Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Can I use OpenVPN on port 443? Some places block port 1194.
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Can I use OpenVPN on port 443? Some places block port 1194.

Hi all,

I have installed Nyr OpenVPN script on a VPS server to use as my personal VPN. The problem is that in some places (ex: hotels and shopping center) the VPN will not work using their public Wi-Fi.

The reason is because they have the 1194 port closed on their public w-fi, that is the port OpenVPN uses by default.

So, I will buy a new VPS server to have a second VPN to work on these specific places. My first idea was to setup the VPN server to use port 443. But that just seems to easy.

Will it work properly on port 443? Or it’s a stupid idea?

I use OpenVPN client on my Phone and Laptop. And I do not need any kind of hiper mega privacy to bypass China Firewall. I just want OpenVPN to work on places where port 1194 is closed.

Any help is appreciated.

Thanks!

Comments

  • It will work properly regardless of the port used :tongue:

  • Yes, and this will allow you to use OpenVPN in almost any public network as your want.

  • NeoonNeoon Community Contributor, Veteran
    edited December 2018

    443 TCP/UDP should work, if they run DPI they will figure it out and block it.
    Try other ports such as 53 UDP which is usually used by DNS.

  • Thanks all for the suggestions!

    I was afraid that by using port 443 might cause some kind of conflit. But I will do that, or as @Neoon said maybe use port 53 UDP.

    For OpenVPN the recommended is UDP instead of TCP because is faster.

  • NeoonNeoon Community Contributor, Veteran

    @nqservices said:
    Thanks all for the suggestions!

    I was afraid that by using port 443 might cause some kind of conflit. But I will do that, or as @Neoon said maybe use port 53 UDP.

    For OpenVPN the recommended is UDP instead of TCP because is faster.

    Well, yes UDP is faster, but most likely its also UDP 443 is not blocked.
    If it is, use TCP or UDP 53.

    It does not matter which port you choose, it just means that your OpenVPN server allocates the port. Nothing more, no conflict.

  • nqservicesnqservices Member
    edited December 2018

    Anyone experience places where public Wi-Fi had the 53 UDP port closed? Until now I do not think so. I just found places blocking UDP 1194.

    Also on a VPS server that is running just a OpenVPN, is any advantage of using the default 1194? If not, my idea from now on is to never again use port 1194 when setup a VPN.

  • Always change default port.

  • @easy said:
    Always change default port.

    Yes.
    SSH on 21.
    FTP on 22.
    ...

    Thanked by 1brueggus
  • @easy said:
    Always change default port.

    Will do!

  • For instance, run HTTP on port 22.

  • ClouviderClouvider Member, Patron Provider

    @Letzien said:
    For instance, run HTTP on port 22.

    On that note, I think typing port after a domain name would confuse general public lore than IPv6 :p

    Thanked by 2gestiondbi Letzien
  • I run it this way all the time. Works fine.

  • @Clouvider said:

    @Letzien said:
    For instance, run HTTP on port 22.

    On that note, I think typing port after a domain name would confuse general public lore than IPv6 :p

    http://ueser:paeswerd@[2001:0db8:85a3:0000:0000:8a2e:0370:7334]:22/

    Thanked by 2eol Aidan
  • @Letzien

    Too bad Chrome doesn't like that.

  • @nqservices said:

    So, I will buy a new VPS server to have a second VPN to work on these specific places. My first idea was to setup the VPN server to use port 443. But that just seems to easy.

    No need to buy a 2nd VPS. Just configure a 2nd instance to listen on port 443 or whatever port you'll choose.

  • @Neoon said:
    443 TCP/UDP should work, if they run DPI they will figure it out and block it.
    Try other ports such as 53 UDP which is usually used by DNS.

    If they run DPI they might block it, they might not it depends on the operator and what policies they have in place, In most cases it's more that they don't want P2P and that kind of crap on their network than explictly blocking VPNs so they only allow a small range of ports.

