Sign in with
Sign up | Sign in
Your question

RDP over VPN between two XP Pro machines

Last response: in Windows XP
Share
April 24, 2004 7:25:49 PM

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

Hi,
Like many others I'm trying to setup a WinXP machine to be a vpn server and
a rdp server, so at work i can connect to my home pc, open a vpn tunnel and
then open a rdp session.




I have a few questions about this. Hopefully someone can help me out.

Both at work and at home I have a WinXP Pro machine. At work all ports are
open and at home, I'm behind a router on which I can do port forwarding. I'd
like to use my home pc when I'm at work.

The VPN server (the home pc) is behind a router so Port Mapping will need to
be done on the router I guess. Standard port usage is 1723 for PPTP and
IPSec is 500 I think. I also heard something about PPTP passthrough but I
don't know whether this is relevant?

The things I don't fully understand:

- how/where can I determine whether my VPN server should use PPTP
or Ipsec ?

- if I would use PPTP, why might I need to configure "PPTP
passthrough" ? And how?

- Currently the RDP service on my home pc is accepting RDP requests from
remote clients. But because this would be more secure over VPN I've added
the XP VPN service ("incoming connections"). My question : how can I make
sure that RDP will only work AFTER the tunnel has been created?

- Any other (security) issues I need to consider?



Thanks!

Rgds,
Kris

More about : rdp vpn pro machines

Anonymous
April 24, 2004 7:25:50 PM

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

I'll go at these in somewhat of reverse order.

If you open only the VPN port(s) in the router, you can be sure that RDP
isn't accessable to the outside world except through the VPN.

If you are going to use a PPTP VPN, you must open GRE protocol 47 (labelled
as PPTP passthrough on some routers)--or it won't work!

If you can't find such a setting, it may well be that the equivalent is
automatic on your router. Open port 1723, TCP, forwarded to the machine
hosting the inbound VPN connection, and test it out. If you have problems,
check the web tech support resources at your router vendor--most vendors
have some information about how to open incoming VPN connectivity.

I think I'm going to leave IPSEC versus PPTP to someone else--I believe that
you need fixed IP addresses at both ends to make effective use of IPSEC, and
I've never had that luxury. IPSEC also has an equivalent of PPTP
passthrough, I believe, and I'm not certain how it is specified.

"Kris" <kvdv@easynet.be> wrote in message
news:408a6ad5$0$11258$6c56d894@feed0.news.be.easynet.net...
> Hi,
> Like many others I'm trying to setup a WinXP machine to be a vpn server
> and
> a rdp server, so at work i can connect to my home pc, open a vpn tunnel
> and
> then open a rdp session.
>
>
>
>
> I have a few questions about this. Hopefully someone can help me out.
>
> Both at work and at home I have a WinXP Pro machine. At work all ports are
> open and at home, I'm behind a router on which I can do port forwarding.
> I'd
> like to use my home pc when I'm at work.
>
> The VPN server (the home pc) is behind a router so Port Mapping will need
> to
> be done on the router I guess. Standard port usage is 1723 for PPTP and
> IPSec is 500 I think. I also heard something about PPTP passthrough but I
> don't know whether this is relevant?
>
> The things I don't fully understand:
>
> - how/where can I determine whether my VPN server should use PPTP
> or Ipsec ?
>
> - if I would use PPTP, why might I need to configure "PPTP
> passthrough" ? And how?
>
> - Currently the RDP service on my home pc is accepting RDP requests
> from
> remote clients. But because this would be more secure over VPN I've added
> the XP VPN service ("incoming connections"). My question : how can I make
> sure that RDP will only work AFTER the tunnel has been created?
>
> - Any other (security) issues I need to consider?
>
>
>
> Thanks!
>
> Rgds,
> Kris
>
>
Anonymous
April 25, 2004 1:26:37 AM

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

L2TP/IPSEC VPN tunnels definately won't work over the NAT connection
without one end running Windows 2003 Server or a UNIX variant that
supports NAT-T (NAT Traversal)... Unfortunately, this technology is
not available in the VPN server on Windows XP...

IPSEC/L2TP Requirements:
IP Protocol 50 (ESP)
UDP Port 1701
UDP Port 500

(and if you can get a NAT-T server) UDP Port 4500

Jeffrey Randow (Windows Net. & Smart Display MVP)
jeffreyr-support@remotenetworktechnology.com

Please post all responses to the newsgroups for the benefit
of all USENET users. Messages sent via email may or may not
be answered depending on time availability....

