1. Which ports do I need to open on my firewall to use EasyVPN?
The following ports need to be forwarded through to the Mac running EasyVPN.
Port 500 UDP
Port 4500 UDP
Port 1701 UDP
protocol 50 (ESP)
protocol 47 (GRE)
2. What are Network Routing Definitions?
By using network routing definitions, you can choose whether to route data from VPN clients to an address group through the VPN tunnel (referred to as private) or over the VPN user’s ISP connection (referred to as public).
For example, you can have all VPN client traffic that goes to the LAN IP address range go through the secure tunnel to the LAN, but make all traffic to other addresses be routed through the user’s normal, unsecured Internet connection.
This helps you have greater control over what goes through the VPN tunnel.
Important Notes About VPN Routing Definitions
* If no routing definitions are added, traffic is routed through the VPN connection by default.
* If routing definitions are added, the VPN connection is no longer set as the default route, and traffic destined for addresses not specifically declared as a private route will not go over the VPN connection.
* DNS lookups go over the VPN connection regardless of the routes that are set.
* Definitions are unordered. They only apply the description that most closely matches the packet being routed.
3. What is the difference between L2TP/IPSec and PPTP
There are two encrypted transport protocols: Layer Two Tunneling Protocol, Secure Internet Protocol (L2TP/IPSec) and Point–to–Point Tunneling Protocol (PPTP). You can enable either or both of these protocols. Each has its own strengths and requirements.
L2TP/IPSec uses strong IPSec encryption to tunnel data to and from network nodes. It is based on Cisco’s L2F protocol.
IPSec requires security certificates (either self-signed or signed by a certificate authority such as Verisign) or a predefined shared secret between connecting nodes.
The shared secret must be entered on the server and the client.
The shared secret is not a password for authentication, nor does it generate encryption keys to establish secure tunnels between nodes. It is a token that the key management systems use to trust each other.
L2TP is Mac OS X’s preferred VPN protocol because it has superior transport encryption.
PPTP is a commonly used Windows standard VPN protocol. PPTP offers good encryption (if strong passwords are used) and supports a number of authentication schemes. It uses the user-provided password to produce an encryption key.
By default, PPTP supports 128-bit (strong) encryption. PPTP also supports the 40-bit (weak) security encryption.
PPTP is necessary if you have Windows clients with versions earlier than Windows XP or if you have Mac OS X v10.2.x clients or earlier.