Search Results

Search found 24 results on 1 pages for 'sstp'.

Page 1/1 | 1 

  • SSTP client disconnects shortly after successfully connected to VPN

    - by Eran Betzalel
    I'm successfully authenticating and connecting to a SSTP VPN (on windows 2008) from my windows 7 machine, but for some reason, the connection is disconnected about a 1-2 seconds after it's established. I've done the following: Defined a SSTP VPN on my windows server 2008. Defined the same machine as CA. Issued the needed certificates and published them on the client. I'm currently testing this VPN inside my LAN so all the needed ports are opened. Here are the event log entries when trying to connect: Error Log (Client): The user HOME\User dialed a connection named Home VPN which has terminated. The reason code returned on termination is 829. Error Log (Server-VPN): The user HOME\User connected on port VPN0-0 on 7/27/2012 at 1:57 AM and disconnected on 7/27/2012 at 1:57 AM. The user was active for 0 minutes 0 seconds. 312 bytes were sent and 4528 bytes were received. The reason for disconnecting was user request. What would be the issue? How can I resolve or debug it? UPDATE: I've found an event log (Log=System, Source=RasSstp) message on the windows 7 machine that tries to connect to the VPN: The SSTP-based VPN connection to the remote access server was terminated because of a security check failure. Security settings on the remote access server do not match settings on this computer. Contact the system administrator of the remote access server and relay the following information: SHA1 Certificate Hash: 065D681...520375552F SHA256 Certificate Hash: 18DED363...EEEE28CFD00

    Read the article

  • Internet Explorer not working after establishing a SSTP VPN connection

    - by Massimo
    I have a problem which is constantly appearing on each Windows 7 computer I'm using, whenever I establish a SSTP VPN connection to a ForeFront TMG 2010 firewall; it only happens with SSTP connections, not PPTP/L2TP ones. The problem appears only if using a proxy server for Internet access; it doesn't happen when directly accessing the Internet (with or without NAT). It doesn't seem to depend on a specific proxy software being used (I've seen it happening with various ones). The problem is: as soon as I start the VPN connection, Internet Explorer can't access anything anymore. I'm not using the VPN connection as a default gateway, and I can succesfully ping the proxy server after the VPN connection is esatablished (and even telnet to its 8080 TCP port), so this is definitely not a routing problem. Also, the problem is specifically related to Internet Explorer: while it seems not able to connect to any site, other programs (such as FireFox) have no problem accessing the Internet through the same proxy. This behaviour can be easily reproduced on any Windows 7 computer (the service pack and patch level doesn't seem to matter at all). Have IE connect through a proxy, establish a SSTP VPN connection... and IE will just not work anymore until the VPN connection is dropped.

    Read the article

  • Problems with self-signed SSL certificate for SSTP in Windows Server Foundation 2008

    - by John Barton
    I am trying to configure SSTP in Windows Server Foundation 2008. I want to use a self-signed SSL certificate to do authentication. When the server is running, I get the following error when trying to connect: 0x800B0109: A certificate chain processed, but terminated in a root certificate that is not trusted by the trust provider. I created the self-signed certificate in the IIS "Server Certificates" panel. From that panel, I exported the certificate, with the private key, to a .pfx file. I installed this certificate on the client computer which I tried to connect from. The certificate bound to the SSL listener in the RRAS-Security panel is present in the Trusted Root Certificate Authority stores on both machines. I've been getting super annoyed setting up certificates. Any advice here?

    Read the article

  • Windows Server 2008 R2 creating a multi-year client certificate using the IIS certsrv page while deploying SSTP VPN

    - by Warren P
    I am trying to follow instructions on Technet about deploying a Standard (non-enterprise) SSTP based VPN) that were originally written for Server 2008, but I am using Server 2008 R2, I have gotten as far as the part where it asks you to create a request a Server Authentication certificate. I have deployed IIS, and Active Directory Certificate Services, and chose "Standalone" and "Standard" (non-enterprise) Certificate Authority because I don't have an OID and don't think I should have to get one for a simple deployment of SSTP. The resulting certificates made by the Certification Authority "Issue" command, only have a 1 year period of validity, I want a multi-year certificate. At no point in this process is there any way to input this information unless it's through the Attributes text input area on the Advance Certificate Request page, which appears to be generated using an old ActiveX control, which means I can only do this using the workarounds in the article that I linked at the top, and only using Internet Explorer. Update:: It may be that this question is pointless since self-signed keys do not appear to work, when I try them, using Windows 8 as the VPN client. The problem is that the keys that are self-created by the technique shown here do not have any Certificate Revocation Server URLs and so you get an error "The revocation function was unable to check revocation", and the VPN connection fails.

