Search This Blog

Loading...

Monday, April 20, 2015

How do you port forward a VPN?

Periodically, I encounter documents on the internet that indicate you can port forward from an internet modem in order to establish a VPN.  Typically, internet modems can port forward Ports like TCP and UDP Ports but they cannot normally forward IP Protocol IDs.  A Virtual Private Network consists of TCP Ports, UDP Ports and IP Protocol IDs.  

L2TP over IPSec uses ESP (IP Protocols ID 50), AH (IP Protocol ID 51), IKE (UDP Port 500), L2F/L2TP (UDP 1701) and NAT-T (UDP Port 4500) .
 
IPSec uses ESP (IP Protocol ID 50) and AH (IP Protocol ID 51).  For IKE Phase 1 and 2 negotiations, IKE (UDP Port 500).  For NAT-T IKE Phase 1 and 2 negotiations, IKE (UDP Port 500) and NAT-T (UDP Port 4500).

PPTP uses (TCP Port 1723) and GRE (IP Protocol ID 47).

IPSec Passthrough

Some internet modems are capable of enabling IPSec Passthrough which is also called IPSec NAT Traversal which allows an IPSec VPN to be established.

IP Passthrough & Bridge Mode

Another option is to configure an internet modem to use IP Passthrough which assigns a Public IP Address to the External NIC of the device being accessed.  You could also configure an internet modem to use Bridge Mode which also assigns a Public IP Address to the External NIC of the device being accessed.  However, this would would only be secure if you have a firewall between the internet and the device being accessed.  Without a hardware firewall, the device is open on the internet.  Software firewalls are not recommended as they can be compromised.  It is also recommended that the device being accessed is inside a DMZ meaning your Internal LAN is on a separate subnet on a separate LAN port of your hardware firewall.

Curiously, not all Internet Service Providers truly provide IP Passthrough.  ClearWire for example provides true IP Passthrough while Comcast Business does not.

Conclusion

The easiest and most straight-forward solution for establishing a VPN is with the use of a firewall.  I recommend the Watchguard XTM.  I also recommend the use of L2TP over IPSec versus other VPN Protocols such as IPSec or PPTP.  L2TP over IPSec is secure and the Client Protocol is native to the Windows Operating System.

Notes

  • Client-side computers often connect to a VPN using a dynamically assigned outbound port.

  • Firewalls can be configured with policies which handle IP Protocol ID destinations which is similar to port forwarding.


If you found this information helpful, please consider linking to Eugene Computer Repair.

Donations are greatly appreciated.

Subscribe to: Posts (Atom)

Wednesday, December 24, 2014

osCommerce Online Merchant - Error: The maximum number of login attempts has been reached. Please try again in 5 minutes.

When attempting to login as Administrator to osCommerce Online Merchant, you may encounter the message: "Error: The maximum number of login attempts has been reached. Please try again in 5 minutes."  The error message may recur for an extended period of time beyond five minutes which results in being unable to login as administrator.  Although not stated in the error message, this error message may actually indicate a corrupt installation of osCommerce Online Merchant.  You may need to backup the osCommerce Online Merchant MySQL database and reinstall the application. However if the issue is simply an incorrect Administrator Username and/or incorrect Administrator Password, you can reset the Administrator Username and Administrator Password using the following steps:

To reset osCommerce Online Merchant Administrator Username and Administrator Password, please perform the following steps:
  1. Using PHPMyAdmin login to MySQL.

  2. Backup the MySQL database.

  3. Truncate the tables: administrators, action_recorder and sessions.

  4. Using a web browser, browse to the osCommerce Online Merchant Admin directory.

  5. When prompted, set the new Administrator Username.

  6. When prompted, set the new Administrator Password.

  7. Login using your newly created credentials.
This issue has been resolved.

If you found this information helpful, please consider linking to Eugene Computer Repair.

Donations are greatly appreciated.

Subscribe to: Posts (Atom)

How do you locate osCommerce Online Merchant version number?

To locate osCommerce Online Merchant version number, please perform the following steps:
  1. Using a web browser, browse to the osCommerce Online Merchant Admin directory.

  2. Login using your Administrator Username and Administrator Password.

  3. Click Tools.

  4. Click Server Info. 
This issue has been resolved.

If you found this information helpful, please consider linking to Eugene Computer Repair.

Donations are greatly appreciated.

Subscribe to: Posts (Atom)

Thursday, December 11, 2014

How do you nslookup a Computer inside a Windows Domain from outside a Windows Domain?

If you perform nslookup from a Computer that is not configured to use the existing Windows Domain DNS and/or the Computer is not joined to the Windows Domain, you will have to use the Fully Qualified Domain Name (FQDN) ala host.domain.suffix to nslookup a Computer inside the domain.  Example: computer01.mydomain.com.  First, please set the nslookup server to the Windows Domain DNS and then enter the FQDN of the computer you wish to lookup.

If you found this information helpful, please consider linking to Eugene Computer Repair.