Remote Networking Technology Support Site -
http://www.remotenetworktechnology.com
Windows XP Expert Zone - http://www.microsoft.com/windowsxp/expertzone

On Sat, 24 Apr 2004 11:15:33 -0400, "Bill Sanderson"
<Bill_Sanderson@msn.com.plugh.org> wrote:

>I'll go at these in somewhat of reverse order.
>
>If you open only the VPN port(s) in the router, you can be sure that RDP
>isn't accessable to the outside world except through the VPN.
>
>If you are going to use a PPTP VPN, you must open GRE protocol 47 (labelled
>as PPTP passthrough on some routers)--or it won't work!
>
>If you can't find such a setting, it may well be that the equivalent is
>automatic on your router. Open port 1723, TCP, forwarded to the machine
>hosting the inbound VPN connection, and test it out. If you have problems,
>check the web tech support resources at your router vendor--most vendors
>have some information about how to open incoming VPN connectivity.
>
>I think I'm going to leave IPSEC versus PPTP to someone else--I believe that
>you need fixed IP addresses at both ends to make effective use of IPSEC, and
>I've never had that luxury. IPSEC also has an equivalent of PPTP
>passthrough, I believe, and I'm not certain how it is specified.
>
>"Kris" <kvdv@easynet.be> wrote in message
>news:408a6ad5$0$11258$6c56d894@feed0.news.be.easynet.net...
>> Hi,
>> Like many others I'm trying to setup a WinXP machine to be a vpn server
>> and
>> a rdp server, so at work i can connect to my home pc, open a vpn tunnel
>> and
>> then open a rdp session.
>>
>>
>>
>>
>> I have a few questions about this. Hopefully someone can help me out.
>>
>> Both at work and at home I have a WinXP Pro machine. At work all ports are
>> open and at home, I'm behind a router on which I can do port forwarding.
>> I'd
>> like to use my home pc when I'm at work.
>>
>> The VPN server (the home pc) is behind a router so Port Mapping will need
>> to
>> be done on the router I guess. Standard port usage is 1723 for PPTP and
>> IPSec is 500 I think. I also heard something about PPTP passthrough but I
>> don't know whether this is relevant?
>>
>> The things I don't fully understand:
>>
>> - how/where can I determine whether my VPN server should use PPTP
>> or Ipsec ?
>>
>> - if I would use PPTP, why might I need to configure "PPTP
>> passthrough" ? And how?
>>
>> - Currently the RDP service on my home pc is accepting RDP requests
>> from
>> remote clients. But because this would be more secure over VPN I've added
>> the XP VPN service ("incoming connections"). My question : how can I make
>> sure that RDP will only work AFTER the tunnel has been created?
>>
>> - Any other (security) issues I need to consider?
>>
>>
>>
>> Thanks!
>>
>> Rgds,
>> Kris
>>
>>
>
Related resources
April 25, 2004 3:18:03 PM

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

Guys,

Thank you for all this great info.

Meanwhile I've succesfully setup the VPN service on my XP home machine and
connected over the internet with the VPN client on a WinXP machine.
Everything worked.

Only one question remains.

Before using VPN I just used RDP. I had configured my router to listen on a
obscure port and then forward to my internal workstation on the standard RDP
port.
Now my router is listening on the standard VPN port and forwarding to my
internal workstation also on the standard vpn port.

=> Isn't there a way to change the vpn port?
=> And if I wouldn't change the vpn port, would this VPN approach still be
safer than the obscure rdp port approach I used before?