    Read the article

  • Host a SSTP VPN Server on Windows 8

    - by Maarten
    I have a small server computer running Windows 8 at home. Currently it is hosting a PPTP VPN server using the build-in Windows 8 functionality for that. What I would want is something more secure, like an SSTP VPN server. However, I can't find any functionality of windows 8 or 3rd party software that can HOST a SSTP vpn server on Windows 8. I've only seen Client stuff and vpn pass trough services via google, all which i don't want/need. The only HOST stuff i find via google is the PPTP i set up currently. Is there any way of hosting a SSTP VPN server on my home machine? Thanks in advance, Maarten

    Read the article

  • SSTP BPDU with bad TLV and macflap -- info please

    - by Adeodatus
    Hi All, I'm slowly locking down the network I've inherited and mac-flapping has been a problem in the past with customers doing all kinds of crazy things. Thats changing but I am now encountering this error: Dec 30 18:31:31 10.50.1.50 1565: 001567: Dec 30 18:31:30: %SW_MATM-4-MACFLAP_NOTIF: Host xxxx.xxxx.f681 in vlan 1 is flapping between port Gi0/5 and port Gi0/48 Dec 30 18:43:28 10.50.1.50 1566: 001568: Dec 30 18:43:26: %SPANTREE-2-RECV_BAD_TLV: Received SSTP BPDU with bad TLV on GigabitEthernet0/5 VLAN1. Dec 30 18:48:18 10.50.1.50 1567: 001569: .Dec 30 18:48:17: %SPANTREE-2-RECV_BAD_TLV: Received SSTP BPDU with bad TLV on GigabitEthernet0/5 VLAN1. unfortunately, that mac address is the mac of our core router, the only link to the internet, on port gi0/48 On the other end of gi0/5, I have about 50 bridged customer machines connected through a series of managed and unmanaged L2 switches. Yes, on VLAN1 too ... like I said, working on changing this slowly. In the mean time, it has me quite baffled on how to deal with this and track down the customer or switch that is the problem. What else could be going on with these messages ... the bad TLV is a new one for me. Any ideas? Thank you and Happy New Year to you all!!

    Read the article

  • What's the advantage of OpenVPN over SSTP?

    - by Jose
    If considering Windows only environment, what's the advantage of introducing OpenVPN as the company VPN service, instead of Windows built-in protocols? Especially the new SSTP protocol already overcome the one of the weakness of PPTP, which may not go over firewall/NAT. I'm wondering is there any reason not to use Windows integrated solution. The strength of the security can be an issue but I'm not sure how different they are (I know MS VPN was vulnerable but is it still?) Thanks.

    Read the article

  • Windows 2008 Server in Amazon EC2 stops responding when SSTP/VPN connection is closed

    - by user38349
    All, I have a single Windows 2008 server running in Amazon's EC2 cloud. It's running a web application that is running fine and is accessible to the outside world. I need 3-5 developers to be able to work on database on the server, and was intending to accomplish this by setting up SSTP/RRAS on the server and letting them VPN in. This has been a bit of an ordeal due to the amount of server roles and messing with certificates that has been needed, but my VPN connection works now (all clients will be Windows 7). My problem is that when I drop my VPN connection (from the client side) the server hangs. The only way that I've found to get it back is to reboot it from the Amazon management console. Thanks for any guidance. Duncan

    Read the article

  • Windows 2008 Server in Amazon EC2 stops responding when SSTP/VPN connection is closed

