-1

Hosting a PPTP VPN server on a subdomain, how do I enable the service on the domain with a SRV DNS record?

I've already tried:

_pptp._tcp.domain.top. 86400 IN SRV 10 10 1723 sub.domain.top.

though my DNS service provider interface errored it and removed the dot as such before accepting:

_pptp._tcp.domain.top 86400 IN SRV 10 10 1723 sub.domain.top.

No dice, when checking for open ports. If the dot being removed is causing the error, why would the provider want it gone?

Also, do I need to enable the GRE protocol on port 1723 as well?

yusf
  • 107
  • 5

1 Answers1

2

Nothing in PPTP uses SRV records. Perhaps there's some PPTP client that uses SRV records for location that I'm not aware of, but that's not part of the PPTP protocol. Likewise, if you're using some crazy kind of firewall that opens ports based on DNS that's also not part of the PPTP protocol-- that's something else entirely.

For PPTP to work the clients need access to the server computer's TCP port 1723 and to the server's IP with the GRE protocol (IP protocol 47). That second one trips a lot of people up-- that's an IP protocol number, not a TCP port. If your edge firewall doesn't support forwarding based on IP protocol number then you won't be hosting a PPTP server behind it.

Evan Anderson
  • 141,071
  • 19
  • 191
  • 328
  • I was under the impression that one could use SRV records to redirect requests to a domain on a certain port to a subdomain. Wrong? – yusf Sep 06 '14 at 12:50
  • SRV RR's are used in some protocols to provide service location. The DC Locator protocol from Active Directory (which Domain member computers use to locate a Domain Controller computer) is an example of such a protocol. The PPTP protocol doesn't have any service location functionality built-in to the design of the protocol. It's certainly possible that somebody could build a PPTP client with such a feature set, but I'm not aware of any that exist. Just creating SRC RR's in DNS, when the client doesn't support using them, won't actually accomplish anything. – Evan Anderson Sep 07 '14 at 02:35