Hi All,
I'm working with some people helping to set up a VPN for them. The country that they live in does quite a bit of filtering and monitoring of the internet. If I use the standard OpenVPN ports of 1194, the country should easily be able to identify who it is that is using VPN right? I was thinking of changing the default OpenVPN port to something else that is more common so it doesn't attract attention. Can anyone recommend some better ports besides the 1194 one?
Thanks
Good Ports to use in Blocked Countries?
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
- OpenVpn Newbie
- Posts: 8
- Joined: Wed Dec 08, 2010 8:29 am
- janjust
- Forum Team
- Posts: 2703
- Joined: Fri Aug 20, 2010 2:57 pm
- Location: Amsterdam
- Contact:
Re: Good Ports to use in Blocked Countries?
you can choose any UDP or TCP port you want , 443 is an often used one , as OpenVPN traffic looks a little bit like SSL traffic.
However, if a country (or company) wants to block OpenVPN traffic they can - OpenVPN traffic is easily discernable on firewalls that do stateful inspection and OpenVPN makes no attempt to hide itself. If you want to duck firewalls resort to things like stunnel and httptunnel. YMMV.
However, if a country (or company) wants to block OpenVPN traffic they can - OpenVPN traffic is easily discernable on firewalls that do stateful inspection and OpenVPN makes no attempt to hide itself. If you want to duck firewalls resort to things like stunnel and httptunnel. YMMV.
-
- OpenVpn Newbie
- Posts: 8
- Joined: Wed Dec 08, 2010 8:29 am
Re: Good Ports to use in Blocked Countries?
Hi Jan,
You say that OpenVPN is easily discernible on deep packet inspection. For curiosity sake, can you elaborate on what it is that makes it so obvious that it is OpenVPN traffic going past?
By the way, on any one server, you can only specify ONE port for OpenVPN to use right?
I purchased your book yesterday...really like it but haven't gotten in there very far. Thanks for all the hard work you put into it!
You say that OpenVPN is easily discernible on deep packet inspection. For curiosity sake, can you elaborate on what it is that makes it so obvious that it is OpenVPN traffic going past?
By the way, on any one server, you can only specify ONE port for OpenVPN to use right?
I purchased your book yesterday...really like it but haven't gotten in there very far. Thanks for all the hard work you put into it!
- janjust
- Forum Team
- Posts: 2703
- Joined: Fri Aug 20, 2010 2:57 pm
- Location: Amsterdam
- Contact:
Re: Good Ports to use in Blocked Countries?
it's the handshake protocol which is not the same as a regular SSL handshake; run wireshark while openvpn is connecting to a server configured on port tcp/443 and you will see that wireshark does not decode the traffic as "normal" SSL traffic.
One OpenVPN instance binds to one port, yes; there's nothing from stopping you to run multiple services, however, and you can also use port redirection (using e.g. iptables).
PS thanx for buying my book
One OpenVPN instance binds to one port, yes; there's nothing from stopping you to run multiple services, however, and you can also use port redirection (using e.g. iptables).
PS thanx for buying my book