StarDestroyer.Net BBS

At work, I want to connect my laptop to my home network via VPN. I know jack shit about VPN but I was playing around with it and got the basics down. I have the ports forwarded through my router, I have the incoming connection set up on my home PC, and the outgoing VPN connection set up on my laptop. It works. I can successfully connect from my laptop to my desktop at home via VPN. Trouble it, it doesn't work when connected to my office WiFi due to blocked ports. The infuriating thing is exactly which ports are blocked. During my experiments, I tested SSTP, PPTP, and L2TP. L2TP doesn't work at all on my desktop for some reason so I am ignoring that. Of the remaining two, here are the results:

1. SSTP - Uses port 443 which is not blocked by my work firewall. However, it requires a server authentication certificate which I can't get on my desktop, since it's not a server O/S.

2. PPTP - Uses ports 1723 (not blocked) and port 47 (blocked).

So that's the pickle. The one protocol I can use unhindered won't work because I'm not connecting to a server. The other protocol that works has one of it's two necessary ports blocked. I could ask the IT guys at work to unblock port 47 but I'd probably have better luck sacrificing a goat and praying for divine intervention.

That leaves two options. First, try to find some way to bullshit the SSTP connection into thinking there's a valid certificate on my home machine. Second, find a way to change the GRE port from 47 to another port that's unblocked by my work firewall.

Any thoughts on how to accomplish either of those tasks? Thanks!

Uh, does your work permit you to open VPN tunnels to arbitrary networks? That's usually a huge red flag to security.

It does when I am connected to the guest WiFi network, which is isolated from the main network.

Shouldn't your VPN server let you produce private-public key pairs for each client and then generate a client certificate for your laptop (and possibly a root certificate authority for your laptop)?

You might also try OpenVPN and see if that helps. Hamachi is also pretty straightforward, too.

I'm using the built-in VPN function of windows 7 and I'm not sure how to go about generating a new certificate.

Look over this article and see if it answers any questions

http://www.pcworld.com/article/210562/h ... ows_7.html

Thanks AMT. Yeah that's basic setup which I already know how to do. The issue is that I need to either change the outgoing port that my laptop uses for VPN or get a server certificate for my desktop so I can use SSTP.

phongn wrote:Shouldn't your VPN server let you produce private-public key pairs for each client and then generate a client certificate for your laptop (and possibly a root certificate authority for your laptop)?

You might also try OpenVPN and see if that helps. Hamachi is also pretty straightforward, too.

Thanks for the links. OpenVPN has a bandwidth cap so I don't think I'll go with that one. Hamachi looks like it'd work fine. 30 bucks a year though...

What firewall are you using?

No idea. It's a firewall on the guest internet connection where I work. Probably an industrial grade one.

Borgholio wrote:

phongn wrote:Shouldn't your VPN server let you produce private-public key pairs for each client and then generate a client certificate for your laptop (and possibly a root certificate authority for your laptop)?

You might also try OpenVPN and see if that helps. Hamachi is also pretty straightforward, too.

Thanks for the links. OpenVPN has a bandwidth cap so I don't think I'll go with that one. Hamachi looks like it'd work fine. 30 bucks a year though...

A bandwidth cap? You might be looking at the OpenVPN service and not the free software. Fairly certian you can run it locally even on Windows, though I've only looked at it on Linux.

Huh...I must be blind, I don't see any reference to the free software. All the download links seem to be for the PrivateTunnel service.

Should be there:
https://openvpn.net/index.php/open-sour ... loads.html
You may also want a GUI:
http://openvpn.se/

Yeah OpenVPN hurt my brain. Way too many options that need to be manually entered into the client and server config files. And I still have to screw around with authentication keys.

Thank you! stardestroyer is so helpful answering my many questions.