1
Votes

Changing default PPTP/L2TP port

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
 
1
Votes

Changing default PPTP/L2TP port

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Changing default PPTP/L2TP port
Changing default PPTP/L2TP port
2023-11-24 21:06:35 - last edited 2023-11-28 03:12:05
Tags: #VPN
Model: ER605 (TL-R605)  
Hardware Version: V2
Firmware Version: 2.1.5

For safety reasons I want to change default ports (TCP 1723 and UDP 1701) of PPTP and L2TP server, OpenVPN and Wireguard have this option but PPTP and L2TP not.

#1
Options
5 Reply
Re:Changing default PPTP/L2TP port
2023-11-27 02:29:14 - last edited 2023-11-27 02:31:37

Hi @phongtom 

Thanks for posting in our business forum.

I am a little bit shocked to see this feature request. Can you give any reasons why we should add this?

Do you know any other brands that can allow you to change the default port for L2TP and PPTP?

 

Update: Security or safety concerns are not the reasons here. So many services use the predefined ports and they work well. I don't know why it becomes a concern here. I know that there are different generations. But this does not make up the reason in this case.

I am not aware that predefined ports are allowed to be moved to spare ports. This is why I ask if any brands allow you to change so.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
#2
Options
Re:Changing default PPTP/L2TP port
2023-11-27 10:11:30

As I said, for safety reasons, using some services like VPN, Remote Desktop, etc. with default listening port has more security vulnerability.

 

On ER605, OpenVPN and Wireguard servers have ability to change default listening port so why we not add this option for PPTP/L2TP too?

#3
Options
Re:Changing default PPTP/L2TP port
2023-11-28 03:11:56 - last edited 2023-11-28 03:14:28

Hi @phongtom 

Thanks for posting in our business forum.

phongtom wrote

As I said, for safety reasons, using some services like VPN, Remote Desktop, etc. with default listening port has more security vulnerability.

 

On ER605, OpenVPN and Wireguard servers have ability to change default listening port so why we not add this option for PPTP/L2TP too?

OVPN and WG support this as they first released. Because they are new generations to fix the problems like the static port, slow speed, and outdated encryption on previous gen. So they have this built-in natively.

 

See my point? They are very old and traditional VPN types and they have been written in the RFC. https://datatracker.ietf.org/doc/html/rfc6071

OVPN and WG are based on the TCP/UDP and a whole new gen of VPN types.

 

Even if you can change its port on the server, then how do you make the port settings on the client? Windows, Android and IOS, do they support customized PPTP, L2TP(over IPsec), and IPsec port? If you make this change on the server, you need to change it on the client as well.

 

 

And safety is not the excuse for changing the port. So, forget about the PPTP which is very old and outdated. L2TP, still used by many, with IPsec encryption, is secure.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
#4
Options
Re:Changing default PPTP/L2TP port
2023-11-28 12:04:47

So with pptp/l2tp will not be easy as creating nat rule to change the port on server side, and adding port to the hostname (for example 123.123.123.123:12345) on client side like other applications like http, etc.

#5
Options
Re:Changing default PPTP/L2TP port
2023-11-29 02:27:59

Hi @phongtom 

Thanks for posting in our business forum.

phongtom wrote

So with pptp/l2tp will not be easy as creating nat rule to change the port on server side, and adding port to the hostname (for example 123.123.123.123:12345) on client side like other applications like http, etc.

Have you implemented this successfully before? The server has changed to a different port based on the PPTP/L2TP VPN, and you can join by 1.2.3.4:1234? Not obeying the old-fashioned ports? It negotiates with TCP/UDP 1234 if you put it in that way???

 

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
#6
Options