Checking for open ports ?
-
Another way to you : have your OpenVPN WAN pass firewall rule to log.
Re do the test.You see firewall log results : you know the test traffic coming into your WAN.
You see nothing : it did not reach the interface and the OpenVPN service for that matter.=> Now focus on the upstream (ISP) router (from your ISP) : remove any NAT and firewall rules.
What do you see now ?Now, switch OpenVPN UDP to TCP. Redo the test.
Now you will see firewall logs lines. And probably the OpenVPN serviece logging that it found illegal connections attempts.
Etc. -
I really wanted to check it from the external server.
The way that seems to work is:nc -zvw10 <server> -t <port> - for TCP
nc -zvw10 <server> -u <port> - for UPDPS: I did not realize that usually by default UPD ports don't get tested
Thank you !
-
I use Advance port scanner. there is an UDP option, ref screenshot
-
@Modesty said in Checking for open ports ?:
Advance port scanner
Is it a Windows thing or also for Linux ?
-
@chudak windows
-
If you test remotely you will only see a UDP port as 'open' if what you're testing against chooses to send a reply. Most things won't unless you send the right thing.
Steve
-
^ exactly, 1194 is the default UDP openvpn port.. .Unless your sending vpn traffic your not going to get an answer, so how would outside testing know that its open?
-
I am sending vpn traffic
nc -zvw10 <SERVER> 2194
Connection to <SERVER> 2194 port [tcp/*] succeeded!
yuriw@vmss:~$ nc -zvw10 <SERVER> -u 1194
Connection to <SERVER> 1194 port [udp/openvpn] succeeded! -
You are not actually testing anything there.
steve@steve-MMLP7AP-00 ~ $ nc -zvw10 11.11.11.1 -u 1111 Connection to 11.11.11.1 1111 port [udp/*] succeeded!
Steve
-
How do you test then ?
-
You can't with UDP unless you know what you're testing against will respond.
You need to test from both ends so you can see the packets come in and whether they are opening states.
Steve
-
Testing to openvpn is hard, especially if you have set for auth on your tls key - since it won't answer anything at all unless tls key matches..
And yup UDP is hard to test as well.. Because there is no handshake..
-
Packet captures generally don't lie.