>>So it's PPTP... *sobs quietly*

Unless actually know something about PPTP, how about leaving these sort
of opinions to those who do. Sure, PPTP is not as secure as IPSEC can
be, but for most people it is acceptable. Opening PPTP ports on your
router is a lot safer than opening web, ftp and smtp ports IMO. The
biggest threat is in having weak passwords. Use 7 or 14 character
passwords and mix numbers, letters and symbols. Make sure you do not
grant the guest account etc. dial-in access, and put down the latest
security patches (you should do this anyway, regardless of the OS, or
the product, if you are opening ports to the internet).

Regarding the ports:

Need to open port 1723 incoming for both tcp (6) and gre (47). Do not
open 137, 139 etc.etc. that is unnecessary. If you have a router which
is doing NAT translations at the client end, it *must* have a pptp pass
through application filter otherwise it will not work.

--
Regan Murphy.
-----Original Message-----
From: Steven Perich [mailto:steve@clubpoint.co.nz] 
Sent: Thursday, 5 September 2002 12:52 p.m.
To: Regan Murphy
Cc: ADSL List
Subject: Re: vpn setup on speedtouch pro
> Yup im only wanting have one pc vpn'ing from work into home. Both pc's
> are running windows xp pro.
So it's PPTP... *sobs quietly*
Jithen, if you're definitly using PPTP, as Reagan has indicated, make
sure you've opened ports tdp/udp 137-139 or whatever PPTP talks on, not
protocol 50 and 51 on your Speedtouch, and the same has occured on
whatever firewall you are using at work.
Of course, by doing this, you are lowering your work firewalls' level of
defence dramatically and should be flogged immediately!
Steve
----- Original Message -----
From: "Regan Murphy" <regan.murphy@oasystems.co.nz>
To: <adsl@lists.unixathome.org>
Sent: Thursday, September 05, 2002 12:15 PM
Subject: RE: vpn setup on speedtouch pro
> And another question,
>
> Does your firewall/router at *work* support pptp pass through?  If it 
> does not do this properly then you will experience the problem you 
> seem to be having after the login.
>
> --
> Regan Murphy.
>
> -----Original Message-----
> From: Regan Murphy
> Sent: Thursday, 5 September 2002 12:13 p.m.
> To: adsl@lists.unixathome.org
> Subject: RE: vpn setup on speedtouch pro
>
>
> Hehe, I asked this question too. But, as it turns out, you can enable 
> Windows XP Pro to accept incoming VPN connections using the network 
> wizard.  You learn something new every day :)
>
> So, my question is this: have you run the network connection wizard to
> set this up?
>
> --
> Regan Murphy.
>
> -----Original Message-----
> From: Neil Gardner [mailto:NeilG@ipex.co.nz]
> Sent: Thursday, 5 September 2002 12:00 p.m.
> To: 'Jithen Singh'; 'Steven Perich'; 'ADSL List'
> Cc: 'ADSL List'
> Subject: RE: vpn setup on speedtouch pro
>
>
> Um - to ask a stupid question... What VPN server are you using? I 
> don't think XP Pro or home have a VPN server included...
>
> So it might not be authenticating becuase there is no server at the 
> other end.
>
> Cheers - Neil
>
>
> -----Original Message-----
> From: Jithen Singh [mailto:j@net4u.co.nz]
> Sent: Thursday, 5 September 2002 11:47 a.m.
> To: 'Steven Perich'; 'ADSL List'
> Cc: 'ADSL List'
> Subject: RE: vpn setup on speedtouch pro
>
>
> Yup im only wanting have one pc vpn'ing from work into home. Both pc's
> are running windows xp pro.
>
> But it keeps getting to the verifying username and password stage and 
> then stops.
>
> Any ideas anyone?
>
> -----Original Message-----
> From: owner-adsl@unixathome.org [mailto:owner-adsl@unixathome.org] On 
> Behalf Of Steven Perich
> Sent: Thursday, 5 September 2002 10:59
> To: ADSL List
> Cc: 'ADSL List'
> Subject: Re: vpn setup on speedtouch pro
>
> IPSec is more standards-oriented, secure and more powerful.
>
> If you wish to have one PC VPN'ing into work then I would recommend 
> simply using a IPSec client and personal firewall on that machine.  If
> you want your whole home network to be visible from work I would 
