1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

OpenVPN ports 1025-65535

Discussion in 'VPN' started by RSengine, May 26, 2020.

  1. RSengine

    RSengine Occasional Visitor

    Joined:
    Sep 19, 2017
    Messages:
    11
    My ASUS router's OpenVPN configuration page says "Due to security concerns, we suggest using a port from 1025 to 65535". I've been setting my port as 443 to mask my VPN packets as HTTPS traffic when travelling. I couldn't find anything about VPN security on Google with regard to ports 1025 to 65535. Am I sacrificing some security as a result of setting my port as 443?
     
  2. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    12,114
    Location:
    UK
    Where are you seeing that message? I can't see it myself. What router model do you have?

    On a normal Linux system ports <1024 are "system ports" that can only be bound to by root and therefore has security implications. That's rather academic on an Asus router IMHO as just about everything runs as root.
     
  3. RSengine

    RSengine Occasional Visitor

    Joined:
    Sep 19, 2017
    Messages:
    11
    It seems that message appears when AiCloud 2.0's Web access port is set as 443 in http://router.asus.com/cloud_settings.asp (even if AiCloud 2.0 is disabled, like it is in my router). Changing that to something else made the message disappear.

    Could a client connected via VPN somehow run commands as root on my router without knowing the admin login then?
     
  4. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    12,114
    Location:
    UK
    No, although I'm not saying it's impossible because all software has the potential to contain bugs. But OpenVPN is very secure and reliable making that extremely unlikely.
     
  5. RSengine

    RSengine Occasional Visitor

    Joined:
    Sep 19, 2017
    Messages:
    11
    Thanks!