Which ports to unblock for VPN traffic to pass-through?

RRAS based VPN server is behind a firewall

  • For PPTP:
    • IP Protocol=TCP, TCP Port number=1723   <- Used by PPTP control path
    • IP Protocol=GRE (value 47)   <- Used by PPTP data path
  • For L2TP:
    • IP Protocol Type=UDP, UDP Port Number=500    <- Used by IKEv1 (IPSec control path)
    • IP Protocol Type=UDP, UDP Port Number=4500   <- Used by IKEv1 (IPSec control path)
    • IP Protocol Type=ESP (value 50)   <- Used by IPSec data path
  • For SSTP:
    • IP Protocol=TCP, TCP Port number=443   <- Used by SSTP control and data path
  • For IKEv2:
    • IP Protocol Type=UDP, UDP Port Number=500    <- Used by IKEv2 (IPSec control path)
    • IP Protocol Type=UDP, UDP Port Number=4500   <- Used by IKEv2 (IPSec control path)
    • IP Protocol Type=ESP (value 50)   <- Used by IPSec data path

RRAS server is directly connected to Internet

 

  • For PPTP:
    • IP Protocol=TCP, TCP Port number=1723  <- Used by PPTP control path
    • IP Protocol=GRE (value 47)  <- Used by PPTP data path
  • For L2TP:
    • IP Protocol Type=UDP, UDP Port Number=500   <- Used by IKEv1 (IPSec control path)
    • IP Protocol Type=UDP, UDP Port Number=4500 <- Used by IKEv1 (IPSec control path)
    • IP Protocol Type=UDP, UDP Port Number=1701  <- Used by L2TP control/data path
    • IP Protocol Type=50  <- Used by data path (ESP)
  • For SSTP:
    • IP Protocol=TCP, TCP Port number=443   <- Used by SSTP control and data path
  • For IKEv2:
    • IP Protocol Type=UDP, UDP Port Number=500   <- Used by IKEv2 (IPSec control path)
    • IP Protocol Type=UDP, UDP Port Number=4500 <- Used by IKEv2 (IPSec control path)
    • IP Protocol Type=UDP, UDP Port Number=1701  <- Used by L2TP control/data path
    • IP Protocol Type=50 <- Used by data path (ESP)