> recommend either installing a firewall with IPsec site-to-site 
> functionality behind your ADSL router, or building a *hardened* linux 
> box and using the freely available IPSec client on it.
>
> Of course, it all depends on how much access you want to your work 
> network from home, what existing security infrastructure your work 
> has, how much your work are willing to compromise the security of 
> their network, and how much money you or your work want to spend. :-)
>
> Steve
>
> > Ipsec ?
> > Or PPTP ?
> >
> > Which ever is easier. Sorry im new to this vpn setup.
> >
> > -----Original Message-----
> > From: Steven Perich [mailto:steve@clubpoint.co.nz]
> > Sent: Thursday, 5 September 2002 10:14
> > To: Jithen Singh
> > Cc: ADSL List
> > Subject: Re: vpn setup on speedtouch pro
> >
> > What kind of VPN protocol/software are you wanting to use? IPSec? 
> > SST? PPTP (shudder)?
> >
> >
> >
> > ----- Original Message -----
> > From: "Jithen Singh" <j@net4u.co.nz>
> > To: "'Adsl Technical'" <adsl@lists.unixathome.org>
> > Sent: Thursday, September 05, 2002 9:43 AM
> > Subject: vpn setup on speedtouch pro
> >
> >
> > > Hi Guys ..
> > >
> > > Im wanting to setup vpn at home, so I can access it from work. I 
> > > have been going some reading etc, and this is the first time im
> > doing
> > > this.
> > >
> > > As shown on Craigs website, I have pinholed the ports on the
> > speedtouch
> > > pro.
> > > I have a windows xp pro, installed and im using this as the vpn
> > server.
> > > I know this works, because from reading from others experience.
> > >
> > > The problem I get is, I try and connect from work, it connects and
> get
> > > to the stage where it verify username and password and it hangs
> there.
> > >
> > > I think theres something else I need to setup in my speedtouch 
> > > pro. Anyone have ideas or help please ?
> > >
> > > Thanks in advance
> > > Cheers
> > >
> > > Jithen Singh
> > > NET4U LIMITED
> > >
> > > --
> > > This message is part of the NZ ADSL mailing list.
> > > see http://unixathome.org/adsl/ for archives, FAQ,
> > > and various documents.
> > > To unsubscribe: send mail to majordomo@lists.unixathome.org with 
> > > "unsubscribe adsl" in the body of the message
> > >
> > >
> >
> >
> >
>
> --
> This message is part of the NZ ADSL mailing list.
> see http://unixathome.org/adsl/ for archives, FAQ,
> and various documents.
> To unsubscribe: send mail to majordomo@lists.unixathome.org with 
> "unsubscribe adsl" in the body of the message
>
>
> --
> This message is part of the NZ ADSL mailing list.
> see http://unixathome.org/adsl/ for archives, FAQ,
> and various documents.
> To unsubscribe: send mail to majordomo@lists.unixathome.org with 
> "unsubscribe adsl" in the body of the message
>
>
> ------------------------------------------------------------
> This e-mail may be confidential. Any opinions expressed herein are the
> opinion of the writer unless there is an express indication to the 
> contrary. If you are not the intended recipient of this communication 
> please delete and destroy all copies and immediately reply by return 
> e-mail. Ipex ITG disclaims all liability and responsibility for any 
> direct or indirect loss arising from this e-mail and/or any 
> attachments.
>
>
> --
> This message is part of the NZ ADSL mailing list.
> see http://unixathome.org/adsl/ for archives, FAQ,
> and various documents.
> To unsubscribe: send mail to majordomo@lists.unixathome.org with 
> "unsubscribe adsl" in the body of the message
>
>
> --
> This message is part of the NZ ADSL mailing list.
> see http://unixathome.org/adsl/ for archives, FAQ,
> and various documents.
> To unsubscribe: send mail to majordomo@lists.unixathome.org with 
> "unsubscribe adsl" in the body of the message
>
>
-- 
This message is part of the NZ ADSL mailing list. 
see http://unixathome.org/adsl/ for archives, FAQ, 
and various documents. 
To unsubscribe: send mail to majordomo@lists.unixathome.org 
with "unsubscribe adsl" in the body of the message