Re: Help setting up home VPN server
Posted: Mon Jan 15, 2018 8:23 am
[quote=LeoBloom post_id=67297 time=1515984656 user_id=18377]
• I don’t like to DMZ to a computer (was just using this to test). Should I forward the default ports (and which ones would these be)? Should I forward the TCP (443, 992, etc…) or UDP (500, 4500)? Is there any security advantage to connect via a different port and then forward to the correct port within the router e.g., (45896 to 500)
[/quote]
For L2TP/IPsec UDP 500 and 4500. And you probably can't change the Port for IPsec. If you use additionally protocols (OpenVPN SoftEthers own HTTPS VPN) you may add TCP443, because some simple port based filrewalls will think its HTTPS and allow it.
[quote=LeoBloom post_id=67297 time=1515984656 user_id=18377]
• Is there a security advantage to using another form of authentication apart from password
[/quote]
In theory yes, based mostly you use "higher entropies" with other authentication methods (like certificates, smartcards...).
[quote=LeoBloom post_id=67297 time=1515984656 user_id=18377]
• How can I get my client computer to see network shares on the server PC?
[/quote]
Don't enable (Secure)NAT. Just use the physical bridging mode.
• I don’t like to DMZ to a computer (was just using this to test). Should I forward the default ports (and which ones would these be)? Should I forward the TCP (443, 992, etc…) or UDP (500, 4500)? Is there any security advantage to connect via a different port and then forward to the correct port within the router e.g., (45896 to 500)
[/quote]
For L2TP/IPsec UDP 500 and 4500. And you probably can't change the Port for IPsec. If you use additionally protocols (OpenVPN SoftEthers own HTTPS VPN) you may add TCP443, because some simple port based filrewalls will think its HTTPS and allow it.
[quote=LeoBloom post_id=67297 time=1515984656 user_id=18377]
• Is there a security advantage to using another form of authentication apart from password
[/quote]
In theory yes, based mostly you use "higher entropies" with other authentication methods (like certificates, smartcards...).
[quote=LeoBloom post_id=67297 time=1515984656 user_id=18377]
• How can I get my client computer to see network shares on the server PC?
[/quote]
Don't enable (Secure)NAT. Just use the physical bridging mode.