Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
1196 Views 3 Replies Latest reply: Jun 13, 2011 5:08 PM by rcamm RSS
manondamoon Newcomer 2 posts since
Jun 1, 2011
Currently Being Moderated

Jun 1, 2011 9:31 AM

Configuring VPN port server-side

Hi

 

I'm looking for a way to configure a VPN server on a SG565 (either PPTP or L2TP/IPSec) to listen on a port other than 1723 or 1701. Typically, what I wish to achieve is to bypass a firewall client-side that blocks the aforementioned ports. I have not read indication on how to configure VPN server listening port in Administration guide.

 

Running firmware 4.0.8, I tried tweaking Configuration Files in the Advanced tab but :

1. I'm afraid this is not possible with PoPToP PPTP daemon;

2. the "port" option for xl2tpd either is not recognized or not applied when added to config files (e.g. l2tpd-pppd)

 

Is this too simple for my understanding? Or do I need to look for alternative ways to bypass the firewall?

 

Also, in case I eventually find out, which VPN client would you recommend?

  • Community Leader 477 posts since
    Oct 14, 2009
    Currently Being Moderated
    1. Jun 1, 2011 1:36 PM (in response to manondamoon)
    Re: Configuring VPN port server-side

    There is more to the picture.

     

    The VPN's you mention both use control and data channels, and the ports you refer to are the control channels.

     

    The data channel, protocols 47 and 50 respectively, are tightly linked with the control channel, and changing the control channel is going to create other challenges.

     

    If you are trying to get through a firewall you dont administer, I doubt you will get this operational.

    If you do administer the firewall, the pain in even attempting to get this operational will hurt.

     

    Instead there are other solutions, primarily tunneling.

     

    SSH tunneling is technology designed to do exactly what you are after, I believe.

     

    And of course if the firewall does deep packet inspection at the application level, even this solution can be blocked.

    McAfee Firewall Enterprise can block ssh & ssh tunneling in particular, but it is a technological leader. This is not common technologoy so you should not run into this issue with luck.

     

    Hope this helps.

  • Community Leader 477 posts since
    Oct 14, 2009
    Currently Being Moderated
    3. Jun 13, 2011 5:08 PM (in response to manondamoon)
    Re: Configuring VPN port server-side

    ssh can pass through tthe 565 without additional configuration, including tunneling.

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points