    - by user38349
    All, I have a single Windows 2008 server running in Amazon's EC2 cloud. It's running a web application that is running fine and is accessible to the outside world. I need 3-5 developers to be able to work on database on the server, and was intending to accomplish this by setting up SSTP/RRAS on the server and letting them VPN in. This has been a bit of an ordeal due to the amount of server roles and messing with certificates that has been needed, but my VPN connection works now (all clients will be Windows 7). My problem is that when I use my VPN connection (from the client side) the server hangs - although not at any any consistent place, sometimes it's when I close the connection, some times when I'm making the connection). The only way that I've found to get it back is to reboot it from the Amazon management console. Thanks for any guidance. Duncan

    Read the article

  • VPN issue: SSTP Service service started and then stopped

    - by Ampersand
    When I was trying to set up a VPN connect on my laptop running Windows 7 Ultimate, I got this error: Network Connections Cannot load the Remote Access Connection Manager service. Error 711: The operation could not finish because it could not start the Remote Access Connection Manager service in time. Please try the operation again. I traced through some service dependencies and discovered that Secure Socket Tunneling Protocol Service was set to Manual. However, when I try to manually start the service, I get: Services The Secure Socket Tunneling Protocol Service on Local Computer started and then stopped. Some services stop automatically if they are not in use by other services or programs. Setting all the services involved to Automatic did not help. SSTP just showed Automatic and Stopped in the Services panel. I found a solution that involved booting in Safe Mode and deleting the contents of C:\Windows\System32\LogFiles\WMI\RtBackup. This solution worked, and I could set up a vpn connection, but only until I rebooted again. TL;DR I'm looking for a way to permanently enable Secure Socket Tunneling Protocol Service and other vpn-related services permanently so I don't have to reboot into safe mode and delete files every time I need to connect to a vpn.

    Read the article

  • Have some questions about setting up a VPN to my private cloud servers

    - by Pure.Krome
    I've got a number of Virtual Servers running at a pretty big Cloud provider. They are all running Windows 2008 R2. I have a CISCO ASA firewall in front of them. Currently, I've got all ports blocked except 80/443/21/3386 (for Remote Desktop). I asked to have a VPN enabled on the firewall and they said it's easy to do BUT I need to use the 3rd party Cisco software. Now, I don't want to get into a debate about it .. but we don't want to install anything extra on our -client- computers. We all use Windows 7 and we love using the built in VPN client to connect to other private LANS we have setup in other locations. So i'm wondering what options I have to create a VPN tunnel to our private cloud LAN? All our cloud servers are part of WORKGROUP, so there's no Active Directory .. nor do we want to install all that. Secondly, we know we can open up a firewall port - so any ports for starting a VPN is fine! Lastly, I was thinking of just using one of the existing servers as the VPN server (and using the Windows VPN software) .. but I'm not sure this is a good thing? Remember - we just want to use the baked in VPN software in Windows 7 .. which is PPTP or SSTP or L2TP/IPSEC. I would -LOVE- to use some free OSS software. For usernames/passwords? We'd probably just have one account .. like U:Hithere P:whatever.. so we don't need any hardcore account management, like Active Directory, etc. So does anyone have any ideas?

    Read the article

  • L2TP with PEAP authentication from MacOS/iOS

    - by Jose
    Following the recent security advisory, I'm reconfiguring our VPN servers and having trouble. We're using Windows 2008 R2 server for VPN services, running RRAS and NPS on the same server and configure it to use PEAP-EAP-MSCHAPV2 authentiation for all tunnel type(PPTP, L2TP, IKEv2, SSTP), which previously allowed plain MSCHAPv2. But Apple products, MacOS and iOS cannot connect to VPN after this change. I tried to install root certificate used in PEAP transaction but no change. Does anyone know whether MacOS/iOS supports PEAP-EAP-MSCHAPv2 authentication in PPTP/L2TP? If so any tips to make it work? (I know PEAP-EAP-MSCHAPv2 is supported in WPA/WPA2 enterprise) Regards.

