Which UDP or TCP ports do I have to open?

[Don-Santo]

Hey Guys!
Normally when I adapt/establish a VPN connection with IPSec/L2TP I have to open some ports like
UDP-Ports 500, 1701 UDP 4500 (IP Sec NAT Traversal) and IP-Protokoll 50 = ESP (Encapsulating Security Payload);
or over PPTP I have also to open TCP-Port 1723. (VPN is terminated behind a router on Win 10 computer)

So there are two questions as follows:
First) But in that case I'm using "SoftEther's" HTTPS (SSL-VPN) protocol software solution to establish a VPN tunnel
I don't have open and forward any port on that router. Is that correct?

thank you in advance for your effort.

[robertroos]

I depends how you have setup the VPN.
Is your VPN server located apart from the RDP server? Or is it running on the RDP server itself?

[Don-Santo]

At location A) there is a windows 10 professional desktop with installed “Soft Ether VPN Client” from where we want to access to a 20 kilometres far location B) also with a windows 10 Professional computer where soft Ether VPN Server is installed and on the same machine RDP is allowed!
Because at location B) there is running an ERP (enterprise resource management) software we have to access with a VPN tunnel. Once the VPN connection is established we want to start from A to B this Windows own RDP (remote desktop).
Last but not least what’s about my first question about the ports?

[KGriff]

I have a two Windows 10 machines on a small LAN ... One machine has Softether server and both computers have RDP access available ... With Windows 10 to get RDP access from a remote location you must setup the users that can have Remote Desktop access and also you need to open port TCP/UDP port 3384 on the each of the firewalls on the win10 PC themselves.

Having setup the users and the port you then need to go to the router in the LAN and if you are using L2TP/IPSec for remote VPN access to the Windows 10 PC (running the Softether server software then you need to forward just ports 500 and 4500 on the router itself.

Those are the only ports you need to open and forward to the IP address of Windows 10 PC running Softether.

You do NOT need to forward port 3384 on the router... That port will be accessible after you have established the VPN connection because you have opened it on the firewall of the PC itself.

Hope that makes sense and is the answer you were looking for.

Kind Regards...

Ken

[thisjun]

Please forward the TCP port that is configured on VPN client.

[KGriff]

thisjun wrote:
> Please forward the TCP port that is configured on VPN client.

Is there really a need to? ... L2TP over IPSec does appear to work okay, for me at least, with just the two UDP ports 500 and 4500 forwarded on the router. Surely the less open ports, the better the security?

Having said that, I am only using iPad and iPhone clients, which do not require/request a port to be configured in its client L2TP configuration that is built into the iOS VPN settings.

I was just wondering what the benefits are by opening the servers 'chosen' TCP port aswell?

[thisjun]

I answered to Don-Santo's first question.
>But in that case I'm using "SoftEther's" HTTPS (SSL-VPN) protocol software solution to establish a VPN tunnel
>I don't have open and forward any port on that router. Is that correct?