firewall, the pain in even attempting to get this operational will hurt.


          Instead there are other solutions, primarily tunneling.


          SSH tunneling is technology designed to do exactly what you are after, I believe.


          And of course if the firewall does deep packet inspection at the application level, even this solution can be blocked.

          McAfee Firewall Enterprise can block ssh & ssh tunneling in particular, but it is a technological leader. This is not common technologoy so you should not run into this issue with luck.


          Hope this helps.

          • 2. Re: Configuring VPN port server-side

            Thank you for your clear answer rcamm.


            I understand the complexity of bypassing the firewall (which I don't administer), and I will set up SSH tunnelling to a UTM-side server instead, as you recommend.

            Are there particular settings I should look up in order to allow SSH tunneling through the SG565?


            Thanks again.

            • 3. Re: Configuring VPN port server-side

              ssh can pass through tthe 565 without additional configuration, including tunneling.