    Read the article

  • VPN Error 868 when connecting even if using IP address

    - by Fr33dan
    I am trying to connect to a public VPN from VPNGate. However when I attempt to connect to a VPN from the list using MS-SSTP protocol I get the following error: Error 868: The remote connection was not made because the name of the remote access server did not resolve. If I open a command prompt and ping the address in question it resolves to the IP shown on the listing. If I configure the VPN using that IP address directly I still receive the error even though the name no longer needs to resolve. This was working yesterday but it seems the VPN I was using has been removed from the list. What is happening and how can I fix it?

    Read the article

  • Removing (Presumably) Extraneous Network Adapters from Device Manager (eg WAN Miniport)

    - by Synetech inc.
    Can anyone shed some light on the default items in the Network Adapters branch of the Windows Device Manager? In addition to the network card, there are always a bunch of other things that I cannot find any useful information on such as RAS Asynch Adapter and all the WAN Miniports (IKEv2, IP(v6), L2TP, Network Monitor, PPPOE, PPTP, SSTP). I would like to trim it down and uninstall whatever possible but cannot find out exactly what these items are responsible for (and therefore whether or not they are needed on my system). Most of the pages found with Google are either people trying to fix an error with such an item or someone asking what it is and being given an unhelpful, pat response like “just leave them alone” or “they’re necessary”. I highly doubt that is the case and I’m certain that at least some items can be removed because even if they become necessary in the future they can be added again (for example installing Network Monitor or Protowall reinstalls the miniport drivers anyway).

    Read the article

  • Implement a vpn

    - by jackson
    I want to build an application client(client.exe) - server to do the following: when the clients run it they are thrown in a VPN and they can communicate each other within 1 applicataion. For example : clients run client.exe and they can see each other in LAN ONLY in Starcraft. From what i have read the right type of vpn for this situation is Secured Socket Tunneling Protocol: "Secure socket tunneling protocol, also referred to as SSTP, is by definition an application-layer protocol. It is designed to employ a synchronous communication in a back and forth motion between two programs. It allows many application endpoints over one network connection, between peer nodes, thereby enabling efficient usage of the communication resources that are available to that network. " Question: I don't have experience with networking programming so my question for the ones who have, is this the right approach? PS1: i don't want something done like OpenVpn, i do this as learning exercise. PS2: the application is targeting Windows and i plan to use .NET Thanks for reading the whole story, i am waiting for your replies.

    Read the article

  • Cannot access server shares over VPN

    - by DuncanDavies
    I've set up a single hosted server to use as a development environment for a web-based application. The web app is served up fine on port 80, however I'm struggling to get my VPN to behave how I'd expect so the developers don't have the access they require. The VPN connects fine and I can access the back-end database (SQL Server) which resides on the server with the client tools from the laptops. However they cannot access any shared folders. The server's local IP address is 10.x.x.x, and I've assigned a static IP address pool to RRAS (of 192.168.100.1 - 20). The clients pick up a valid IP Address (i.e. 192.168.100.9) when they connect. There is no name resolution setup, DNS or WINS. When connected via VPN the clients can ping the server (192.168.100.1) by IP Address, but cannot map a drive to a shared folder (net use * \\192.168.100.1\xxxxx) - I get 'System error 53 has occurred. The network path was not found.' I don't understand why I can ping by the ip, but not map by it. Some details: Server OS is Windows 2008 (Datacenter) VPN is SSTP using RRAS Clients are all Windows 7 I've tried temporarily disabling the firewalls So, why can we not access the file system when everything else (ping, RDP, SQL Server clients tools) works? Thanks for your help Duncan

