Автор Евгений Шарапов задал вопрос в разделе Интернет
Как узнать порт на прокси- сервере который следует открыть для подключения через него VPN? и получил лучший ответ
Ответ от Ёергей[гуру]
Для VPNа нужны
IPsec- обмен ключами IKE через UDP500 инкапсуляция заголовков через 50 51 порт
PPTP и L2TP - UDP c порта 1701 на порт 1701, TCP с портов >1023 на порт 1723
здесь под сраный линукс но порты прописаны полностью.. .
ссылка
5.3 Troubleshooting
Most problems can be localized by running a packet sniffer (e.g. tcpdump with the -v option) on your VPN firewall. If everything is working properly, you'll see the following traffic:
Client local network:
IPsec: UDP (destination UDP port 500) and ESP (IP protocol 50) traffic from your IPsec client local network IP to the remote IPsec host's Internet IP. If you don't see this, your IPsec client is misconfigured.
PPTP: TCP (destination TCP port 1723) and GRE (IP protocol 47) traffic from your PPTP client local network IP to the PPTP server's Internet IP. If you don't see this, your PPTP client is misconfigured.
ISP side of client firewall: UDP and ESP or TCP and GRE traffic from the client firewall Internet IP (remember - we're masquerading) to the VPN server's Internet IP. If you don't see this, your masquerade is misconfigured or the patch isn't working.
ISP side of server firewall: UDP and ESP or TCP and GRE traffic from the client Internet IP to the VPN server's Internet IP. If you don't see this, the Internet is down 🙂 or some intermediary is blocking ESP or GRE traffic.
Boundary network (DMZ) side of server firewall: UDP and ESP or TCP and GRE traffic from the client internet IP to the server IP. If you don't see this, check your firewall rules for forwarding UDP port 500 and IP protocol 50 or TCP port 1723 and IP protocol 47, and the configuration of ipportfw and ipfwd if you're masquerading the server.
Boundary network side of server firewall: UDP (source port 500) and ESP or TCP (source port 1723) and GRE traffic from the VPN server IP to the client internet IP. If you don't see this, check the VPN server configuration, including the packet filtering rules on the VPN server.
ISP side of server firewall: UDP and ESP or TCP and GRE traffic from the VPN server IP (or firewall IP if the server is masqueraded) to the client internet IP. If you don't see this, check your firewall rules for forwarding UDP port 500 and IP protocol 50 or TCP port 1723 and IP protocol 47.
ISP side of client firewall: UDP and ESP or TCP and GRE traffic from the VPN server IP to the client firewall internet IP. If you don't see this, the Internet is acting up again.
Client local network: UDP and ESP or TCP and GRE traffic from the VPN server internet IP to the VPN client local network IP. If you see the UDP traffic but not the ESP traffic, or the TCP traffic but not the GRE traffic, the patch isn't working or wasn't properly installed.