Is this method a security issue?

  • Thread starter Thread starter Ray C
  • Start date Start date
R

Ray C

I have a VPN working from my home PC to my work PC. Work's ISP uses DHCP,
but to allow PPTP pass through, the router must be set up using a static IP.
So what I did was add my work PC to the DMZ list on the router, then I
installed Sygate Personal Firewall on my work PC, made an advanced rule that
allows all access for my home PC's IP number only, while blocking all other
incoming requests. Is our LAN as safe now using the described method as it
was behind the router's firewall (ZA)?

TIA,
Ray
 
I don't think you are as safe. I don't trust personal firewall software
running on the target machine as well as I do similar software running on a
separate piece of hardware, but I don't think there's a huge difference.

What I don't understand is your statement about the fact that the work IP is
dynamic, you can't use a PPTP VPN. I use PPTP VPN connections between two
different dynamic IP endpoints (i.e. both ends are dynamic) every day.

I take it that the Sygate firewall is also set to let in appropriate traffic
from the local subnet?
 
I don't think you are as safe. I don't trust personal firewall software
running on the target machine as well as I do similar software running on a
separate piece of hardware, but I don't think there's a huge difference.
Click to expand...

I am inclined to agree with you now, when I came in this morning, I had a
couple of spamed "windows messages" This is the first time I've ever had
one on any of my machines.
What I don't understand is your statement about the fact that the work IP is
dynamic, you can't use a PPTP VPN. I use PPTP VPN connections between two
different dynamic IP endpoints (i.e. both ends are dynamic) every day.
Click to expand...

First off, I am no where near accomplished at this sort of thing. In a
previous post I asked for links to directions on how to set this up, I got a
reply with a link to a very useful tutorial on how to do it. Along with the
link were the instructions,

"For a PPTP VPN (the default), you will need to forward TCP Port 1723
to the private IP address of the computer you want to act as server..
Your firewall manual will discuss how to do this..."

The manual for the router says, "The router's DHCP functions must be
disabled to use port forwarding" I tried it without disabling the DHCP
functions, and got an error 800. I have not tried disabling DHCP as I don't
want to risk interupting internet access for the entire office.
I take it that the Sygate firewall is also set to let in appropriate traffic
from the local subnet?
Click to expand...

I set it up on a as requested basis. I mean to say I "allowed always" the
spefic items I use, as I used them for the first time with the firewall
running.
 
You don't have to disable the routers DHCP settings.. Just set a
static ip address for your network adapter near the range you
currently get (i.e., if your router assigns you 192.168.2.10, assign
your computer an address in the similar range such as 192.168.2.5).
The reason why you need to do this is in case the address your
computer recieves from the DHCP server changes, thus making the port
forwarding invalid.

Jeffrey Randow (Windows Net. & Smart Display MVP)
(e-mail address removed)

Please post all responses to the newsgroups for the benefit
of all USENET users. Messages sent via email may or may not
be answered depending on time availability....

Remote Networking Technology Support Site -
http://www.remotenetworktechnology.com
Windows XP Expert Zone - http://www.microsoft.com/windowsxp/expertzone
 
Well after more than 2 weeks of messing with this by myself I decided to go
to work today and have the wife at the computer at home. I tried everything
nothing worked, so I decided to try bypassing the router at work, then I had
an immediate connection. The only thing that was changed besides bypassing
the router was the public IP address used, obviously.

I then remembered seeing a post on a forum where a guy complained VPN worked
fine then wouldn't work after updating his firmware, I have the same router
as he did, and my firmware has been updated to the latest version (Linksys -
BESFR41, v1.45.7) I figured it was worth a shot, so I reverted back to
v1.44.2z (the only other version they have listed on their web site) I then
changed the settings to what I tried the very first time I attempted this,
and there it is, connected.

Is it likely that the v1.45.7 firmware is a POS, or is it more likely that
when it was downloaded/installed something got corrupted, or something else?

Anyway, what should have taken about an hour, including the drive to work
and back, took over 2 weeks...

Thanks for the help, sorry if I made it sound confusing with my lack of
experience in this area. Now I need to go explore the possibilities of what
I can accomplish with this new found asset...

Ray
 
Excellent work!

Hope you can spend some time enjoying the functionality, rather than
debugging.

I don't have an opinion about the firmware change--I haven't seen this
issue, but I am not using that model at sites I work with at the moment--if
you can go back to the new version and prove that it breaks outbound VPN,
I'd get in touch with Linksys, and put some pressure on them for a
fix--they've cost you a good deal of time.
 
It wouldn't surprise me... Linksys firmware has been known to cause
many problems... :(

Jeffrey Randow (Windows Net. & Smart Display MVP)
(e-mail address removed)

Please post all responses to the newsgroups for the benefit
of all USENET users. Messages sent via email may or may not
be answered depending on time availability....

Remote Networking Technology Support Site -
http://www.remotenetworktechnology.com
Windows XP Expert Zone - http://www.microsoft.com/windowsxp/expertzone
 
Back
Top