    Read the article

  • Route specific network traffic through vpn in virtualbox guest

    - by Sander
    I am running OSX with a windows server 2008 guest in Virtualbox. My goal is to route some of the network traffic in the host through the server guest. This is because the win2008 server has a VPN connection to my workplace using a Smartcard solution which can not operate on OSX. My current set-up is like this: OSX (Host): connected to the internet via en01 Win2008 (Guest): connected to the internet using NAT (lan1 in guest) has a SSTP VPN connection to my workplace is connected to the guest using an Host Only Adapter vboxnet0 (LAN2 in guest) The important part is about the host (OSX). Primarily I want all network traffic to just go through en01. However, all traffic which can only be accessed through the VPN must go through the guest and through the VPN. I have one specific FQDN which can only be accessed through the VPN (say corp.mycompany.com). I do not know much about networking. I thought I would be able to get it to work by bridging together LAN2 and LAN1 but this didn't seem to work this: http://archives.aidanfindlater.com/blog/2010/02/03/use-vpn-for-specific-sites-on-mac-os-x/ using a loopback adapter on WinXP (when I did not have win2008 yet, but this doesn't work because I can't create a PPTP connection) And I've also read about Routing and Remote Access but I have no idea on how to use this. Can someone help me in the right direction?

    Read the article

  • Privacy, VPN and routers

    - by user123189
    Ever since this ACTA push-up the things are starting to heat up around torrents and privacy. I am using Tribler now, but this is not secure enough for me. Not enough privacy. I've been using in the past a swedish VPN PPTP connection. What I observed is that, when the VPN connection was down, Internet traffic wasn't cut off, rather the downloads were continuing, this time with my real IP, wearing off my protection. 1st : How to enforce a VPN connection that will cut all traffic when down? That is, the moment the connection is down, all internet traffic should cease as if I'd pull the network plug out. 2nd: Is PPTP good enough or should I ask for SSTP or IKEV2 ? 3rd: Should I disable IPv6 ? Is VPN no longer private if I keep IPv6 active? I 'heard some stuff' about dual vpn routers to be able to improve privacy; but nothing more about how to configure one for such a task. 4th: Is there any kind of "black box" hardware equipment that can be used in hiding IP, encrypting traffic and so on ?

    Read the article

  • Is the Windows VPN secure?

    - by Tor Haugen
    I have used a few VPN solutions over the years. Most are hard to set up, slow to connect and/or rather ill-behaved (replacing system drivers, disrupting each other etc). One solution I have never used earlier is the one built into Windows. This is mostly because the infrastructure guys always refuse to use it because they claim it's 'not secure'. Now I have finally had the chance to use it (on Windows 7), and wow, it's a breeze! Easy to set up, well-behaved, it connects almost instantly, automatically authenticates with my logged-in credentials, and integrates excellently with the UI. I have to say, unless it really isn't secure, I'll be happy if I never have to use another VPN product ever again. I gather the Windows VPN used to rely on PPTP, which is not considered secure. But in Windows 7/2008, it supports L2TP/IPSec, SSTP and IKEv2, and authenticates with EAP or CHAP/CHAPv2. That seems pretty up-to-date to me. But I'm just a lowly developer. Can someone in the know give me the lowdown on this?

