Overblog Suivre ce blog
Editer l'article Administration Créer mon blog
4 octobre 2013 5 04 /10 /octobre /2013 21:07

I'll briefly explain an easy tip to change the default TCP 1723 port of a PPTP server.

Port TCP 1723 being an easy target for network scanners, it may prove usefull to change the PPTP server listening port to a private-range port, well hidden in the dark.

Linux OS will be used for the PPTP client, as it allows for easy networking-ports manipulations, using iptables.

I'm using a Raspberry PI as the PPTP server here, but any OS will work.

I'll use the TCP 57594 port throughout this post as an exemple, do choose your own, private-range port ( 49152 to 65535 )

PPTP client used : Debian 7.5 LXDE

Edited July 8 2014

VPN 5 : PPTP server hiding - change the default port

1. PPTP Server Setup

The PPTP server setup is quite simple : As it most likely lies just before an upstream router, we will just use the port-forwarding options of the upstream router to do the tweak :

we'll forward port TCP 57594 to the PPTP server port TCP 1723.

VPN 5 : PPTP server hiding - change the default port

2. PPTP Client Setup

 

The PPTP client tweak is very easy : we'll just create an iptables rule, that uses the nat table to change the outgoing port :

sudo iptables -t nat -I OUTPUT -p tcp --dport 1723 -j DNAT --to-destination :57594

 

( this is not persistent. a script is needed to automate it )

 

VPN 5 : PPTP server hiding - change the default port

3. Global Picture, and Additional Considerations

Here is the global picture :

 

VPN 5 : PPTP server hiding - change the default port

Like always with PPTP, the heart of the matter will remain :

the Internet Gateway 1 / ISP 1/ ISP2 / Internet Gateway 2 path

 

and the way they'll treat/handle the GRE protocol. Wireshark is of great help to troubleshoot eventual problems.

 

Part 4 : PPTP server port translation

Just out of clarity, here is how to have the port translation directly performed by the PPTP server :

 

VPN 5 : PPTP server hiding - change the default port

The iptables tweak on the server-side will be :

sudo iptables -t nat -I PREROUTING -p tcp --dport 57594 -j REDIRECT --to-ports 1723

( again, this is not persistent. a script is needed to automate it )

Partager cet article

Repost 0
Published by computer outlines - dans VPN PPTP
commenter cet article

commentaires

Marek Templin 18/05/2017 23:01

Hi the last step on the server: "sudo iptables -t nat -I PREROUTING -p tcp --dport 57594 -j REDIRECT --to-ports 1723" is not necessary. You can use in Ubuntu this: sudo nano /etc/services and add this line: "pptp 57594/tcp". After this restart the server. And now your PPTP Server run on port 57594.

Best Regards,
Marek Templin
Managing Member
TMP-SYSTEM-SERVICE LLC

You need a dedicated Server in the US. We are your Partner.

Présentation

  • : Computer Outlines Blog
  • : Blog mainly focused over IPv6, Windows Server, and Networking in general.
  • Contact

Recherche

Liens