Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    OpenVPN over Port 53 (DNS)??? Best ports to use?

    OpenVPN
    3
    6
    17541
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ?
      Guest last edited by

      Many public WiFi APs i.e. libraries, block all but a few ports.
      Alternatives are 80 and 443 which are TCP and as such slower.

      How does one run OpenVPN on Port 53?
      I get this one i try:
      "openvpn[]: TCP/UDP: Socket bind failed on local address [AF_INET]wan_ip_here:53: Address already in use"

      I understand that the DNS Forwarder is already on Port 53. Maybe someone can explain how to do this properly.

      1 Reply Last reply Reply Quote 0
      • jimp
        jimp Rebel Alliance Developer Netgate last edited by

        Bind it to the lan IP on 1194 or some other port, then just port forward wanip:53 to wherever you have it actually bind/listen.

        Requires manually fixing the remote line in the config though.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • johnpoz
          johnpoz LAYER 8 Global Moderator last edited by

          Much slower?  I am very happy with response I get using tcp over 443, and to get out at work I have to even bounce off their proxy.

          Its pretty much a given that no matter where your at if internet is available then 443 is allowed, be it you have to bounce off a proxy or not - which works just fine with openvpn over tcp.

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          2440 2.4.5p1 | 2x 3100 2.4.4p3 | 2x 3100 22.01 | 4860 22.01

          1 Reply Last reply Reply Quote 0
          • ?
            Guest last edited by

            jimp, your suggestion worked, thanks.
            also, port 123 udp (NTP) is a good alternative, bigger networks run their own dns and block 53 udp.

            johnpoz, yes, tcp has been noticeably slower for browsing web pages everywhere I've used it within my own city.

            1 Reply Last reply Reply Quote 0
            • johnpoz
              johnpoz LAYER 8 Global Moderator last edited by

              I will have to do some benchmarks.

              Problem is your not always going to find udp be it dns or ntp open for clients.  So depending on where your at having server only listen on udp could prevent access.

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              2440 2.4.5p1 | 2x 3100 2.4.4p3 | 2x 3100 22.01 | 4860 22.01

              1 Reply Last reply Reply Quote 0
              • jimp
                jimp Rebel Alliance Developer Netgate last edited by

                Nothing stopping you from having two servers running with the same certs+auth setup just one tcp and one udp
                Using the port forward method you can forward in as many ports as you want to one server, too, so you can cover tcp, udp, and many ports without issue…

                Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                Need help fast? Netgate Global Support!

                Do not Chat/PM for help!

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post