    Read the article

  • SCVMM 2012 R2 - Installing Virtual Switch Fails with Error 2916

    - by Brian M.
    So I've been attempting to teach myself SCVMM 2012 and Hyper-V Server 2012 R2, and I seem to have hit a snag. I've connected my Hyper-V Host to SCVMM 2012 successfully, and created a logical network, logical switch, and uplink port profile (which I essentially blew through with the default settings). However when I attempt to create a virtual switch on my Hyper-V host, I run into an issue. The job will use my logical network settings I created to configure the virtual switch, but when it tries to apply it to the host, it stalls and eventually fails with the following error: Error (2916) VMM is unable to complete the request. The connection to the agent vmhost1.test.loc was lost. WinRM: URL: [h**p://vmhost1.test.loc:5985], Verb: [GET], Resource: [h**p://schemas.microsoft.com/wbem/wsman/1/wmi/root/virtualization/v2/Msvm_ConcreteJob?InstanceID=2F401A71-14A2-4636-9B3E-10C0EE942D33] Unknown error (0x80338126) Recommended Action Ensure that the Windows Remote Management (WinRM) service and the VMM agent are installed and running and that a firewall is not blocking HTTP/HTTPS traffic. Ensure that VMM server is able to communicate with econ-hyperv2.econ.loc over WinRM by successfully running the following command: winrm id –r:vmhost1.test.loc This problem can also be caused by a Windows Management Instrumentation (WMI) service crash. If the server is running Windows Server 2008 R2, ensure that KB 982293 (h**p://support.microsoft.com/kb/982293) is installed on it. If the error persists, restart vmhost1.test.loc and then try the operation again. Refer to h**p://support.microsoft.com/kb/2742275 for more details. I restarted the server, and upon booting am greeted with a message stating "No active network adapters found." I load up powershell and run "Get-NetAdapter -IncludeHidden" to see what's going on, and get the following: Name InterfaceDescription ifIndex Status ---- -------------------- ------- ----- Local Area Connection* 5 WAN Miniport (PPPOE) 6 Di... Ethernet Microsoft Hyper-V Network Switch Def... 10 Local Area Connection* 1 WAN Miniport (L2TP) 2 Di... Local Area Connection* 8 WAN Miniport (Network Monitor) 9 Up Local Area Connection* 4 WAN Miniport (PPTP) 5 Di... Ethernet 2 Broadcom NetXtreme Gigabit Ethernet 13 Up Local Area Connection* 7 WAN Miniport (IPv6) 8 Up Local Area Connection* 9 Microsoft Kernel Debug Network Adapter 11 No... Local Area Connection* 3 WAN Miniport (IKEv2) 4 Di... Local Area Connection* 2 WAN Miniport (SSTP) 3 Di... vSwitch (TEST Test Swi... Hyper-V Virtual Switch Extension Ada... 17 Up Local Area Connection* 6 WAN Miniport (IP) 7 Up Now the machine is no longer visible on the network, and I don't have the slightest idea what went wrong, and more importantly how to undo the damage I caused in order to get back to where I was (save for re-installing Hyper-V Server, but I really would rather know what's going on and how to fix it)! Does anybody have any ideas? Much appreciated!

