Change OpenVPN port?

Comments

19 comments

  • Avatar
    Firewalla

    Andy,  will log an issue for this.  To be clear, you are on phone trying to VPN through the provider network, and they block it.

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    Andy on second thought, there may be a simpler way to do this.  You can use the router's port forwarding to redirect to Firewalla.  That is

    map port 443 on the router to: port 1194 on Firewalla.  

    0
    Comment actions Permalink
  • Avatar
    Andy Taylor

    That’s correct, I’ll try your suggestion thanks!

    0
    Comment actions Permalink
  • Avatar
    Andy Taylor

    Didn’t work! I think the issue is, the OpenVPN profile uses 1194 and that is blocked on the router

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    Andy, you are right, until we have a better solution, you may need to edit the profile to change the port to the one that open by the router.

    0
    Comment actions Permalink
  • Avatar
    Andy Taylor

    Thanks, how do I edit the profile? Not really used OpenVPN before. Is there specific software I can use?

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    Andy, to do this on iOS

    1. When export the vpn profile, save it to icloud or somewhere

    2. then use a text editor to open the file, you will find "1194" on the third line.  Change that to the port you want, say 443

    3. save the file

    5. open that file and import to open vpn

    --

    On your router, you will need to port forward 443 to Firewalla:1194

     

    1
    Comment actions Permalink
  • Avatar
    Andy Taylor

    Thanks for the info. I followed the steps and I still cannot get onto my home VPN on the Guest WiFi network I'm using. It works fine on my mobile phone data, but when I switch onto the WiFi, no luck. They must have some more advanced blocking tech going on here.

     

    0
    Comment actions Permalink
  • Avatar
    Steven Peachey

    Revisiting this topic;

    I have tried various combinations of port changes but still unable to use VPN over a specific public wifi. Has anyone determined a way to bypass these "VPN blocks"?

    Thanks for your help!

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    If they are using a 'cheap' router, you can bypass it simply by changing the port.  But ... so far in the places in US that blocks internet (we have seen it in libraries), the block is protocol based.  The blocking router will dig deep into the packets, and identify openvpn. (it is not a hard thing to do).  

    The only way that sort of works is running protocols that mimic https, which works most of the time.  If there is enough demand on such, we may build one,  it will very likely be a paid feature. 

    0
    Comment actions Permalink
  • Avatar
    Adam Badzioch

    Am I to assume Firewalla blocks OPENVPNs in and out of a router? I have a 15 yeat old who likes to try and bypass parental controls with open VPNs on home network

    0
    Comment actions Permalink
  • 0
    Comment actions Permalink
  • Avatar
    Travis

    Not sure if op is still having an issue but it's probably because the network they are connecting to is blocking udp to 443 and/or in general. If firewalla could allow you to change the port and protocol for more restrictive networks that would be awesome. So like we'd be able to set the port to 443 and tcp and it should go though. Unless they are using deep packet inspection but that's still unlikely to block a vpn unless the network requires a proxy and will only allow 443 out through the proxy

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    On the manual way is to do this

    1. On your router, port forward 443 to 1194 on Firewalla

    2. Change the .ovpn file generated by firewalla to point to 443

     

    This will allow you do use any port on the router.

    0
    Comment actions Permalink
  • Avatar
    Travis

    Doesn't help because the traffic is still UDP which 99% of the time is blocked in restricted networks.

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    @travis, are we talking about incoming (VPN server running on firewalla?), in this case, you should have full control, and UDP will operate better. (https://help.firewalla.com/hc/en-us/articles/115004274633-Firewalla-VPN-Server)

     

    The VPN client feature in firewalla should rely on the configuration of the server-side, so there should be no restrictions on tcp/udp.  https://help.firewalla.com/hc/en-us/articles/360023379953-VPN-Client-Beta-

     

    0
    Comment actions Permalink
  • Avatar
    Travis

    Yes I'm talking about running the built in vpn server on the firewalla. And yes UDP is a better protocol for vpn BUT if the network you are connecting from is blocking UDP traffic then the vpn on the firewalla vpn becomes useless. You won't be able to connect no matter what you do with port forwarding. A lot of hotel and guest WiFi networks only allow 443 and 80 for TCP traffic.

    0
    Comment actions Permalink
  • Avatar
    Robert Blackmore

    Why not just give users access to change the server side profile or simply allow us to change port (Shodan is scanning 1194 all day) and the protocol?

    0
    Comment actions Permalink
  • Avatar
    Tommy M Webb

    Travis, that's nuts, who would block UDP traffic?  DNS uses UDP, VoIP uses UDP, NTP uses UDP,  and a slew of other necessary protocols use it.

    0
    Comment actions Permalink

Please sign in to leave a comment.

Powered by Zendesk