cancel
Showing results for 
Search instead for 
Did you mean: 

Setting up a VPN Server (another one...)

RobChafer
Dabbler
Posts: 10
Thanks: 1
Registered: ‎01-02-2018

Setting up a VPN Server (another one...)

I have a business fibre broadband connection with plusnet. I have forwarded port 1723 from the plusnet modem to my server but cannot get it to connect via pptp. I forwarded port 443 to the same server and now I can see https pages from outside (as expected). If I am inside the local network I can set up a vpn connection from inside the network to the server (not a useful thing to do normally but shows my server will accept them).  I used to have a BT Infinity connection and the vpn worked fine with their modem.  Any suggestions?

7 REPLIES 7
RobPN
Seasoned Hero
Posts: 5,103
Thanks: 2,668
Fixes: 13
Registered: ‎17-05-2013

Re: Setting up a VPN Server (another one...)

 It might be worth looking at your PlusNet Firewall settings.

Edit:  Not sure if that link will work the same for a business account as for my home one though.

RobChafer
Dabbler
Posts: 10
Thanks: 1
Registered: ‎01-02-2018

Re: Setting up a VPN Server (another one...)

I didn't know about the firewall at the plusnet level. However... it is turned off, which is a shame because it sounded like the solution...

Farrinaf
Grafter
Posts: 54
Thanks: 7
Registered: ‎22-03-2013

Re: Setting up a VPN Server (another one...)

Hello Rob,

Beyond running my own VPN server to externally access my home network, I profess no particular expertise on the subject matter.

If you want to port scan your public WAN interface to see what ports are open, you could try Steve Gibson's site here Gibson Research Corporation and look for Shields UP - you can specify the specific ports you want scanning.

Your post is light on detail (for understandable reasons) but you do mention a server (presumably hosting the VPN service). If there is a software firewall configured on the actual server (I am thinking Windows here) as I recall there can be separate settings for internal and WAN access - possibly worth a look?

Whilst it is of course entirely your decision as to how you configure your VPN, from a security perspective PPTP would not be my VPN protocol of choice (especially in a business setting).

Might I suggest you read here

How to Geek   and  Protocols comparison

I think one of the issues you may run into is that most ISP provided routers are not particularly advanced so you may struggle with functionality.

If you have a NAS box most offer basic VPN server functionality. Draytek have a good reputation but unfortunately do not offer OpenVPN functionality (my protocol of choice). They do offer IPSEC/L2TP (which I also use for for site to site connectivity)

Cheers

Alan

RobChafer
Dabbler
Posts: 10
Thanks: 1
Registered: ‎01-02-2018

Re: Setting up a VPN Server (another one...)

Hi Alan

 

Thank you for your reply. I tried Steve Gibson's Shields UP site a try and happily came away with a good security rating. It did find that 1723 was open (and 443) but nothing else. I might try another VPN protocol but I cannot get PPTP to work...

I tried to ask plus.net with their much advertised support standards and got

 

"Thank you for getting in touch.

We are unable to provide any support with this request, You should seek the advice of a local it professional. "

 

I only asked if they had some hardware in the way that would stop PPTP. Quite disappointing.

 


 

Farrinaf
Grafter
Posts: 54
Thanks: 7
Registered: ‎22-03-2013

Re: Setting up a VPN Server (another one...)

Hello Rob,

You have zero chance of obtaining support from PlusNet for what they would term "advanced" configuration.

I see you stated in your orginal email that you had PPTP working with BT's modem (I presume you mean router ?). As an easy fix is there any reason why you cannot reinstate your BT's router ?


In my humble opinion, once you start moving into "advanced" configurations for your internet connection, you are best sourcing your own bespoke network kit and NOT relying on that provided by ISP's (which is obviously aimed at the general punter and is budget specified/priced accordingly).

Note I am not suggesting refusing "free" ISP kit as it can be very useful if you have a connection problem and it is suggested caused by you using non standard kit - easy enough to reinstate their kit to test.

If you are prepared to invest the Asus RT-AC66U-B1/ router running third party Asus Merlin firmware which has both OpenVPN server and client capabilities. OpenVPN s a much more secure VPN solution than PPTP which is generally considered insecure.

Merlin's OpenVPN implementation is based on Tomato's code so there is the added benefit of articles showing how to configure it.

Note unless you have an old BT Openreach modem, for the Asus solution you would need to also buy a modem. I use a Draytek Vigor 130. There are other (and cheaper) modems available but in considering them check that they are BT SIN 498 MCT approved as otherwise you run the risk of being disconnected from the network

If you want to delve deeper into what is transiting your network you could install WireShark (free) on your server.

Regards

Alan

 

RobChafer
Dabbler
Posts: 10
Thanks: 1
Registered: ‎01-02-2018

Re: Setting up a VPN Server (another one...)

i had though about using the old BT Hub but it has its own issues -- primarily the WiFi drops out quite a lot and seemingly at random.

 

I tried to get OpenVPN to work on my Windows Server 2012 but it just didn't want to play ball. So, whilst try to figure out the issue I came across SoftEther (https://www.softether.org/). This makes setting up VPNs a breeze. I now have L2TP/IPsec running with little effort. Hurrah.

Farrinaf
Grafter
Posts: 54
Thanks: 7
Registered: ‎22-03-2013

Re: Setting up a VPN Server (another one...)

Hello Rob,


I have not come across SoftEther before - looks intriguing and it will be interesting to see how it develops.

Glad you finally found a solution to your problem.

Best wishes

Alan