• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 589
  • Last Modified:

Clear test to see if VPN / RDP working

The boss travels a lot. USA, Europe, etc. Often he cannot connect to our Windows server and his Windows XP box via VPN/RDP from his Windows XP laptop.

I'm looking for tools or techniques that make it unabiquously clear that VPN or whatever is blocked from the hotel, coffee shop, airport or other location he's trying to login from.

What simple thing (or tool) could I have him try to make things clear?
0
PlanktonSPG
Asked:
PlanktonSPG
  • 4
  • 3
1 Solution
 
PlanktonSPGAuthor Commented:
One location told him "We block all ports below 500". Is there a workaround for such cases? Something I can configure on our servers so he could still get in?
If so, please give specifics for a windows server setup. Thanks!
0
 
SarcastCommented:
Easiest way is to telnet your way to the port. If it doesnt open or responds, it's blocked.

Nmap for windows has a nice gui that does the same, but easier to work with:
http://nmap.org/download.html
0
 
SarcastCommented:
Use a router or firewall on your side that rerouts certain higher ports (usually above 1024) to for example port 500 or 3389.

Rerouting VPN tunnels can be tricky though, since VPN gets jumpy when network packages get altered.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
PlanktonSPGAuthor Commented:
telnet is not always available and is not active currently on our server. Nmap looks interesting. Would he want to see ports 47, 1723 and 3389 for NameServer, VPN and RDP access?  If port 47 is blocked does that block access or Ping?  I'd like to avoid rerouting things. If the connection doesn't work we can live with it. Just want clear evidence of blocked accesss instead of iffy failure messages.
0
 
SarcastCommented:
I did not explain properly.

Telnet is one of the most simple client utltilies out there which was always available on most Windows PC's (with exception of server 2008 iirc).
You can use telnet to open a connection to a port.

For example c:\> telnet www.google.com 80
if the port opens.. and the telnet session connects, then the connection works.
If it hangs, it's closed at his location.

Telnet does nothing more, just open the port. Nmap does the same, but has extra options and a nice gui if you use the windows version.

Also DNS runs on port 53. You might be confused with the GRE IP protocol 47 (not a port).
http://support.microsoft.com/kb/241251
0
 
PlanktonSPGAuthor Commented:
Thanks.  So then he needs 53, 1723 and 3389 access to successfully RDP?

i.e., nmap -p53,1723,3389  <machinename>
0
 
SarcastCommented:
To succesfully RDP, you just need port 3389 if you connect on IP basis.
With a hostname, you need port 53 for DNS.

If port 1723 does not work, vpn isn't available for sure. However, if it does work, it's still no guarantee that the VPN tunnel can be built.
0

Featured Post

What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now