All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Can I use OpenVPN on port 443? Some places block port 1194.
Hi all,
I have installed Nyr OpenVPN script on a VPS server to use as my personal VPN. The problem is that in some places (ex: hotels and shopping center) the VPN will not work using their public Wi-Fi.
The reason is because they have the 1194 port closed on their public w-fi, that is the port OpenVPN uses by default.
So, I will buy a new VPS server to have a second VPN to work on these specific places. My first idea was to setup the VPN server to use port 443. But that just seems to easy.
Will it work properly on port 443? Or it’s a stupid idea?
I use OpenVPN client on my Phone and Laptop. And I do not need any kind of hiper mega privacy to bypass China Firewall. I just want OpenVPN to work on places where port 1194 is closed.
Any help is appreciated.
Thanks!
Comments
It will work properly regardless of the port used
Yes, and this will allow you to use OpenVPN in almost any public network as your want.
443 TCP/UDP should work, if they run DPI they will figure it out and block it.
Try other ports such as 53 UDP which is usually used by DNS.
Thanks all for the suggestions!
I was afraid that by using port 443 might cause some kind of conflit. But I will do that, or as @Neoon said maybe use port 53 UDP.
For OpenVPN the recommended is UDP instead of TCP because is faster.
Well, yes UDP is faster, but most likely its also UDP 443 is not blocked.
If it is, use TCP or UDP 53.
It does not matter which port you choose, it just means that your OpenVPN server allocates the port. Nothing more, no conflict.
Anyone experience places where public Wi-Fi had the 53 UDP port closed? Until now I do not think so. I just found places blocking UDP 1194.
Also on a VPS server that is running just a OpenVPN, is any advantage of using the default 1194? If not, my idea from now on is to never again use port 1194 when setup a VPN.
Always change default port.
Yes.
SSH on 21.
FTP on 22.
...
Will do!
For instance, run HTTP on port 22.
On that note, I think typing port after a domain name would confuse general public lore than IPv6
I run it this way all the time. Works fine.
http://ueser:paeswerd@[2001:0db8:85a3:0000:0000:8a2e:0370:7334]:22/
@Letzien
Too bad Chrome doesn't like that.
No need to buy a 2nd VPS. Just configure a 2nd instance to listen on port 443 or whatever port you'll choose.
If they run DPI they might block it, they might not it depends on the operator and what policies they have in place, In most cases it's more that they don't want P2P and that kind of crap on their network than explictly blocking VPNs so they only allow a small range of ports.
Some will block known public VPN providers as an ill guided attempt to prevent circrumventing the webfiltering that they probably have in place.
Generally though in most of the hotspots/free Wi-Fi's I've used OVPN on TCP/443 has worked fine.
Look at OpenVPN scripts that have obfuscation
stunnel should do the trick. This might help you setting it up: https://github.com/Xaqron/stunnel
On a side note, generally using port 443 TCP for OpenVPN works flawlessly as pointed out above. I rarely needed stunnel (so far, only on airplanes and airports in Eastern Europe and Russia (cough)).
Fine, 2222.
Do you think I can install two Nyr OpenVPN script on the same server? Difference between them will be the port used.
It isn't designed to do that, but it's possible. If you learn to configure it yourself, or run it as non-root under different users, there should be no problem. Of course, this will take some effort, too.
Yes you can. Just copy server.conf and rename it to server-tcp.conf. Edit as needed:
udp -> tcp
1164 -> 443
server 10.8.xx -> server 10.9.xx
systemctl enable openvpn@server-tcp
Avoid using udp 53, because sometimes it's redirected by the router
Edit: dont forget to add iptables rules in /etc/rc.local
You'd only need one on TCP and one on UDP then you can use iptables to NAT additional ports ;-)
Depends on how deep of a packet inspection and filtering there is within the network you're visiting in particular.
Long time ago, i've been using openvpn on tcp443. Worked fine for me.
Here's what I use based on firewall stength in ascending order:
OpenVPN UDP
OpenVPN TCP
OpenVPN on web ports/SSH port
SSH tunnel and OpenVPN through the tunnel
OpenVPN over Shadowsocks
If all else fails, I'll just use a data SIM or roam. Better than nothing, I guess.
On the VPS server Im running Debian 8, and I have installed UFW and open the needed ports. Since is Debian and Im using UFW, do I need to change anything more related with firewall/iptables?
Thanks