    Read the article

  • Centos does not open port/s after the rule/s are appended

    - by Charlie Dyason
    So after some battling and struggling with the firewall, i see that I may be doing something or the firewall isnt responding correctly there is has a port filter that is blocking certain ports. by the way, I have combed the internet, posted on forums, done almost everything and now hence the website name "serverfault", is my last resort, I need help What I hoped to achieve is create a pptp server to connect to with windows/linux clients UPDATED @ bottom Okay, here is what I did: I made some changes to my iptables file, giving me endless issues and so I restored the iptables.old file contents of iptables.old: # Firewall configuration written by system-config-firewall # Manual customization of this file is not recommended. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT after iptables.old restore(back to stock), nmap scan shows: nmap [server ip] Starting Nmap 6.00 ( nmap.org ) at 2013-11-01 13:54 SAST Nmap scan report for server.address.net ([server ip]) Host is up (0.014s latency). Not shown: 997 filtered ports PORT STATE SERVICE 22/tcp open ssh 113/tcp closed ident 8008/tcp open http Nmap done: 1 IP address (1 host up) scanned in 4.95 seconds if I append rule: (to accept all tcp ports incoming to server on interface eth0) iptables -A INPUT -i eth0 -m tcp -j ACCEPT nmap output: nmap [server ip] Starting Nmap 6.00 ( nmap.org ) at 2013-11-01 13:58 SAST Nmap scan report for server.address.net ([server ip]) Host is up (0.017s latency). Not shown: 858 filtered ports, 139 closed ports PORT STATE SERVICE 22/tcp open ssh 443/tcp open https 8008/tcp open http Nmap done: 1 IP address (1 host up) scanned in 3.77 seconds *notice it allows and opens port 443 but no other ports, and it removes port 113...? removing previous rule and if I append rule: (allow and open port 80 incoming to server on interface eth0) iptables -A INPUT -i eth0 -m tcp -p tcp --dport 80 -j ACCEPT nmap output: nmap [server ip] Starting Nmap 6.00 ( nmap.org ) at 2013-11-01 14:01 SAST Nmap scan report for server.address.net ([server ip]) Host is up (0.014s latency). Not shown: 996 filtered ports PORT STATE SERVICE 22/tcp open ssh 80/tcp closed http 113/tcp closed ident 8008/tcp open http Nmap done: 1 IP address (1 host up) scanned in 5.12 seconds *notice it removes port 443 and allows 80 but is closed without removing previous rule and if I append rule: (allow and open port 1723 incoming to server on interface eth0) iptables -A INPUT -i eth0 -m tcp -p tcp --dport 1723 -j ACCEPT nmap output: nmap [server ip] Starting Nmap 6.00 ( nmap.org ) at 2013-11-01 14:05 SAST Nmap scan report for server.address.net ([server ip]) Host is up (0.015s latency). Not shown: 996 filtered ports PORT STATE SERVICE 22/tcp open ssh 80/tcp closed http 113/tcp closed ident 8008/tcp open http Nmap done: 1 IP address (1 host up) scanned in 5.16 seconds *notice no change in ports opened or closed??? after removing rules: iptables -A INPUT -i eth0 -m tcp -p tcp --dport 80 -j ACCEPT iptables -A INPUT -i eth0 -m tcp -p tcp --dport 1723 -j ACCEPT nmap output: nmap [server ip] Starting Nmap 6.00 ( nmap.org ) at 2013-11-01 14:07 SAST Nmap scan report for server.address.net ([server ip]) Host is up (0.015s latency). Not shown: 998 filtered ports PORT STATE SERVICE 22/tcp open ssh 113/tcp closed ident Nmap done: 1 IP address (1 host up) scanned in 5.15 seconds and returning rule: (to accept all tcp ports incoming to server on interface eth0) iptables -A INPUT -i eth0 -m tcp -j ACCEPT nmap output: nmap [server ip] Starting Nmap 6.00 ( nmap.org ) at 2013-11-01 14:07 SAST Nmap scan report for server.address.net ([server ip]) Host is up (0.017s latency). Not shown: 858 filtered ports, 139 closed ports PORT STATE SERVICE 22/tcp open ssh 443/tcp open https 8008/tcp open http Nmap done: 1 IP address (1 host up) scanned in 3.87 seconds notice the eth0 changes the 999 filtered ports to 858 filtered ports, 139 closed ports QUESTION: why cant I allow and/or open a specific port, eg. I want to allow and open port 443, it doesnt allow it, or even 1723 for pptp, why am I not able to??? sorry for the layout, the editor was give issues (aswell... sigh) UPDATE @Madhatter comment #1 thank you madhatter in my iptables file: # Firewall configuration written by system-config-firewall # Manual customization of this file is not recommended. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i eth0 -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT # ----------all rules mentioned in post where added here ONLY!!!---------- -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT if I want to allow and open port 1723 (or edit iptables to allow a pptp connection from remote pc), what changes would I make? (please bear with me, my first time working with servers, etc.) Update MadHatter comment #2 iptables -L -n -v --line-numbers Chain INPUT (policy ACCEPT 0 packets, 0 bytes) num pkts bytes target prot opt in out source destination 1 9 660 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 2 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 3 0 0 ACCEPT all -- eth0 * 0.0.0.0/0 0.0.0.0/0 4 0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 5 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 6 0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) num pkts bytes target prot opt in out source destination 1 0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT 6 packets, 840 bytes) num pkts bytes target prot opt in out source destination just on a personal note, madhatter, thank you for the support , I really appreciate it! UPDATE MadHatter comment #3 here are the interfaces ifconfig eth0 Link encap:Ethernet HWaddr 00:1D:D8:B7:1F:DC inet addr:[server ip] Bcast:[server ip x.x.x].255 Mask:255.255.255.0 inet6 addr: fe80::21d:d8ff:feb7:1fdc/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:36692 errors:0 dropped:0 overruns:0 frame:0 TX packets:4247 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:2830372 (2.6 MiB) TX bytes:427976 (417.9 KiB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:10.8.0.1 P-t-P:10.8.0.2 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) remote nmap nmap -p 1723 [server ip] Starting Nmap 6.00 ( http://nmap.org ) at 2013-11-01 16:17 SAST Nmap scan report for server.address.net ([server ip]) Host is up (0.017s latency). PORT STATE SERVICE 1723/tcp filtered pptp Nmap done: 1 IP address (1 host up) scanned in 0.51 seconds local nmap nmap -p 1723 localhost Starting Nmap 5.51 ( http://nmap.org ) at 2013-11-01 16:19 SAST Nmap scan report for localhost (127.0.0.1) Host is up (0.000058s latency). Other addresses for localhost (not scanned): 127.0.0.1 PORT STATE SERVICE 1723/tcp open pptp Nmap done: 1 IP address (1 host up) scanned in 0.11 seconds UPDATE MadHatter COMMENT POST #4 I apologize, if there might have been any confusion, i did have the rule appended: (only after 3rd post) iptables -A INPUT -p tcp --dport 1723 -j ACCEPT netstat -apn|grep -w 1723 tcp 0 0 0.0.0.0:1723 0.0.0.0:* LISTEN 1142/pptpd There are not VPN's and firewalls between the server and "me" UPDATE MadHatter comment #5 So here is an intersting turn of events: I booted into windows 7, created a vpn connection, went through the verfication username & pword - checking the sstp then checking pptp (went through that very quickly which meeans there is no problem), but on teh verfication of username and pword (before registering pc on network), it got stuck, gave this error Connection failed with error 2147943625 The remote computer refused the network connection netstat -apn | grep -w 1723 before connecting: netstat -apn |grep -w 1723 tcp 0 0 0.0.0.0:1723 0.0.0.0:* LISTEN 1137/pptpd after the error came tried again: netstat -apn |grep -w 1723 tcp 0 0 0.0.0.0:1723 0.0.0.0:* LISTEN 1137/pptpd tcp 0 0 41.185.26.238:1723 41.13.212.47:49607 TIME_WAIT - I do not know what it means but seems like there is progress..., any thoughts???