Donations are greatly appreciated.

Subscribe to: Posts (Atom)

How do you perform nslookup from a specific DNS Server?

To perform nslookup from a specific DNS Server, please perform the following steps:
  1. Click Start - Run.

  2. Type: nslookup

  3. Hit Enter.

  4. Type: server [Server IP Address or Server Hostname of the DNS Server you wish to utilize]

  5. Hit Enter.

  6. Type: [Server IP Address or Server Hostname to lookup]

  7. Hit Enter.
This issue has been resolved.  You are now using the specified DNS Server to perform nslookup.

If you found this information helpful, please consider linking to Eugene Computer Repair.

Donations are greatly appreciated.

Subscribe to: Posts (Atom)

Microsoft Windows Server 2012 + Second Copy + Recycle Bin

When using Center Systems Second Copy on Microsoft Windows Server 2012, you may encounter the error message: "The Recycle Bin on [Drive Letter]:\ is corrupted.  Do you want to empty the Recycle Bin for this drive?"  When you click Yes, the dialog box only reappears.  To resolve this issue:
  1. Open an Elevated Command Prompt.

  2. Type: rd /s /q [Drive Letter]:\$Recycle.bin

  3. The Recycle Bin for that Drive Letter is then deleted.  Open Second Copy.

  4. Click Edit.

  5. Click Options.

  6. Click the Copy tab.

  7. Uncheck "Move deleted files to Recycle Bin."

  8. Click OK.
This issue has been resolved.

If you found this information helpful, please consider linking to Eugene Computer Repair.

Donations are greatly appreciated.

Subscribe to: Posts (Atom)

Configuration Manager: The specified device instance handle does not correspond to a present device

When opening or closing a Service in the Services Control Panel, you may encounter the message: "Configuration Manager: The specified device instance handle does not correspond to a present device."  To resolve this issue, please perform the following steps:
  1. Click Start - Run.

  2. Type: regedit

  3. Click OK.

  4. Browse to: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\[Service Name].  For example if the Automatic Updates Service is displaying this message, you would browse to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv.

  5. Right-mouse click the registry key and Export the registry key in order to make a backup.

  6. Delete the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\[Service Name]\Enum. For example, delete HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Enum.

  7. Close RegEdit.

  8. Click Start - Shutdown - Restart.
This issue has been resolved.

If you found this information helpful, please consider linking to Eugene Computer Repair.

Donations are greatly appreciated.

Subscribe to: Posts (Atom)

Wednesday, December 10, 2014

What VPN Client software do you use with a Watchguard VPN?

On Microsoft Windows computers, the operating system does not include a native IPSec VPN Client that is compatible with the Watchguard IPSec VPN.  On Microsoft Windows computers, you must use a third-party application.  You can use the free and open source Shrew Soft VPN Client Standard for Windows.  When you install the Shrew Soft VPN Client, it defaults to installing the Professional version which requires a charge.  Please select Standard when installing the Shrewsoft VPN Client.

Please Note: It is also possible to use the WatchGuard IPSec Mobile VPN Client software to access the Watchguard IPSec VPN.  However the WatchGuard IPSec Mobile VPN Client is a commercial product that requires a fee.  It is also important to note that you do not want to install both the WatchGuard IPSec Mobile VPN Client and the Shrew Soft VPN Client on the same computer.  If you do so, your LAN connection will fail due to a conflict between the two programs. If this occurs, simply uninstall one of the IPSec VPN Clients and reboot Windows.

On Apple Mac OSX, Apple iOS, Android 4.x and later devices, the operating systems includes a native IPSec VPN Client that is fully compatible with the Watchguard IPSec VPN.

If you found this information helpful, please consider linking to Eugene Computer Repair.

Donations are greatly appreciated.

Subscribe to: Posts (Atom)

Legal Notice

Alan Curtis and A1 Smart Computer Services provide programming examples and technical information for illustration only without warranty either expressed or implied. This includes, but is not limited to, the implied warranties of merchantability or fitness for a particular purpose.

Alan Curtis does not assume any legal liability or responsibility for the accuracy and/or completeness of the information provided. Alan Curtis will not be held liable for any direct or indirect loss or damage arising under this legal notice or in connection with the use of this website. Alan Curtis is not affiliated with Microsoft, Yahoo and Google. All trademarks and copyrighted material are the property of their respective owners.

The opinions expressed by Alan Curtis on this blog is based upon information he considers reliable but is not warranted for its completeness or accuracy and should not be relied upon as such. Alan Curtis' statements and opinions are subject to change without notice.

The entire contents of this blog has been copyrighted by Alan Curtis and A1 Smart Computer Services unless otherwise indicated. All rights are reserved by Alan Curtis and A1 Smart Computer Services and content may not be reproduced, downloaded, disseminated, published, or transferred in any form or by any means, except with the prior written permission of Alan Curtis and A1 Smart Computer Services.

For professional Eugene Computer Repair, contact A1 Smart Computer Services.