openvpn port 1194 scanning.

[don_b]

sorry, if this a dumb question. I am a novice to the world of networking
I have dd-wrt router and a openvpn server up and running on it. I have used the default port of 1194.

if i goto sites like http://www.whatsmyip.org/port-scanner/

and try to check if port 1194 is open, it tells me my port is blocked. the other two ports below also show as blocked.

In the ddwrt router where my openvpn server is running I have added the following rules.

iptables -I INPUT -p udp --dport 1194 -j ACCEPT

iptables -I INPUT -p udp --dport 53 -j ACCEPT

iptables -I INPUT -p udp --dport 22 -j ACCEPT


what is strange is i can connect to the server from clients, within my lan and outside of it , from a hotspot in a cafe or a android phone and connect to machines within my home network as well as securely browse the internet.

i am missing something here.. just curious

[janjust]

(double post - removed other topic)

UDP port scanning is tricky and openvpn does not respond to port scans ; therefore, most public internet port scanner are not able to detect openvpn running on udp port 1194.

[qupfer]

In the ddwrt router where my openvpn server is running I have added the following rules.

iptables -I INPUT -p udp --dport 53 -j ACCEPT

iptables -I INPUT -p udp --dport 22 -j ACCEPT

You are sure about this entries?

I mean, UDP-Port 53 is for dns. Do you want resolve "external" dns queries? I'm not sure about ddwrt, but maybe you can leave this line or specify for the tun/tap device and/or lan ports. I think (but not sure) its not a good idea, to generaly open port 53.

And Port 22 is normaly for ssh. But ssh use TCP for transmitting...so the line open an "unneeded" port. (or have you a other service on port 22?). And its also no bad idea, to change the ssh port to something higher...like 22222

Hope you unterstand my text (I wouldn't call it english )