Windows VPN Ports – PPTP and GRE

September 28th, 2009 1 comment

So I’ve set up a VPN server at work. Great for connecting from home to access the network. I’m using just the built in VPN server in Windows Server 2003 and creating a VPN connection from Windows Network and Sharing Centre. It’s a piece of cake to set up.

The only extra thing you need to do is open the ports in the firewall to allow the connection. Windows VPN by default uses PPTP, which uses port 1723. We have a Juniper firewall which comes set up with lots of predefined services so you can quickly and easily open all the right ports for the application you are using. Great. So I allowed the PPTP service for the mapped IP address the server uses. Done. Or so I thought.

It just wouldn’t connect. I turned off the firewall, tried it again, and it worked straight away. So why wasn’t it working?! After a quick search on the internet I read that you also need to pass GRE. Quick check on the Juniper, GRE was listed on predefined services, added that to the policy for the VPN server. Bingo, it works!

Not sure if that applies to other firewalls. I’ve set this up before and never encountered this problem. Maybe it’s just on the Junipers?

If your firewall doesn’t have predefined services, for GRE you need to open protocol 47 on any port, or ports 0-65535 (all ports).

NetMeeting Ports

September 23rd, 2009 No comments

NetMeeting is a brilliant piece of software. We use it at work all the time, for connecting to computers across the world or showing users in other countries how to do stuff. Unfortunately, Microsoft doesn’t think so, because I just tried to run it in Windows 7 only to find it isn’t included. Apparently it wasn’t included in Vista either, but was available for download after people complained. Hopefully the same will happen with 7.

Anyway, I’m posting because if like us, and pretty much everybody else, you have a firewall, you’ll need to open the following ports to accept incoming connections:

TCP: 389, 522, 1503, 1720 and 1731.
UDP: 1024-65535.

If you don’t believe me, it says so here: