Change OpenVPN port?
Can we change the port OpenVPN communicates on? Some smart people block VPN known ports so we can’t use it
-
Andy, to do this on iOS
1. When export the vpn profile, save it to icloud or somewhere
2. then use a text editor to open the file, you will find "1194" on the third line. Change that to the port you want, say 443
3. save the file
5. open that file and import to open vpn
--
On your router, you will need to port forward 443 to Firewalla:1194
-
If they are using a 'cheap' router, you can bypass it simply by changing the port. But ... so far in the places in US that blocks internet (we have seen it in libraries), the block is protocol based. The blocking router will dig deep into the packets, and identify openvpn. (it is not a hard thing to do).
The only way that sort of works is running protocols that mimic https, which works most of the time. If there is enough demand on such, we may build one, it will very likely be a paid feature.
-
-
Not sure if op is still having an issue but it's probably because the network they are connecting to is blocking udp to 443 and/or in general. If firewalla could allow you to change the port and protocol for more restrictive networks that would be awesome. So like we'd be able to set the port to 443 and tcp and it should go though. Unless they are using deep packet inspection but that's still unlikely to block a vpn unless the network requires a proxy and will only allow 443 out through the proxy
-
@travis, are we talking about incoming (VPN server running on firewalla?), in this case, you should have full control, and UDP will operate better. (https://help.firewalla.com/hc/en-us/articles/115004274633-Firewalla-VPN-Server)
The VPN client feature in firewalla should rely on the configuration of the server-side, so there should be no restrictions on tcp/udp. https://help.firewalla.com/hc/en-us/articles/360023379953-VPN-Client-Beta-
-
Yes I'm talking about running the built in vpn server on the firewalla. And yes UDP is a better protocol for vpn BUT if the network you are connecting from is blocking UDP traffic then the vpn on the firewalla vpn becomes useless. You won't be able to connect no matter what you do with port forwarding. A lot of hotel and guest WiFi networks only allow 443 and 80 for TCP traffic.
-
Tommy, not all UDP traffic.
It seems quite common to block most ports+protocol except known necessary ports.
in my case, we can only use TCP80 and TCP443. UDP443 is blocked, as HTTPS traffic doesnt use UDP.
So trying to use an available port (443) also requires the use of TCP.Edit: the above talks about from the source end (VPN client), not the destination network containing the Firewalla. OpenVPN, TCP mode on port 443 will get through those filters/blocks.
I agree with the past posts - this really should be configurable in the Firewalla VPN server. -
Tommy, at work I block all sorts of UDP traffic. All the C2 traffic from bots and zombies call home with their beacon traffic over UDP. UDP traffic is a very common IOC.
I too have a real need to change the VPN port from 1194 to something else.
Will this feature be coming any time soon?
-
I have a gold, and am enrolled in Beta and cannot find this VPN protocol/port change location in the app. If it is only on command line if you could post an example that would be awesome. I am attempting to connect out a TCP Proxy at work to my system at my house. The UDP Port is blocked and seems to be the same issue that was mentioned above by Chris and Brent.
Thanks in advance,
Jeff
Please sign in to leave a comment.
Comments
35 comments