Declined Changing default PPTP/L2TP port
For safety reasons I want to change default ports (TCP 1723 and UDP 1701) of PPTP and L2TP server, OpenVPN and Wireguard have this option but PPTP and L2TP not.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hi @phongtom
Thanks for posting in our business forum.
I am a little bit shocked to see this feature request. Can you give any reasons why we should add this?
Do you know any other brands that can allow you to change the default port for L2TP and PPTP?
Update: Security or safety concerns are not the reasons here. So many services use the predefined ports and they work well. I don't know why it becomes a concern here. I know that there are different generations. But this does not make up the reason in this case.
I am not aware that predefined ports are allowed to be moved to spare ports. This is why I ask if any brands allow you to change so.
- Copy Link
- Report Inappropriate Content
As I said, for safety reasons, using some services like VPN, Remote Desktop, etc. with default listening port has more security vulnerability.
On ER605, OpenVPN and Wireguard servers have ability to change default listening port so why we not add this option for PPTP/L2TP too?
- Copy Link
- Report Inappropriate Content
Hi @phongtom
Thanks for posting in our business forum.
phongtom wrote
As I said, for safety reasons, using some services like VPN, Remote Desktop, etc. with default listening port has more security vulnerability.
On ER605, OpenVPN and Wireguard servers have ability to change default listening port so why we not add this option for PPTP/L2TP too?
OVPN and WG support this as they first released. Because they are new generations to fix the problems like the static port, slow speed, and outdated encryption on previous gen. So they have this built-in natively.
See my point? They are very old and traditional VPN types and they have been written in the RFC. https://datatracker.ietf.org/doc/html/rfc6071
OVPN and WG are based on the TCP/UDP and a whole new gen of VPN types.
Even if you can change its port on the server, then how do you make the port settings on the client? Windows, Android and IOS, do they support customized PPTP, L2TP(over IPsec), and IPsec port? If you make this change on the server, you need to change it on the client as well.
And safety is not the excuse for changing the port. So, forget about the PPTP which is very old and outdated. L2TP, still used by many, with IPsec encryption, is secure.
- Copy Link
- Report Inappropriate Content
So with pptp/l2tp will not be easy as creating nat rule to change the port on server side, and adding port to the hostname (for example 123.123.123.123:12345) on client side like other applications like http, etc.
- Copy Link
- Report Inappropriate Content
Hi @phongtom
Thanks for posting in our business forum.
phongtom wrote
So with pptp/l2tp will not be easy as creating nat rule to change the port on server side, and adding port to the hostname (for example 123.123.123.123:12345) on client side like other applications like http, etc.
Have you implemented this successfully before? The server has changed to a different port based on the PPTP/L2TP VPN, and you can join by 1.2.3.4:1234? Not obeying the old-fashioned ports? It negotiates with TCP/UDP 1234 if you put it in that way???
- Copy Link
- Report Inappropriate Content
Information
Helpful: 1
Views: 825
Replies: 5