home bbs files messages ]

Forums before death by AOL, social media and spammers... "We can't have nice things"

   comp.dcom.vpn      VPN protocols, clients, awesomeness      2,348 messages   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]

   Message 669 of 2,348   
   daytripper to Gerald Meazell   
   Re: Advice Request   
   05 Jan 04 23:26:29   
   
   XPost: comp.os.ms-windows.networking.misc   
   From: day_trippr@REMOVEyahoo.com   
      
   On Mon, 05 Jan 2004 16:11:53 GMT, Gerald Meazell  wrote:   
      
   >daytripper wrote:   
   >   
   >>It's the way I'd do it.   
   >>   
   >Again, thanks for the straightforward response.   
      
   My pleasure.   
      
   >>It works well, and it's hard to beat "free".   
   >>   
   >Well, it's not "free" for me.  Getting a static IP will cost me $15/mo.   
   >DDNS will also have some cost as well.  Then there's the additional cost   
   >of XP Pro.   
      
   You don't need a static IP.   
      
   >>Static IP is always easiest, but most of us don't have that option, so either   
   >>"boutique" domain addressing or dynamic DNS is likely the way to go.   
   >>   
   >What is "boutique" domain addressing?   
      
   Cheap domain hosting ;-) Google it...   
      
   >   
   >>Don't know for sure - I'll never use XP Home.   
   >>   
   >Why?  It appears to be the same product less the (highly illegal)   
   >bundling of Office.   
      
      
   Ahem. I don't know where you got that from, but it's quite wrong.   
   There is not a trace of Office in the standard Windows XP Professional   
   distribution.   
      
   Windows XP Pro is the grown-up networking version, fully supports ACLs, and it   
   provides a few "server" capabilities.   
      
   >>I don't think so. I also don't see why you'd need to do that.   
   >>   
   >To help thwart some hacker who is pinging the standard VPN port looking   
   >for a lousy security setup.   
      
   So don't do a lousy security setup.   
      
   Run a software firewall on the VPN server, and only let known client addresses   
   through it to get to the VPN port on the server.   
      
   Unless the hacker knows how to spoof a valid client ip address he can't even   
   get to the VPN server, and if he somehow did know that he still wouldn't know   
   a valid username and password to log into the VPN server. Problem solved.   
      
   >>Acceptable. And a lot better than WiFi ;-)   
   >>   
   >OK.   
      
   But note that isn't saying a whole lot...   
      
   >>I don't use my router as a VPN endpoint, so it's a simple matter of   
   >>configuring the necessary port-forwards to convey inbound VPN traffic to the   
   >>desired VPN server.   
      
   >Which is no big deal, provided you know which ports VPN is using.  It   
   >isn't documented in XP Home, hopefully it will be in XP Pro.   
      
   Forward in-bound port 1723 through your router to the ip address of the VPN   
   server on your LAN and you're in the virtual private network business...   
      
   /daytripper   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]


(c) 1994,  bbs@darkrealms.ca