VPN / Remote desktop using TightVNC

L2TP : UDP ports 500 and 4500 and protocol (number 50) ESP if both server and client has a public IP
If server is behind NAT you only need the UDP ports (UDP port 1701 not neccessary).

PPTP : TCP port 1723 and the GRE protocol (with some routers VPN passthrough does the GRE "bit")
All routers on the way need to support VPN passthrough.




Notice the difference between UDP/TCP port numbers and protocols like GRE and ESP.
All protocols are numbered too like 50 for ESP, 6 for TCP and 17 for UDP (and I think GRE is 47?) but you don't really enter those numbers anywhere like with UDP/TCP port numbers.



Also if the server is directly connected to Internet with a public IP and doing the firewalling you must use a second IP on the server to connect to services on the server through the VPN. This IP must be accessible from the VPN and services you want to use not "firewalled off".

So if VNC is on but firewalled off on the main IP (where you also connect the VPN to) the second IP (on the server LAN interface or an alias interface/IP) must be open for VNC access.

If you have a router/firewall between your server and Internet only the VPN ports need to be open and forwarded to the server LAN IP. The rest is accessible through the VPN (if no firewall is running on the server and depending on it's configuration if it is).

Message was edited by: Leif Carlsson