Ping any VPN experts
Moderator: Thanas
Ping any VPN experts
At work, I want to connect my laptop to my home network via VPN. I know jack shit about VPN but I was playing around with it and got the basics down. I have the ports forwarded through my router, I have the incoming connection set up on my home PC, and the outgoing VPN connection set up on my laptop. It works. I can successfully connect from my laptop to my desktop at home via VPN. Trouble it, it doesn't work when connected to my office WiFi due to blocked ports. The infuriating thing is exactly which ports are blocked. During my experiments, I tested SSTP, PPTP, and L2TP. L2TP doesn't work at all on my desktop for some reason so I am ignoring that. Of the remaining two, here are the results:
1. SSTP - Uses port 443 which is not blocked by my work firewall. However, it requires a server authentication certificate which I can't get on my desktop, since it's not a server O/S.
2. PPTP - Uses ports 1723 (not blocked) and port 47 (blocked).
So that's the pickle. The one protocol I can use unhindered won't work because I'm not connecting to a server. The other protocol that works has one of it's two necessary ports blocked. I could ask the IT guys at work to unblock port 47 but I'd probably have better luck sacrificing a goat and praying for divine intervention.
That leaves two options. First, try to find some way to bullshit the SSTP connection into thinking there's a valid certificate on my home machine. Second, find a way to change the GRE port from 47 to another port that's unblocked by my work firewall.
Any thoughts on how to accomplish either of those tasks? Thanks!
1. SSTP - Uses port 443 which is not blocked by my work firewall. However, it requires a server authentication certificate which I can't get on my desktop, since it's not a server O/S.
2. PPTP - Uses ports 1723 (not blocked) and port 47 (blocked).
So that's the pickle. The one protocol I can use unhindered won't work because I'm not connecting to a server. The other protocol that works has one of it's two necessary ports blocked. I could ask the IT guys at work to unblock port 47 but I'd probably have better luck sacrificing a goat and praying for divine intervention.
That leaves two options. First, try to find some way to bullshit the SSTP connection into thinking there's a valid certificate on my home machine. Second, find a way to change the GRE port from 47 to another port that's unblocked by my work firewall.
Any thoughts on how to accomplish either of those tasks? Thanks!
You will be assimilated...bunghole!
Re: Ping any VPN experts
Uh, does your work permit you to open VPN tunnels to arbitrary networks? That's usually a huge red flag to security.
Re: Ping any VPN experts
It does when I am connected to the guest WiFi network, which is isolated from the main network.
You will be assimilated...bunghole!
Re: Ping any VPN experts
Shouldn't your VPN server let you produce private-public key pairs for each client and then generate a client certificate for your laptop (and possibly a root certificate authority for your laptop)?
You might also try OpenVPN and see if that helps. Hamachi is also pretty straightforward, too.
You might also try OpenVPN and see if that helps. Hamachi is also pretty straightforward, too.
Last edited by phongn on 2014-04-24 08:08pm, edited 1 time in total.
Re: Ping any VPN experts
I'm using the built-in VPN function of windows 7 and I'm not sure how to go about generating a new certificate.
You will be assimilated...bunghole!
Re: Ping any VPN experts
Look over this article and see if it answers any questions
http://www.pcworld.com/article/210562/h ... ows_7.html
http://www.pcworld.com/article/210562/h ... ows_7.html
Re: Ping any VPN experts
Thanks AMT. Yeah that's basic setup which I already know how to do. The issue is that I need to either change the outgoing port that my laptop uses for VPN or get a server certificate for my desktop so I can use SSTP.
You will be assimilated...bunghole!
Re: Ping any VPN experts
Thanks for the links. OpenVPN has a bandwidth cap so I don't think I'll go with that one. Hamachi looks like it'd work fine. 30 bucks a year though...phongn wrote:Shouldn't your VPN server let you produce private-public key pairs for each client and then generate a client certificate for your laptop (and possibly a root certificate authority for your laptop)?
You might also try OpenVPN and see if that helps. Hamachi is also pretty straightforward, too.
You will be assimilated...bunghole!
Re: Ping any VPN experts
What firewall are you using?
Re: Ping any VPN experts
No idea. It's a firewall on the guest internet connection where I work. Probably an industrial grade one.
You will be assimilated...bunghole!
Re: Ping any VPN experts
A bandwidth cap? You might be looking at the OpenVPN service and not the free software. Fairly certian you can run it locally even on Windows, though I've only looked at it on Linux.Borgholio wrote:Thanks for the links. OpenVPN has a bandwidth cap so I don't think I'll go with that one. Hamachi looks like it'd work fine. 30 bucks a year though...phongn wrote:Shouldn't your VPN server let you produce private-public key pairs for each client and then generate a client certificate for your laptop (and possibly a root certificate authority for your laptop)?
You might also try OpenVPN and see if that helps. Hamachi is also pretty straightforward, too.
If it waddles like a duck and it quacks like a duck, it's a KV-5.
Vote Electron Standard, vote Tron Paul 2012
Vote Electron Standard, vote Tron Paul 2012
Re: Ping any VPN experts
Huh...I must be blind, I don't see any reference to the free software. All the download links seem to be for the PrivateTunnel service.
You will be assimilated...bunghole!
Re: Ping any VPN experts
Should be there:
https://openvpn.net/index.php/open-sour ... loads.html
You may also want a GUI:
http://openvpn.se/
https://openvpn.net/index.php/open-sour ... loads.html
You may also want a GUI:
http://openvpn.se/
Re: Ping any VPN experts
Yeah OpenVPN hurt my brain. Way too many options that need to be manually entered into the client and server config files. And I still have to screw around with authentication keys.
You will be assimilated...bunghole!
-
- Redshirt
- Posts: 1
- Joined: 2020-07-11 10:59am
- Contact:
Re: Ping any VPN experts
Thank you! stardestroyer is so helpful answering my many questions.