[m@]

I am currently sitting behind a firewall and need to connect to a PPTP VPN.

Am I corect in thinking that VPN will try and use ports that are blocked by the firewall. If so is there anyway to tunnel it via ssh

I have tried conecting via Internet Connect and using DigiTunnel.

Any help would be appreciated

[siegzdad]

What type of Firewall are you behind? What type of PPTP server are you connecting to?

Most home gateway routers and recent linux firewalls will pass PPTP traffic without many problems, but windows based firewalls usually have issues with it.

As for ports, its not that simple. PPTP uses UDP500 (IKE) and Protocol 50 (ESP). Most inexpensive routers can forward the UDP port no problem, but telling it to pass a protocol is something totally different.

A little more info on your setup might help.

[m@]

Unfortunatly lack if information is half the problem.

All my university says is that you can access the VPN using PPTP tools and then gives the URL for the server. They recomend PiePants and DigiTunnel, both of which I couldn't get to work.

When I use PiePants the log says
"2003-07-11 10:57:37.523 kextload[1102] CFLog (20): The program you are using needs to use a system file that may reduce the security of your computer.: <CFArray 0x2f4900 [0xa01303fc]>{type = mutable-small, count = 3, values = (
0 : <CFString 0x7274 [0xa01303fc]>{contents = "The file ""}
1 : <CFString 0x2fd8b0 [0xa01303fc]>{contents = "tunnel.kext"}
2 : <CFString 0x7284 [0xa01303fc]>{contents = "" has problems that may reduce the security of your computer. You should contact the manufacturer of the product you are using for a new version. If you are sure the file is OK, you can allow the application to use it, or fix it and then use it. If you click Don't Use, any other files that depend on this file will not be used."}
)}
kextload: kmod_control/start failed for com.robthedude.kext.tunnel; destroying kmod
kextload: a link/load error occured for kernel extension /Users/parkinso/Desktop/PiePants.app/Contents/MacOS/../Resources/tunnel.kext
load failed for extension /Users/parkinso/Desktop/PiePants.app/Contents/MacOS/../Resources/tunnel.kext
(run kextload with -t for diagnostic output)
Loading PPTP device: /sbin/kextload /Users/parkinso/Desktop/PiePants.app/Contents/MacOS/../Resources/tunnel.kext
error loading device
"

As for my firewall this is set-up by the institute where I work, this basically shuts everything down apart form http, https, ssh and ftp in passive mode. The only way I can get anything that doesn't use these protocols directly is to direct them via these allowed protocols.

[siegzdad]

Just to make sure I am getting this right, you are trying to connect from your place of work, to the Universities PPTP server, correct? Where you work has a firewall with a very strict security policy in place.

In that case, I would say you are outta luck. PPTP cannot work though any other ports because it is not just one port, like http, or ssh, or UDP500 (IKE). It uses a protocol completely seperate from TCP or UDP. Unfortunately, I do not think you will find a way to circumvent the firewall without getting them to make an exception.

Since PPTP is a tunneling protocol to begin with, I do not think you will find a way to tunnel it inside of SSH or HTTP.

As a side topic, while I can understand a companies decision to limit the protocols a person can use for Internet access, I do not agree with it. This type of policy is often too restrictive, and so much legitimate traffic gets dropped. Most US government agencies have "deny by exception" policy for outbound access (meaning they allow everything outbound and only deny specific traffic types).

Inbound I whole heartedly agree with an "allow by exception" policy.

[m@]

You are correct with the setup. Unfortunately it would seam that I am out of luck, as there is no way for me to get the firewall changed here.

Thanks anyway