Http://www.boofee.net/bigfee/read.php? 976
Modify the Windows rras vpn pptp service default port number through the Registry
The default port number used by the first-layer tunnel protocol PPtp of VPN (Virtual Private Network) is TCP 1723, which is a standard, that is to say, whether it is the VPN service provided by Microsoft Windows Server or other systems or hardware VPN, this port number is used, but if it is the route and remote access (RRAS) that comes with Windows Server) you can modify the port number through the Registry to hide the VPN Server. However, note that the VPN Client used here is still a Windows-based VPN connection.
First, let's take a look at the connection status of the VPN Server built with the route and remote access (RRAS) provided by Windows Server: after the service is successfully created, the Server listens to TCP port 1723 on the Server and waits for a connection, the client dials through a valid account authorized by the server. After the connection is successful, enter netstat-an Under the CMD client to see that the client also opens TCP port 1723, which is also listening. Through subsequent explanations, we can find that the TCP 1723 port opened here is not affected by the Client Firewall, that is, even if the Client Firewall does not open this port, the system can also open this port for listening.
The above is connected through the default port, we modify the Registry to achieve the purpose of custom port: First find this item in the server registry [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlClass {4D36E972-E325-11CE-BFC1-08002bE10318}], this item sets the key values related to the network adapter. Under this item, you can see the named branches such as 0000, 0001, and 0002. These branches set information about each interface, then we find the branch that contains the string DriverDesc and the value is the WAN micro port (PPTP). This branch may be one of the named branches such as 0000, 0001, and 0002, we can continue to find the TcpPortNumber key under this branch. We can see that the default decimal value is 1723, and this 1723 is the default port number opened by the VPN service. We can change it to any other port number.
Through the above settings, after we restart the server, enter netstat-an in the cmd of the server, and you will find that the VPN Server has started listening for the modified port number, this indicates that the default port number 1723 has been successfully changed on the server.
Next, configure the client. The port number modified by the VPN service is different from that modified by the terminal service by adding a colon and a port number to the target IP address. The experiment shows that the VPN Client Computer also needs to modify the registry key value on the server to connect to the server, after the modification, the firewall that comes with the client system must be closed to successfully connect (only open this port is not available). Otherwise, the system will prompt error 691: the connection to the remote computer cannot be established, therefore, the port used for this connection is closed. Using the default 1723 does not require firewall port opening.
Summary: to modify the default port number for a VPN Server built using the route and remote access (RRAS) built on Windows Server, you must modify the TcpPortNumber key value in the registry at the same time on the Server and client; in addition to modifying the registry, the client must also disable the built-in firewall.