Menu
What's new
By:
Filters Better Search

VPN Server on port 53/443?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

netware5 said:
Yes, but if the client is in restrictive environment this is the only possible solution. The port scanners just flood the log file.
Click to expand...
One way to mitigate that is to use the newer tls-auth feature, which I believe allows openvpn to drop invalid connections earlier, and avoiding the log entries. I have never looked into it however, so I don`t know what it`s involved in using it.
 
+1 vote for TCP/993 (TLS Email port)

Although equally as susceptible to scanning I see far less probing of 993 vs 443 (avg 32 hits/day vs 100+ on 443)
 
RMerlin said:
One way to mitigate that is to use the newer tls-auth feature, which I believe allows openvpn to drop invalid connections earlier, and avoiding the log entries. I have never looked into it however, so I don`t know what it`s involved in using it.
Click to expand...

I am using the tls-crypt directive, which is the next level to tls-auth. It does not reduce the noise in log file but stops the scanners at earlier stage.
 
Thanks for your feedback.
Maverickcdn said:
+1 vote for TCP/993 (TLS Email port)

Although equally as susceptible to scanning I see far less probing of 993 vs 443 (avg 32 hits/day vs 100+ on 443)
Click to expand...

Uh good input! I believe I was able to send e-mails while connected to the hotels WLAN so this might be a good idea.
I am also still looking for a way to make syncthing work in such scenarios.
So I could try using OpenVPN on TCP 443 and Syncthing on TCP 993.
 
Tech9 said:
A lot of knocking on the door is expected. Did someone managed to enter though?

github.com

GitHub - fail2ban/fail2ban: Daemon to ban hosts that cause multiple authentication errors

Daemon to ban hosts that cause multiple authentication errors - fail2ban/fail2ban
github.com github.com

I don't know if/how it can be done in Asuswrt-Merlin. Ban for 1h is usually enough to discourage more attempts.
Click to expand...

Yes this is exactly what I was thinking and how my webserver is battling spam and attacks... a simple tool to block/ban IPs based on some rules (e.g. getting spammed on a port).
This would be a really really neat feature in Asus WRT Merlin @RMerlin :)
 
zakazak said:
Yes this is exactly what I was thinking and how my webserver is battling spam and attacks... a simple tool to block/ban IPs based on some rules (e.g. getting spammed on a port).
This would be a really really neat feature in Asus WRT Merlin @RMerlin :)
Click to expand...
Its available through Entware although YMMV installing on an embedded device, personally I run it separately on a much more powerful Linux machine acting as a proxy
 
You must log in or register to reply here.

Similar threads

P
Accessing remotly Server While Using VPN on Asus Router with Merlin Firmware
Replies
9
Views
196
eibgrad
eibgrad
A
DSL-AX82U HTTP/HTTPS Port Forwarding
Replies
7
Views
364
AX82U-user-2k
A
C
Is there any easy solution in Merlin for a VPN server that is hard to block/detect?
Replies
13
Views
2K
sfx2000
sfx2000
waldo43
Solved Port Forwarding Issue
Replies
6
Views
706
waldo43
waldo43
H
Can no longer get OpenVPN Server to work
Replies
4
Views
524
hvoorend
H
Similar threads
Thread starter Title Forum Replies Date
P Accessing remotly Server While Using VPN on Asus Router with Merlin Firmware Asuswrt-Merlin 9
postoronnim-v How to prevent WireGuard VPN server clients from accessing the local network (allow only Internet access)? Asuswrt-Merlin 18
C Routing my VPN Server through VPN Client 1 Having issues with Facetime Asuswrt-Merlin 50
Y Windows HTTP server behind VPN Asuswrt-Merlin 5
C Is there any easy solution in Merlin for a VPN server that is hard to block/detect? Asuswrt-Merlin 13
Db Major RT-AX88U VPN Server "Others" Page Bug Asuswrt-Merlin 4
L IPSec VPN Server with VNC connection causes ASUS RT-AC3100 to Reboot Asuswrt-Merlin 0
C How can I do this.. Router VPN Client to Server 2 Asuswrt-Merlin 3
G VPN Client with Public IP, split tunnel web server over VPN and other traffic not on the VPN Asuswrt-Merlin 4
A Cheapest device to run VPN server Asuswrt-Merlin 6

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Staff online

Members online

Total: 889 (members: 16, guests: 873)
Top