DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

Port 1723 Open?? Security Risk?

  • allawishous
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
17 May 2017 14:09 #1 by allawishous
Port 1723 Open?? Security Risk? was created by allawishous
Having setup a new Vigor 2860Ln with a ADSL & 4G over an outgoing VPN (LAN to LAN), I seem to have an issue where port 1723 is always open on the ADSL connection?

Can anyone advise why this is? Its nothing I have setup in the open ports or route policy.

It is only open on the ADSL connection and not on the 4G or VPN.

1723 is the PPTP VPN port?

I am using shields up to test this port. All others are showing stealth, but not 1723.

If I turn off "Enable PPTP VPN Service" in "VPN and Remote Access >> Remote Access Control Setup" then it shows as stealth, but this also disables the use of my outgoing LAN to LAN VPN connection on the LTE/4G WAN.


Any help is appreciated.

Please Log in or Create an account to join the conversation.

  • hornbyp
  • User
  • User
More
17 May 2017 16:32 #2 by hornbyp
Replied by hornbyp on topic Re: Port 1723 Open?? Security Risk?
Isn't the bigger risk, using PPTP at all?

I know it's dead easy to setup, but it was compromised long ago. See here (for example): https://www.comparitech.com/blog/vpn-privacy/the-pptp-vpn-protocol-is-not-secure-use-these-alternatives-instead/

It's more of a "VN" than a "VPN", these days - the "Private" bit no longer applies.

Please Log in or Create an account to join the conversation.

  • allawishous
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
17 May 2017 17:00 #3 by allawishous
Replied by allawishous on topic Re: Port 1723 Open?? Security Risk?

hornbyp wrote: Isn't the bigger risk, using PPTP at all?

I know it's dead easy to setup, but it was compromised long ago. See here (for example): https://www.comparitech.com/blog/vpn-privacy/the-pptp-vpn-protocol-is-not-secure-use-these-alternatives-instead/

It's more of a "VN" than a "VPN", these days - the "Private" bit no longer applies.




You are right, but not in my scenario. I am only using PPTP VPN on the LTE/4G to have a static IP allocated. Unfortunately most LTE/4G connections are behind CGNAT so you can not accept incoming connections. Using VPN LAN to LAN is a workaround for this.

Please Log in or Create an account to join the conversation.

  • hornbyp
  • User
  • User
More
17 May 2017 17:49 #4 by hornbyp
Replied by hornbyp on topic Re: Port 1723 Open?? Security Risk?

Allawishous wrote: Unfortunately most LTE/4G connections are behind CGNAT so you can not accept incoming connections. Using VPN LAN to LAN is a workaround for this.



Interesting - you live and learn :)

I think the fact that Port 1723 responds on WAN1 is expected and in-keeping with "PPTP" being enabled.

Maybe the fact that it's not accessible on the "4G" connection is a consequence of the NAT. After all, if you can't accept incoming connections, then you can't accept 1723... presumably the site-to-site VPN is outbound?

Please Log in or Create an account to join the conversation.