Re: How to determine what ports are being used?
2009/11/28 Christoph Leser le...@sup-logistik.de: 1723 is PPTP. This uses GRE ( generic routing encapsulation ). You must allow this protocol. And, as far as I know, openBSD cannot NAT this protocol ( it is possible to nat GRE for pptp if you peek into the next higher level protocol ( ppp in this case ? ) but this is not implemented ) pf can NAT GRE, but I beleive only one session per endpoint. http://monkey.org/openbsd/archive/misc/0403/msg01041.html
How to determine what ports are being used?
I have a home network tat uses an OpenBSD machine as it's firewall. I now have a company laptop (Windows), and it has some sort of Microsoft VPN. If it remove my block all rule I can get this VPN up. The corporate support folks say that it uses port 1723, but putting thta in pf.conf and restarting (with the block all) rule sill does not allow it to work. If I turn off the block all rule, and fire up the VPN, how can I determine what ports it is using, so that I can create the correct pf.conf rules? -- A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail?
Re: How to determine what ports are being used?
You could fire up the VPN, connect to it from the outside, and then use the netstat command to see which ports are beeing used knowing the origin and destination IPs Regards, Marcos Laufer stan wrote: I have a home network tat uses an OpenBSD machine as it's firewall. I now have a company laptop (Windows), and it has some sort of Microsoft VPN. If it remove my block all rule I can get this VPN up. The corporate support folks say that it uses port 1723, but putting thta in pf.conf and restarting (with the block all) rule sill does not allow it to work. If I turn off the block all rule, and fire up the VPN, how can I determine what ports it is using, so that I can create the correct pf.conf rules?
Re: How to determine what ports are being used?
Hi Stan I will answer your question regarding Microsoft VPN instead. The corporate support folks might have told you that the most common Microsoft VPN type [still] is something called PPTP: http://en.wikipedia.org/wiki/Point-to-point_tunneling_protocol It uses TCP port 1723 as control channel but also use GRE for the actual tunneling of the traffic. http://en.wikipedia.org/wiki/Generic_Routing_Encapsulation You need to also allow the proto gre in pf to make your VPN connection work. I hope this point you in the right direction, Best regards Anders -Original Message- From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of stan Sent: Friday, November 27, 2009 15:56 To: OpenBSD general usage list Subject: How to determine what ports are being used? I have a home network tat uses an OpenBSD machine as it's firewall. I now have a company laptop (Windows), and it has some sort of Microsoft VPN. If it remove my block all rule I can get this VPN up. The corporate support folks say that it uses port 1723, but putting thta in pf.conf and restarting (with the block all) rule sill does not allow it to work. If I turn off the block all rule, and fire up the VPN, how can I determine what ports it is using, so that I can create the correct pf.conf rules? -- A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail?
Re: How to determine what ports are being used?
You need to allow GRE as well. -sc -Original Message- From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of stan Sent: Friday, November 27, 2009 9:56 AM To: OpenBSD general usage list Subject: How to determine what ports are being used? I have a home network tat uses an OpenBSD machine as it's firewall. I now have a company laptop (Windows), and it has some sort of Microsoft VPN. If it remove my block all rule I can get this VPN up. The corporate support folks say that it uses port 1723, but putting thta in pf.conf and restarting (with the block all) rule sill does not allow it to work. If I turn off the block all rule, and fire up the VPN, how can I determine what ports it is using, so that I can create the correct pf.conf rules? -- A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail?
Re: How to determine what ports are being used?
1723 is PPTP. This uses GRE ( generic routing encapsulation ). You must allow this protocol. And, as far as I know, openBSD cannot NAT this protocol ( it is possible to nat GRE for pptp if you peek into the next higher level protocol ( ppp in this case ? ) but this is not implemented ) So I did a RDR for GRE to the only windows PC in my local network that needs PPTP. Something like rdr Pass on $ext_if proto gre from any - (address of Windows PC ) And further below in pf.conf allow GRE for your internal and external interface. regards christoph -Urspr|ngliche Nachricht- Von: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] Im Auftrag von Marcos Laufer Gesendet: Freitag, 27. November 2009 16:06 An: stan; misc@openbsd.org Betreff: Re: How to determine what ports are being used? You could fire up the VPN, connect to it from the outside, and then use the netstat command to see which ports are beeing used knowing the origin and destination IPs Regards, Marcos Laufer stan wrote: I have a home network tat uses an OpenBSD machine as it's firewall. I now have a company laptop (Windows), and it has some sort of Microsoft VPN. If it remove my block all rule I can get this VPN up. The corporate support folks say that it uses port 1723, but putting thta in pf.conf and restarting (with the block all) rule sill does not allow it to work. If I turn off the block all rule, and fire up the VPN, how can I determine what ports it is using, so that I can create the correct pf.conf rules?
Re: How to determine what ports are being used?
On Fri, Nov 27, 2009 at 04:17:50PM +0100, Anders Pettersson wrote: Hi Stan I will answer your question regarding Microsoft VPN instead. The corporate support folks might have told you that the most common Microsoft VPN type [still] is something called PPTP: http://en.wikipedia.org/wiki/Point-to-point_tunneling_protocol It uses TCP port 1723 as control channel but also use GRE for the actual tunneling of the traffic. http://en.wikipedia.org/wiki/Generic_Routing_Encapsulation You need to also allow the proto gre in pf to make your VPN connection work. I hope this point you in the right direction, Thanks, the gre was the clue I needed. Nw off to understand what the heck that is. -- A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail?
Re: How to determine what ports are being used?
On 2009-11-27, stan st...@panix.com wrote: I have a home network tat uses an OpenBSD machine as it's firewall. I now have a company laptop (Windows), and it has some sort of Microsoft VPN. If it remove my block all rule I can get this VPN up. The corporate support folks say that it uses port 1723, but putting thta in pf.conf and restarting (with the block all) rule sill does not allow it to work. If I turn off the block all rule, and fire up the VPN, how can I determine what ports it is using, so that I can create the correct pf.conf rules? block log tcpdump -neipflog0
