Having setup a new Vigor 2860Ln with a ADSL & 4G over an outgoing VPN (LAN to LAN), I seem to have an issue where port 1723 is always open on the ADSL connection?

Can anyone advise why this is? Its nothing I have setup in the open ports or route policy.

It is only open on the ADSL connection and not on the 4G or VPN.

1723 is the PPTP VPN port?

I am using shields up to test this port. All others are showing stealth, but not 1723.

If I turn off "Enable PPTP VPN Service" in "VPN and Remote Access >> Remote Access Control Setup" then it shows as stealth, but this also disables the use of my outgoing LAN to LAN VPN connection on the LTE/4G WAN.


Any help is appreciated.

Isn't the bigger risk, using PPTP at all?

I know it's dead easy to setup, but it was compromised long ago. See here (for example): https://www.comparitech.com/blog/vpn-privacy/the-pptp-vpn-protocol-is-not-secure-use-these-alternatives-instead/

It's more of a "VN" than a "VPN", these days - the "Private" bit no longer applies.

hornbyp wrote: Isn't the bigger risk, using PPTP at all?

I know it's dead easy to setup, but it was compromised long ago. See here (for example): https://www.comparitech.com/blog/vpn-privacy/the-pptp-vpn-protocol-is-not-secure-use-these-alternatives-instead/

It's more of a "VN" than a "VPN", these days - the "Private" bit no longer applies.

You are right, but not in my scenario. I am only using PPTP VPN on the LTE/4G to have a static IP allocated. Unfortunately most LTE/4G connections are behind CGNAT so you can not accept incoming connections. Using VPN LAN to LAN is a workaround for this.

Allawishous wrote: Unfortunately most LTE/4G connections are behind CGNAT so you can not accept incoming connections. Using VPN LAN to LAN is a workaround for this.

Interesting - you live and learn

I think the fact that Port 1723 responds on WAN1 is expected and in-keeping with "PPTP" being enabled.

Maybe the fact that it's not accessible on the "4G" connection is a consequence of the NAT. After all, if you can't accept incoming connections, then you can't accept 1723... presumably the site-to-site VPN is outbound?