Which outbound ports OpenVPN client relies on?

[Josko]

Hello!

I know from experience that OpenVPN clients in foreign networks do not require any inbound port to be open.
But what about outbound ports (e.g. in some cases of very strict security policies where outbound ports might be closed) ?

My experiments showed that OpenVPN client's connection work until all outbound ports are open, but as soon I close them (leaving three of them open: 1194, 443 and 2002-it is my default one), OpenVPN does not work then.

Which outbound ports have to be open by the clients ?
Many thanks in advance!!

[openvpn_inc]

Hi Josko,

The answer to that depends what port(s) the server is using. OpenVPN Access Server, for example, can accept client connections on either TCP port 443 or UDP port 1194.

Perhaps what you are missing is a rule to accept the replies from the server?

regards, rob0

[Josko]

Thanks for reply!
My server (inside the Server.ovpn file) is configured to listen on port 2002.
As I said above: I tried at client to leave these 3 outbound ports 1194, 443 and 2002 open, but seems some other is being used?

[Josko]

Could anybody help please?

[Josko]

Rule for accepting replies from the server: are they accepted through clients' outbound ports: TCP443, UDP1194 and UDP2002 ? Or something else needs to be opened at the client?

[TinCanTech]

Search for ephemeral ports..

And learn about networking.

[Josko]

Thanks for reply!

[Josko]

Hello!
I have run

Code: Select all

sudo netstat -tunlp

command and found out that OpenVPN process uses some strange port (usually between 49 and 55 K), I guess it is "ephemeral port" previous guy has mentioned, the question is now how to make that port fixed so I can make an outgoing port-based rule (in cases when firewall blocks outgoing traffic ) ?
Because port number seems to change after every reboot.

BTW. OpenVPN server listens on port 2002 (no mention of this port under Netstat, what confused me as well).
Netstat's output:
https://ibb.co/rHLNqqg