Is OpenVPN in full control of my open server port?

This forum is for admins who are looking to build or expand their OpenVPN setup.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
LFNfan1
OpenVpn Newbie
Posts: 3
Joined: Tue Aug 07, 2018 9:06 pm

Is OpenVPN in full control of my open server port?

Post by LFNfan1 » Tue Aug 07, 2018 9:29 pm

Hi

My modem/router forwards connections on a particular port to the port on my Ubuntu 16.04 server that OpenVPN is listening on.

My question is: is OpenVPN in full control of that open server port? So it only lets through authenticated connections and drops all other ? Could a rogue attempt to connect somehow 'go around the side' of OpenVPN and get in to my server via the open port?

Any insights / info gratefully accepted.

Many thanks

Paul

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 4886
Joined: Fri Jun 03, 2016 1:17 pm

Re: Is OpenVPN in full control of my open server port?

Post by TinCanTech » Tue Aug 07, 2018 9:50 pm

--tls-auth takes good care of this, you can read about it in the HOWTO under Hardening ..

LFNfan1
OpenVpn Newbie
Posts: 3
Joined: Tue Aug 07, 2018 9:06 pm

Re: Is OpenVPN in full control of my open server port?

Post by LFNfan1 » Wed Aug 08, 2018 10:08 pm

Hi TinCanTech

Thanks very much for your response. tls auth is incorporated in my config files, and I can see from the log that successful connections are authenticating with tls 1.2. So that's good.

I guess my question is whether a connection attempt to the open port could be successful by somehow going totally around the side of OpenVpn? Or does OpenVPN control the response to every single communication on the port it's listening on, and nothing can get in by bypassing OpenVPN entirely?

Many thanks

Paul

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 4886
Joined: Fri Jun 03, 2016 1:17 pm

Re: Is OpenVPN in full control of my open server port?

Post by TinCanTech » Wed Aug 08, 2018 10:31 pm

my question is whether a connection attempt to the open port could be successful by somehow going totally around the side of OpenVpn?
It is staggeringly unlikely .. but you can use --port-share .. see the documentation :geek:

You could have a Stuxnet type virus

LFNfan1
OpenVpn Newbie
Posts: 3
Joined: Tue Aug 07, 2018 9:06 pm

[solved] Re: Is OpenVPN in full control of my open server port?

Post by LFNfan1 » Sun Aug 12, 2018 11:43 am

Thanks very much.

Interesting to see --port share, but I'll not be needing that.

I checked my network and infrastructure re. Stuxnet - no siemens hardware :lol:

Thanks again

Post Reply