Thanks!
Kris




"Jeffrey Randow (MVP)" <jeffreyr-support@remotenetworktechnology.com> wrote
in message news:h38m80pq82gfih4j48bnvhnrcdrikgq62a@4ax.com...
> L2TP/IPSEC VPN tunnels definately won't work over the NAT connection
> without one end running Windows 2003 Server or a UNIX variant that
> supports NAT-T (NAT Traversal)... Unfortunately, this technology is
> not available in the VPN server on Windows XP...
>
> IPSEC/L2TP Requirements:
> IP Protocol 50 (ESP)
> UDP Port 1701
> UDP Port 500
>
> (and if you can get a NAT-T server) UDP Port 4500
>
> Jeffrey Randow (Windows Net. & Smart Display MVP)
> jeffreyr-support@remotenetworktechnology.com
>
> Please post all responses to the newsgroups for the benefit
> of all USENET users. Messages sent via email may or may not
> be answered depending on time availability....
>
> Remote Networking Technology Support Site -
> http://www.remotenetworktechnology.com
> Windows XP Expert Zone - http://www.microsoft.com/windowsxp/expertzone
>
> On Sat, 24 Apr 2004 11:15:33 -0400, "Bill Sanderson"
> <Bill_Sanderson@msn.com.plugh.org> wrote:
>
> >I'll go at these in somewhat of reverse order.
> >
> >If you open only the VPN port(s) in the router, you can be sure that RDP
> >isn't accessable to the outside world except through the VPN.
> >
> >If you are going to use a PPTP VPN, you must open GRE protocol 47
(labelled
> >as PPTP passthrough on some routers)--or it won't work!
> >
> >If you can't find such a setting, it may well be that the equivalent is
> >automatic on your router. Open port 1723, TCP, forwarded to the machine
> >hosting the inbound VPN connection, and test it out. If you have
problems,
> >check the web tech support resources at your router vendor--most vendors
> >have some information about how to open incoming VPN connectivity.
> >
> >I think I'm going to leave IPSEC versus PPTP to someone else--I believe
that
> >you need fixed IP addresses at both ends to make effective use of IPSEC,
and
> >I've never had that luxury. IPSEC also has an equivalent of PPTP
> >passthrough, I believe, and I'm not certain how it is specified.
> >
> >"Kris" <kvdv@easynet.be> wrote in message
> >news:408a6ad5$0$11258$6c56d894@feed0.news.be.easynet.net...
> >> Hi,
> >> Like many others I'm trying to setup a WinXP machine to be a vpn server
> >> and
> >> a rdp server, so at work i can connect to my home pc, open a vpn tunnel
> >> and
> >> then open a rdp session.
> >>
> >>
> >>
> >>
> >> I have a few questions about this. Hopefully someone can help me out.
> >>
> >> Both at work and at home I have a WinXP Pro machine. At work all ports
are
> >> open and at home, I'm behind a router on which I can do port
forwarding.
> >> I'd
> >> like to use my home pc when I'm at work.
> >>
> >> The VPN server (the home pc) is behind a router so Port Mapping will
need
> >> to
> >> be done on the router I guess. Standard port usage is 1723 for PPTP and
> >> IPSec is 500 I think. I also heard something about PPTP passthrough but
I
> >> don't know whether this is relevant?
> >>
> >> The things I don't fully understand:
> >>
> >> - how/where can I determine whether my VPN server should use
PPTP
> >> or Ipsec ?
> >>
> >> - if I would use PPTP, why might I need to configure "PPTP
> >> passthrough" ? And how?
> >>
> >> - Currently the RDP service on my home pc is accepting RDP requests
> >> from
> >> remote clients. But because this would be more secure over VPN I've
added
> >> the XP VPN service ("incoming connections"). My question : how can I
make
> >> sure that RDP will only work AFTER the tunnel has been created?
> >>
> >> - Any other (security) issues I need to consider?
> >>
> >>
> >>
> >> Thanks!
> >>
> >> Rgds,
> >> Kris
> >>
> >>
> >
>
Anonymous
April 25, 2004 3:18:04 PM

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

AFAIK, there is no way to change the PPTP VPN port (ie. TCP Port 1723 and GRE Protocol 47).
Otherwise, see my answer to you in the network_web news group.

--
Al Jarvi (MS-MVP Windows Networking)

Please post *ALL* questions and replies to the news group for the mutual benefit of all of us...
The MS-MVP Program - http://mvp.support.microsoft.com
This posting is provided "AS IS" with no warranties, and confers no rights...

