Good Ports to use in Blocked Countries?

Need help configuring your VPN? Just post here and you'll get that help.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
GeoDirk
OpenVpn Newbie
Posts: 8
Joined: Wed Dec 08, 2010 8:29 am

Good Ports to use in Blocked Countries?

Post by GeoDirk » Tue Apr 26, 2011 3:18 pm

Hi All,

I'm working with some people helping to set up a VPN for them. The country that they live in does quite a bit of filtering and monitoring of the internet. If I use the standard OpenVPN ports of 1194, the country should easily be able to identify who it is that is using VPN right? I was thinking of changing the default OpenVPN port to something else that is more common so it doesn't attract attention. Can anyone recommend some better ports besides the 1194 one?

Thanks

User avatar
janjust
Forum Team
Posts: 2703
Joined: Fri Aug 20, 2010 2:57 pm
Location: Amsterdam
Contact:

Re: Good Ports to use in Blocked Countries?

Post by janjust » Wed Apr 27, 2011 6:17 am

you can choose any UDP or TCP port you want , 443 is an often used one , as OpenVPN traffic looks a little bit like SSL traffic.
However, if a country (or company) wants to block OpenVPN traffic they can - OpenVPN traffic is easily discernable on firewalls that do stateful inspection and OpenVPN makes no attempt to hide itself. If you want to duck firewalls resort to things like stunnel and httptunnel. YMMV.

GeoDirk
OpenVpn Newbie
Posts: 8
Joined: Wed Dec 08, 2010 8:29 am

Re: Good Ports to use in Blocked Countries?

Post by GeoDirk » Wed Apr 27, 2011 1:44 pm

Hi Jan,

You say that OpenVPN is easily discernible on deep packet inspection. For curiosity sake, can you elaborate on what it is that makes it so obvious that it is OpenVPN traffic going past?

By the way, on any one server, you can only specify ONE port for OpenVPN to use right?

I purchased your book yesterday...really like it but haven't gotten in there very far. Thanks for all the hard work you put into it!

User avatar
janjust
Forum Team
Posts: 2703
Joined: Fri Aug 20, 2010 2:57 pm
Location: Amsterdam
Contact:

Re: Good Ports to use in Blocked Countries?

Post by janjust » Wed Apr 27, 2011 1:56 pm

it's the handshake protocol which is not the same as a regular SSL handshake; run wireshark while openvpn is connecting to a server configured on port tcp/443 and you will see that wireshark does not decode the traffic as "normal" SSL traffic.

One OpenVPN instance binds to one port, yes; there's nothing from stopping you to run multiple services, however, and you can also use port redirection (using e.g. iptables).

PS thanx for buying my book :mrgreen:

Post Reply