Open ports for VPN??

Bizentech

Getting the hang of it
Joined
Nov 17, 2015
Messages
105
Reaction score
9
I have a client who has a firewall setup and their tech won’t forward any ports for me. I’d like to put in my own router for VPN service to diagnose any issues and perform firmware updates. Do I need any ports open to access the VPN? I’ve tried the port forwarding but oddly nothing was able to save. I think the router/gateway is on bridge mode with the firewall too.

Also, my client has multiple (5) static IP addresses. I assume I can assign one to my router as a gateway and plug straight into the gateway and not worry about the firewall.
 

bp2008

Staff member
Joined
Mar 10, 2014
Messages
12,666
Reaction score
14,005
Location
USA
Depends on their network setup... nobody can answer you without a lot more details.

VPN servers do of course require incoming connections. Depending on the type of VPN, the port may need to be open for TCP or UDP traffic or maybe even some more obscure protocols.
 

Bizentech

Getting the hang of it
Joined
Nov 17, 2015
Messages
105
Reaction score
9
What more information would I need to provide??
Xfinity Gateway -> Dell SonicWall (I believe manages DHCP, Point of Sale, voip) my unmanaged switch (cams and NVR) is connected to Xfinity Router. P2P mobile app works with no port forwarding rules but can not access web GUI remotely. I believe the sonicwall and xfinity are bridged. Would using a static up address as gateway in my own router work?
 

bp2008

Staff member
Joined
Mar 10, 2014
Messages
12,666
Reaction score
14,005
Location
USA
I guess if the xfinity gateway is in bridge mode then you can just plug your router's WAN port into their gateway and assign one of their available static IP addresses to your router's WAN interface. Copy the gateway and DNS addresses over from their sonicwall (alternatively, you can typically use 8.8.8.8 and 8.8.4.4 for DNS).

From that point, your router should be online with its own private LAN, separate from the rest of their stuff. You would be responsible for keeping that network segment secure (turn off UPnP, don't forward ports to insecure things, maybe even use your router's firewall to block internet access to devices that don't need it).
 

Bizentech

Getting the hang of it
Joined
Nov 17, 2015
Messages
105
Reaction score
9
I agree. Now my thing is will my devices be able to communicate on a 192.168.1.x range even though my router LAN is an external IP address and my Gateway is also an external IP address? I don’t care about DHCP since all devices that would be behind this router are static. I’d probably also have to go into every device and change the gateway from 192.168.1.1 to new LAN external IP address?? Mind you, all cams and NVR are connected to an unmanaged switch. Does this Routing sound correct??
Plus, I’d like to configure a VPN so I can remotely access each device behind this router
 

bp2008

Staff member
Joined
Mar 10, 2014
Messages
12,666
Reaction score
14,005
Location
USA
Are you sure you're qualified for this? :)

Your LAN can use whatever address range you want. Devices on that LAN which need internet access would point at your router's LAN IP for both gateway and DNS.

Your router's WAN interface will have a public IP address, pointing at a gateway address that is run by the ISP. More than likely it will have to be the same gateway address that the client's existing sonicwall uses.
 

Bizentech

Getting the hang of it
Joined
Nov 17, 2015
Messages
105
Reaction score
9
Lol! I just couldn’t get my head wrapped around it since I’m not looking at the router nor am I on site. Just clarification. Spoke to one of my high level IT friends and he clarified everything for me.
Thank you
 
Top