"Kris" <kvdv@easynet.be> wrote in message
news:408b8241$0$11260$6c56d894@feed0.news.be.easynet.net...
> Guys,
>
> Thank you for all this great info.
>
> Meanwhile I've succesfully setup the VPN service on my XP home machine and
> connected over the internet with the VPN client on a WinXP machine.
> Everything worked.
>
> Only one question remains.
>
> Before using VPN I just used RDP. I had configured my router to listen on a
> obscure port and then forward to my internal workstation on the standard RDP
> port.
> Now my router is listening on the standard VPN port and forwarding to my
> internal workstation also on the standard vpn port.
>
> => Isn't there a way to change the vpn port?
> => And if I wouldn't change the vpn port, would this VPN approach still be
> safer than the obscure rdp port approach I used before?
>
> Thanks!
> Kris
>
>
>
>
> "Jeffrey Randow (MVP)" <jeffreyr-support@remotenetworktechnology.com> wrote
> in message news:h38m80pq82gfih4j48bnvhnrcdrikgq62a@4ax.com...
>> L2TP/IPSEC VPN tunnels definately won't work over the NAT connection
>> without one end running Windows 2003 Server or a UNIX variant that
>> supports NAT-T (NAT Traversal)... Unfortunately, this technology is
>> not available in the VPN server on Windows XP...
>>
>> IPSEC/L2TP Requirements:
>> IP Protocol 50 (ESP)
>> UDP Port 1701
>> UDP Port 500
>>
>> (and if you can get a NAT-T server) UDP Port 4500
>>
>> Jeffrey Randow (Windows Net. & Smart Display MVP)
>> jeffreyr-support@remotenetworktechnology.com
>>
>> Please post all responses to the newsgroups for the benefit
>> of all USENET users. Messages sent via email may or may not
>> be answered depending on time availability....
>>
>> Remote Networking Technology Support Site -
>> http://www.remotenetworktechnology.com
>> Windows XP Expert Zone - http://www.microsoft.com/windowsxp/expertzone
>>
>> On Sat, 24 Apr 2004 11:15:33 -0400, "Bill Sanderson"
>> <Bill_Sanderson@msn.com.plugh.org> wrote:
>>
>> >I'll go at these in somewhat of reverse order.
>> >
>> >If you open only the VPN port(s) in the router, you can be sure that RDP
>> >isn't accessable to the outside world except through the VPN.
>> >
>> >If you are going to use a PPTP VPN, you must open GRE protocol 47
> (labelled
>> >as PPTP passthrough on some routers)--or it won't work!
>> >
>> >If you can't find such a setting, it may well be that the equivalent is
>> >automatic on your router. Open port 1723, TCP, forwarded to the machine
>> >hosting the inbound VPN connection, and test it out. If you have
> problems,
>> >check the web tech support resources at your router vendor--most vendors
>> >have some information about how to open incoming VPN connectivity.
>> >
>> >I think I'm going to leave IPSEC versus PPTP to someone else--I believe
> that
>> >you need fixed IP addresses at both ends to make effective use of IPSEC,
> and
>> >I've never had that luxury. IPSEC also has an equivalent of PPTP
>> >passthrough, I believe, and I'm not certain how it is specified.
>> >
>> >"Kris" <kvdv@easynet.be> wrote in message
>> >news:408a6ad5$0$11258$6c56d894@feed0.news.be.easynet.net...
>> >> Hi,
>> >> Like many others I'm trying to setup a WinXP machine to be a vpn server
>> >> and
>> >> a rdp server, so at work i can connect to my home pc, open a vpn tunnel
>> >> and
>> >> then open a rdp session.
>> >>
>> >>
>> >>
>> >>
>> >> I have a few questions about this. Hopefully someone can help me out.
>> >>
>> >> Both at work and at home I have a WinXP Pro machine. At work all ports
> are
>> >> open and at home, I'm behind a router on which I can do port
> forwarding.
>> >> I'd
>> >> like to use my home pc when I'm at work.
>> >>
>> >> The VPN server (the home pc) is behind a router so Port Mapping will
> need
>> >> to
>> >> be done on the router I guess. Standard port usage is 1723 for PPTP and
>> >> IPSec is 500 I think. I also heard something about PPTP passthrough but
> I
>> >> don't know whether this is relevant?
>> >>
>> >> The things I don't fully understand:
>> >>
>> >> - how/where can I determine whether my VPN server should use
> PPTP
>> >> or Ipsec ?
>> >>
>> >> - if I would use PPTP, why might I need to configure "PPTP
>> >> passthrough" ? And how?
>> >>
>> >> - Currently the RDP service on my home pc is accepting RDP requests
>> >> from
>> >> remote clients. But because this would be more secure over VPN I've
> added
>> >> the XP VPN service ("incoming connections"). My question : how can I
> make
>> >> sure that RDP will only work AFTER the tunnel has been created?
>> >>
>> >> - Any other (security) issues I need to consider?
>> >>
>> >>
>> >>
>> >> Thanks!
>> >>
>> >> Rgds,
>> >> Kris
>> >>
>> >>
>> >
>>
>
>
Anonymous
April 27, 2004 3:47:36 AM

Archived from groups: microsoft.public.windowsxp.work_remotely (More info?)

There definately is no way to do this without writing your own VPN
client software... :( 

Jeffrey Randow (Windows Net. & Smart Display MVP)
jeffreyr-support@remotenetworktechnology.com

Please post all responses to the newsgroups for the benefit
of all USENET users. Messages sent via email may or may not
be answered depending on time availability....

Remote Networking Technology Support Site -
http://www.remotenetworktechnology.com
Windows XP Expert Zone - http://www.microsoft.com/windowsxp/expertzone

On Sun, 25 Apr 2004 06:16:19 -0500, "Sooner Al"
<SoonerAl@somewhere.net.invalid> wrote:

>AFAIK, there is no way to change the PPTP VPN port (ie. TCP Port 1723 and GRE Protocol 47).
>Otherwise, see my answer to you in the network_web news group.
!