inGearX
3.1415 9265
join:2000-06-11
New York
clubs:  
|  HELP: VPN to home from corporate work?
So I've set up my WinXP PC to accept VPN connection (pretty easy here is the guide: »www.onecomputerguy.com/networkin···rver.htm)
This is actually so that my PocketPC could VPN and Sync with it... (also easy »theillustratednetwork.mvps.org/W···bVPN.htm)
But from my understanding such access is restricted by our administrators...
1) How can I test if it really is? Once my PPC tries to VPN and connect to home, my home PC shows something hitting it via proper VPN port 1723 (as I have set up and forwarded), but fails to establish...
2) Maybe using a proxy server help by pass any restrictions? (so my PPC is hitting proxy via port 80 and then doing everything else via that?)
3) What else would you all recommend?
Thank you all very much... |
|
B
Premium,MVM
join:2000-10-28
|
1) By continuing to test and getting caught and fired.
2) And that's a great way to get fired.
3) Not doing any of that if you wish to keep your job.
It's not your corporate network, it's your employer's. If you violate its terms of service, you will be fired and possibly sued and possibly criminally prosecuted for violating the security of the company.
-- B
--
In a realm outside causality and function |
|
B
Premium,MVM
join:2000-10-28
|
More productively, why not ask your network administrators what kind of outbound access IS allowed, and whether your needs might be met by any of the protocols or procedures they DO allow.
-- B
--
In a realm outside causality and function |
|
inGearX
3.1415 9265
join:2000-06-11
New York
clubs: | please take it easy, I'm cool with the administrator, he said by pass it if you have the time to figure out how... |
|
B
Premium,MVM
join:2000-10-28
| Well that's good I guess. (Might wanna get that in writing.)
Unless the firewall(s) at your company specifically support PPTP (or IPSec) VPN passthrough, I'm not sure you can get standard VPN to work.
You could always do an SSH or SSL tunnel back home (assuming your company allows THOSE protocols through) and you can always do everything over port 80 if you have to. I don't think you need a 3rd proxy server, since you control your home network and can listen for whatever ports your company's firewall is willing to let out.
-- B
--
In a realm outside causality and function |
|
Fobulous
Premium
join:2002-08-14
Missouri City, TX
clubs:
 ·Comcast
| reply to inGearX
why would you want to access your home computer while you are at work? shouldn't you be working?? You can always synch your pocketpc when you get home during your own time.
--
When Baron Davis rises toward the rim, defenders have two options: Duck or become a poster. |
|
SoonerAl
Old Enough To Know Better
Premium,MVM
join:2002-07-23
Norman, OK
1 edit |  reply to inGearX
One way to test a PPTP VPN link, which is what your trying to do, is to use the procedure detailed in the VPN Traffic section near the end of this page...
»www.microsoft.com/technet/commun···105.mspx
The XP SP2 Support tools...
»www.microsoft.com/downloads/deta···ylang=en
You run the test from a XP PC at each end of the circuit. It can not be run on a PocketPC...
If your home router can not pass GRE Protocol 47 traffic then your going to be out of luck... Some routers call that PPTP Pass Through or VPN Pass Through. Its been my experience that this can be very problematic with consumer grade routers...
--
"When all else fails, read the instructions..." |
|
SoonerAl
Old Enough To Know Better
Premium,MVM
join:2002-07-23
Norman, OK
| reply to B
said by B  :Well that's good I guess. (Might wanna get that in writing.) Unless the firewall(s) at your company specifically support PPTP (or IPSec) VPN passthrough, I'm not sure you can get standard VPN to work. You could always do an SSH or SSL tunnel back home (assuming your company allows THOSE protocols through) and you can always do everything over port 80 if you have to. I don't think you need a 3rd proxy server, since you control your home network and can listen for whatever ports your company's firewall is willing to let out. -- B You can't run ActiveSync through a SSH tunnel since the SSH tunnel can not pass UDP traffic. I don't know about the SSL tunnel...
--
"When all else fails, read the instructions..." |
|
B
Premium,MVM
join:2000-10-28
| ActiveSync requires UDP?
"Critical file/application system synchronization needs? I know, let's use a transmission protocol that guarantees us NOTHING!"
Okay, but according to »msdn.microsoft.com/library/defau···ough.asp this is not the case. Both UDP and PPTP are specifically NOT supported? (This is out of context, as they're talking about "pass-through" connectivity, but I find several other hits saying that UDP is not supported by ActiveSync.)
-- B
--
In a realm outside causality and function |
|
SoonerAl
Old Enough To Know Better
Premium,MVM
join:2002-07-23
Norman, OK
| According to the Known TCP/IP Ports section on Chris De Herrera's page at...
»www.pocketpcfaq.com/wce/20/protocols.htm
...AS uses certain UDP ports... Based on that I have never tried setting up port forwarding through a SSH tunnel for ActiveSync. So, if someone can get ActiveSync to run through a SSH tunnel I would certainly be interested in that...
Maybe I just need to experiment a bit...I suppose its possible it might work...:)
--
"When all else fails, read the instructions..." |
|
B
Premium,MVM
join:2000-10-28
| Nope. I think the web page owner just got it wrong.
The MS article he references clearly OMITS any mention of UDP.
»support.microsoft.com/kb/q259369/
ActiveSync requires the following Winsock Transmission Control Protocols (TCP) to be available:
• 990
• 999
• 5678
• 5679
If socket port filtering occurs on any of these Winsock ports, ActiveSync does not synchronize with Windows CE-based devices.
-- B
--
In a realm outside causality and function |
|
SoonerAl
Old Enough To Know Better
Premium,MVM
join:2002-07-23
Norman, OK
| Well...
I can't get ActiveSync to work through a SSH tunnel. I used the trial version of PockeTTY...
»www.dejavusoftware.com/pocketty/index.html
...to test from my iPAQ 5555 (using a Targus dial modem) but no matter what I configure in the port forwarding section ActiveSync fails to connect.
Establishing the SSH tunnel to my home XP Pro box over the public internet works just fine and the built-in Terminal Services Client (TSC) on the iPAQ works fine through the SSH tunnel to my XP Pro desktop running as a Remote Desktop host.
I have never heard of anyone getting ActiveSync to work through a SSH tunnel. I would be very interested in hearing from anyone that did though, along with details on how they did it...:)
Later...
--
"When all else fails, read the instructions..." |
|
B
Premium,MVM
join:2000-10-28
| Sorry to hear that. I don't have any ActiveSync enabled products, so I can't test.
Of course there are lots of alternate tunnels you could try.
(Perhaps it's just the DNS issue, choosing UDP for some reason? DNS uses both protocols. Doesn't seem likely, but...)
-- B
--
In a realm outside causality and function |
|
SoonerAl
Old Enough To Know Better
Premium,MVM
join:2002-07-23
Norman, OK
1 edit | Oh, I can ActiveSync from a remote location via a PPTP VPN tunnel...
»theillustratednetwork.mvps.org/W···VPN.html
I wrote the page...:)
I really have no need for this myself. I simply like to come up with solutions to problems that I feel home users (like myself) might be able to use that are cheap (ie. free) and fairly easy to implement...
Later...
--
"When all else fails, read the instructions..." |
|