    Read the article

  • Powershell Win32_NetworkAdapterConfiguration Not "seeing" PPP Adapter

    - by Ben
    I am trying to get the IP of a PPP VPN network connection, but Win32_NetworkAdapterConfiguration does not seem to "see" it. If I interrogate all adapters using my script, it will see everything but the PPP VPN adapter. Is there a specific filter or something I need to enable, or do I need a different class? My Script: $colItems = Get-wmiobject Win32_NetworkAdapterConfiguration foreach ($objItem in $colItems) { Write-Host Description: $objItem.Description Write-Host IP Address: $objItem.IPAddress Write-Host "" } Script Output: Description: WAN Miniport (SSTP) IP Address: Description: WAN Miniport (IKEv2) IP Address: Description: WAN Miniport (L2TP) IP Address: Description: WAN Miniport (PPTP) IP Address: Description: WAN Miniport (PPPOE) IP Address: Description: WAN Miniport (IPv6) IP Address: Description: WAN Miniport (Network Monitor) IP Address: Description: Intel(R) PRO/Wireless 3945ABG Network Connection IP Address: 192.168.2.5 Description: WAN Miniport (IP) IP Address: ipconfig /all output: PPP adapter My VPN: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : My VPN Physical Address. . . . . . . . . : DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv4 Address. . . . . . . . . . . : 10.1.8.12(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.255 Default Gateway . . . . . . . . . : 0.0.0.0 DNS Servers . . . . . . . . . . . : 10.1.1.3 10.1.1.2 Primary WINS Server . . . . . . . : 10.1.1.2 Secondary WINS Server . . . . . . : 10.1.1.3 NetBIOS over Tcpip. . . . . . . . : Enabled Wireless LAN adapter Wireless Network Connection: Connection-specific DNS Suffix . : Belkin Description . . . . . . . . . . . : Intel(R) PRO/Wireless 3945ABG Network Connection Physical Address. . . . . . . . . : 00-3F-3C-22-22-22 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IPv4 Address. . . . . . . . . . . : 192.168.2.5(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : 25 May 2010 20:33:19 Lease Expires . . . . . . . . . . : 22 May 2020 20:33:17 Default Gateway . . . . . . . . . : 192.168.2.1 DHCP Server . . . . . . . . . . . : 192.168.2.1 DNS Servers . . . . . . . . . . . : 192.168.2.1 NetBIOS over Tcpip. . . . . . . . : Enabled Thanks in advance, Ben

    Read the article

1