OpenVPN over Port 53 (DNS)??? Best ports to use?

  • Many public WiFi APs i.e. libraries, block all but a few ports.
    Alternatives are 80 and 443 which are TCP and as such slower.

    How does one run OpenVPN on Port 53?
    I get this one i try:
    "openvpn[]: TCP/UDP: Socket bind failed on local address [AF_INET]wan_ip_here:53: Address already in use"

    I understand that the DNS Forwarder is already on Port 53. Maybe someone can explain how to do this properly.

  • Rebel Alliance Developer Netgate

    Bind it to the lan IP on 1194 or some other port, then just port forward wanip:53 to wherever you have it actually bind/listen.

    Requires manually fixing the remote line in the config though.

  • LAYER 8 Global Moderator

    Much slower?  I am very happy with response I get using tcp over 443, and to get out at work I have to even bounce off their proxy.

    Its pretty much a given that no matter where your at if internet is available then 443 is allowed, be it you have to bounce off a proxy or not - which works just fine with openvpn over tcp.

  • jimp, your suggestion worked, thanks.
    also, port 123 udp (NTP) is a good alternative, bigger networks run their own dns and block 53 udp.

    johnpoz, yes, tcp has been noticeably slower for browsing web pages everywhere I've used it within my own city.

  • LAYER 8 Global Moderator

    I will have to do some benchmarks.

    Problem is your not always going to find udp be it dns or ntp open for clients.  So depending on where your at having server only listen on udp could prevent access.

  • Rebel Alliance Developer Netgate

    Nothing stopping you from having two servers running with the same certs+auth setup just one tcp and one udp
    Using the port forward method you can forward in as many ports as you want to one server, too, so you can cover tcp, udp, and many ports without issue…

Log in to reply