Menu
What's new
By:
Filters Better Search

VPN Server on port 53/443?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

netware5 said:
Yes, but if the client is in restrictive environment this is the only possible solution. The port scanners just flood the log file.
Click to expand...
One way to mitigate that is to use the newer tls-auth feature, which I believe allows openvpn to drop invalid connections earlier, and avoiding the log entries. I have never looked into it however, so I don`t know what it`s involved in using it.
 
+1 vote for TCP/993 (TLS Email port)

Although equally as susceptible to scanning I see far less probing of 993 vs 443 (avg 32 hits/day vs 100+ on 443)
 
RMerlin said:
One way to mitigate that is to use the newer tls-auth feature, which I believe allows openvpn to drop invalid connections earlier, and avoiding the log entries. I have never looked into it however, so I don`t know what it`s involved in using it.
Click to expand...

I am using the tls-crypt directive, which is the next level to tls-auth. It does not reduce the noise in log file but stops the scanners at earlier stage.
 
Thanks for your feedback.
Maverickcdn said:
+1 vote for TCP/993 (TLS Email port)

Although equally as susceptible to scanning I see far less probing of 993 vs 443 (avg 32 hits/day vs 100+ on 443)
Click to expand...

Uh good input! I believe I was able to send e-mails while connected to the hotels WLAN so this might be a good idea.
I am also still looking for a way to make syncthing work in such scenarios.
So I could try using OpenVPN on TCP 443 and Syncthing on TCP 993.
 
Tech9 said:
A lot of knocking on the door is expected. Did someone managed to enter though?

github.com

GitHub - fail2ban/fail2ban: Daemon to ban hosts that cause multiple authentication errors

Daemon to ban hosts that cause multiple authentication errors - fail2ban/fail2ban
github.com github.com

I don't know if/how it can be done in Asuswrt-Merlin. Ban for 1h is usually enough to discourage more attempts.
Click to expand...

Yes this is exactly what I was thinking and how my webserver is battling spam and attacks... a simple tool to block/ban IPs based on some rules (e.g. getting spammed on a port).
This would be a really really neat feature in Asus WRT Merlin @RMerlin :)
 
zakazak said:
Yes this is exactly what I was thinking and how my webserver is battling spam and attacks... a simple tool to block/ban IPs based on some rules (e.g. getting spammed on a port).
This would be a really really neat feature in Asus WRT Merlin @RMerlin :)
Click to expand...
Its available through Entware although YMMV installing on an embedded device, personally I run it separately on a much more powerful Linux machine acting as a proxy
 
You must log in or register to reply here.

Similar threads

D
Redirect port 443 to 8443
Replies
6
Views
279
Justinh
J
J
Why does my RT-AX88u show ports 80,443 & 21 open from WAN?
Replies
0
Views
528
Jammy456
J
Alaska99
GT-BE98 PRO and OpenVPN server on port 443
2
Replies
21
Views
2K
Tech9
Tech9
Blankedy
AC86U OpenVPN server whilst in AP mode
Replies
3
Views
385
Blankedy
Blankedy
E
How to segregate a game server?
Replies
13
Views
783
ColinTaylor
C
Similar threads
Thread starter Title Forum Replies Date
C How can I do this.. Router VPN Client to Server 2 Asuswrt-Merlin 3
G VPN Client with Public IP, split tunnel web server over VPN and other traffic not on the VPN Asuswrt-Merlin 4
A Cheapest device to run VPN server Asuswrt-Merlin 6
N Solved Unable to connect to VPN server with self-signed certificate Asuswrt-Merlin 0
G [Help] Routing VPN server through VPN client (external VPN Provider) Asuswrt-Merlin 14
B Cannot connect to Wireguard VPN Server Asuswrt-Merlin 5
Tom Jo-Jo Junior Shabadoo VPN as server - ipv4 over ipv6 Asuswrt-Merlin 0
P VPN Server Problem (wireguard and openvpn) Asuswrt-Merlin 7
H Get VPN DNS Server(s) In Script? Asuswrt-Merlin 0
N Problem with Wireguard VPN server Asuswrt-Merlin 1

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 913 (members: 25, guests: 888)
Top