What's new

VPN Server on port 53/443?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Yes, but if the client is in restrictive environment this is the only possible solution. The port scanners just flood the log file.
One way to mitigate that is to use the newer tls-auth feature, which I believe allows openvpn to drop invalid connections earlier, and avoiding the log entries. I have never looked into it however, so I don`t know what it`s involved in using it.
 
+1 vote for TCP/993 (TLS Email port)

Although equally as susceptible to scanning I see far less probing of 993 vs 443 (avg 32 hits/day vs 100+ on 443)
 
One way to mitigate that is to use the newer tls-auth feature, which I believe allows openvpn to drop invalid connections earlier, and avoiding the log entries. I have never looked into it however, so I don`t know what it`s involved in using it.

I am using the tls-crypt directive, which is the next level to tls-auth. It does not reduce the noise in log file but stops the scanners at earlier stage.
 
Thanks for your feedback.
+1 vote for TCP/993 (TLS Email port)

Although equally as susceptible to scanning I see far less probing of 993 vs 443 (avg 32 hits/day vs 100+ on 443)

Uh good input! I believe I was able to send e-mails while connected to the hotels WLAN so this might be a good idea.
I am also still looking for a way to make syncthing work in such scenarios.
So I could try using OpenVPN on TCP 443 and Syncthing on TCP 993.
 
A lot of knocking on the door is expected. Did someone managed to enter though?


I don't know if/how it can be done in Asuswrt-Merlin. Ban for 1h is usually enough to discourage more attempts.

Yes this is exactly what I was thinking and how my webserver is battling spam and attacks... a simple tool to block/ban IPs based on some rules (e.g. getting spammed on a port).
This would be a really really neat feature in Asus WRT Merlin @RMerlin :)
 
Yes this is exactly what I was thinking and how my webserver is battling spam and attacks... a simple tool to block/ban IPs based on some rules (e.g. getting spammed on a port).
This would be a really really neat feature in Asus WRT Merlin @RMerlin :)
Its available through Entware although YMMV installing on an embedded device, personally I run it separately on a much more powerful Linux machine acting as a proxy
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top