    Some will block known public VPN providers as an ill guided attempt to prevent circrumventing the webfiltering that they probably have in place.

    Generally though in most of the hotspots/free Wi-Fi's I've used OVPN on TCP/443 has worked fine.

  • Look at OpenVPN scripts that have obfuscation

  • solairesolaire Member
    edited December 2018

    stunnel should do the trick. This might help you setting it up: https://github.com/Xaqron/stunnel

    On a side note, generally using port 443 TCP for OpenVPN works flawlessly as pointed out above. I rarely needed stunnel (so far, only on airplanes and airports in Eastern Europe and Russia (cough)).

  • @FlamesRunner said:
    @Letzien

    Too bad Chrome doesn't like that.

    Fine, 2222. :smiley:

  • @Akito said:
    No need to buy a 2nd VPS. Just configure a 2nd instance to listen on port 443 or whatever port you'll choose.

    Do you think I can install two Nyr OpenVPN script on the same server? Difference between them will be the port used.

  • @nqservices said:

    @Akito said:
    No need to buy a 2nd VPS. Just configure a 2nd instance to listen on port 443 or whatever port you'll choose.

    Do you think I can install two Nyr OpenVPN script on the same server? Difference between them will be the port used.

    It isn't designed to do that, but it's possible. If you learn to configure it yourself, or run it as non-root under different users, there should be no problem. Of course, this will take some effort, too.

  • NanoG6NanoG6 Member
    edited December 2018

    @nqservices said:

    @Akito said:
    No need to buy a 2nd VPS. Just configure a 2nd instance to listen on port 443 or whatever port you'll choose.

    Do you think I can install two Nyr OpenVPN script on the same server? Difference between them will be the port used.

    Yes you can. Just copy server.conf and rename it to server-tcp.conf. Edit as needed:
    udp -> tcp
    1164 -> 443
    server 10.8.xx -> server 10.9.xx
    systemctl enable openvpn@server-tcp

    Avoid using udp 53, because sometimes it's redirected by the router

    Edit: dont forget to add iptables rules in /etc/rc.local

    Thanked by 1uptime
  • dragon2611dragon2611 Member
    edited December 2018

    @NanoG6 said:

    @nqservices said:

    @Akito said:
    No need to buy a 2nd VPS. Just configure a 2nd instance to listen on port 443 or whatever port you'll choose.

    Do you think I can install two Nyr OpenVPN script on the same server? Difference between them will be the port used.

    Yes you can. Just copy server.conf and rename it to server-tcp.conf. Edit as needed:
    udp -> tcp
    1164 -> 443
    server 10.8.xx -> server 10.9.xx
    systemctl enable openvpn@server-tcp

    Avoid using udp 53, because sometimes it's redirected by the router

    Edit: dont forget to add iptables rules in /etc/rc.local

    You'd only need one on TCP and one on UDP then you can use iptables to NAT additional ports ;-)

  • nqservices said: Will it work properly on port 443? Or it’s a stupid idea?

    Depends on how deep of a packet inspection and filtering there is within the network you're visiting in particular.

    Long time ago, i've been using openvpn on tcp443. Worked fine for me.

  • Here's what I use based on firewall stength in ascending order:

    • OpenVPN UDP

    • OpenVPN TCP

    • OpenVPN on web ports/SSH port

    • SSH tunnel and OpenVPN through the tunnel

    • OpenVPN over Shadowsocks

    If all else fails, I'll just use a data SIM or roam. Better than nothing, I guess.

  • nqservicesnqservices Member
    edited December 2018

    @dragon2611 said:

    Edit: dont forget to add iptables rules in /etc/rc.local

    You'd only need one on TCP and one on UDP then you can use iptables to NAT additional ports ;-)

    On the VPS server Im running Debian 8, and I have installed UFW and open the needed ports. Since is Debian and Im using UFW, do I need to change anything more related with firewall/iptables?

    Thanks

Sign In or Register to comment.