#1 2014-07-01 08:07:58

ramses0088
Member
Registered: 2014-07-01
Posts: 4

OpenVPN on port 443

Hello,
I am strongly thinking of buying one VPS for the usage of Webserver, OpenVPN and some other stuff.
I have only one doubt, I need to connect to OpenVPN on port 443(TCP) but I hear you only get some assigned ports.
Is it then possible to connect through port 443(TCP).
I have searched the forum but can't seem to find the right answer.
Hope you guys can help me out.

Thanks in advance,
Ramses

Offline

#2 2014-07-01 08:47:02

bWolf
Trusted Member
Registered: 2014-06-18
Posts: 97

Re: OpenVPN on port 443

You get all ports on the IPv6-addresses.
Only IPv4 is limited.

Offline

#3 2014-07-01 08:58:23

mikho
Low End Mod
From: Hell and gore == Sweden
Registered: 2013-03-02
Posts: 1,181
Website

Re: OpenVPN on port 443

You can use port 443 if you connect to your openvpn using ipv6.
It will not be possible if you want to connect via ipv4.

Offline

#4 2014-07-01 09:21:28

ramses0088
Member
Registered: 2014-07-01
Posts: 4

Re: OpenVPN on port 443

Thank you for your quick reply.

I have an ipv4 client, can it connect to an ipv6 OpenVPN server?

Offline

#5 2014-07-01 09:25:46

bWolf
Trusted Member
Registered: 2014-06-18
Posts: 97

Re: OpenVPN on port 443

Nop.

Give us some more details.

Offline

#6 2014-07-01 10:28:55

Tripleflix
Trusted Member
Registered: 2014-05-12
Posts: 80

Re: OpenVPN on port 443

why do you need to connect using port 443? as far as i know this port can be changed in the openvpn settings to one of your assigned ports, you are aware of this?

Offline

#7 2014-07-01 10:41:10

ramses0088
Member
Registered: 2014-07-01
Posts: 4

Re: OpenVPN on port 443

Yes I'm aware.
The point is that I'm behind a firewall and this firewall only allows traffic through 80(TCP) and 443(TCP).

I have an existing OpenVPN server on port 443(TCP) and this is working good only it's not very stable.
The reason that I'm thinking about buying a VPS is stability.

Offline

#8 2014-07-01 11:47:03

5n1p
Trusted Member
Registered: 2013-04-02
Posts: 235
Website

Re: OpenVPN on port 443

You can always use ssh proxy or even better use sshuttle https://github.com/apenwarr/sshuttle for me it's just awesome how it works and it's much easier to setup. You would need to ask Anthony to setup reverse proxy for your domain and private IPv4 via HAproxy and set your ssh port to 443, add new user to system and use that for sshuttle to get vpn. Other way would be to connect via IPv6 on port 443 in which case you would't need HAproxy or domain setup.

Last edited by 5n1p (2014-07-01 11:47:42)

Offline

#9 2014-07-01 13:01:43

Backtogeek
Low End Boss
From: ~/
Registered: 2013-02-13
Posts: 3,210
Website

Re: OpenVPN on port 443

5n1p do a how to guide smile


http://LittleHappyCloud.net KVM VPS with 1TB Bandwidth for €3.00

Offline

#10 2014-07-01 13:44:21

ramses0088
Member
Registered: 2014-07-01
Posts: 4

Re: OpenVPN on port 443

Yes please, I would like to understand it all..

Offline

#11 2014-07-01 15:34:24

5n1p
Trusted Member
Registered: 2013-04-02
Posts: 235
Website

Re: OpenVPN on port 443

Will do it later tonight I'm trying to make it work in windows(that would be great), for linux and mac it works out of the box.

Offline

#12 2014-07-09 15:52:18

ChuckHL
Member
Registered: 2014-07-05
Posts: 4

Re: OpenVPN on port 443

Not an elegant solution but, since OpenVPN does not support HTTP TCP headers (https://forums.openvpn.net/topic14877.html) so that the HAproxy can redirect you properly, if you have a server somewhere else or your own home internet connection to spare, you can triangulate to get connected to your OpenVPN server even if its running on one of the ports assigned here.

If you have a customizable router at home with DDWRT, OpenWRT, Tomato, etc, that supports entering custom commands and iptables, you can have it run these commands:
Note: in my case, I use port 53 (both UDP and TCP) since most hotspots are not setup perfectly so they allow connections on port 53, but you can set any port.

# FORWARD PORT 53 TO MY NL VPN
#Assume x.x.x.x is the ip assigned by lowendspirit
#Assume your port range is x01 to x20 and you setup openvpn in port x20
iptables -t nat -A WANPREROUTING -p udp --dport 53 -j DNAT --to-destination x.x.x.x:x20
iptables -t nat -A WANPREROUTING -p tcp --dport 53 -j DNAT --to-destination x.x.x.x:x20
iptables -t nat -A POSTROUTING -p udp -d x.x.x.x --dport x20 -j MASQUERADE
iptables -t nat -A POSTROUTING -p tcp -d x.x.x.x --dport x20 -j MASQUERADE
iptables -A FORWARD -d x.x.x.x -j ACCEPT

This way, when you connect from a restricted site, you will connect to your home ip at port 443 in your case, and have your home redirect and connect you to your lowendspirit server at the proper port for your openvpn.


Or if you have a computer with its own ip (or can be on a nat but you will need to forward whichever port you use to that computer) to spare with linux and iptables, you can use this code

#OpenVPN Setup - Redirect ports 53 to bypass firewalls
#Assume x.x.x.x is the ip assigned by lowendspirit
#Assume your port range is x01 to x20 and you setup openvpn in port x20
#Assume y.y.y.y is the ip your computer has
iptables -t nat -A PREROUTING -d y.y.y.y -p udp --dport 1194 -j DNAT --to-destination x.x.x.x:x20
iptables -t nat -A PREROUTING -d y.y.y.y -p tcp --dport 443 -j DNAT --to-destination x.x.x.x:x20
iptables -t nat -A PREROUTING -d y.y.y.y -p udp --dport 53 -j DNAT --to-destination x.x.x.x:x20
iptables -t nat -A PREROUTING -d y.y.y.y -p tcp --dport 53 -j DNAT --to-destination x.x.x.x:x20
iptables -t nat -A POSTROUTING -p udp -d x.x.x.x --dport x20 -j MASQUERADE
iptables -t nat -A POSTROUTING -p tcp -d x.x.x.x --dport x20 -j MASQUERADE
iptables -A FORWARD -d x.x.x.x -j ACCEPT

Cheers

Last edited by ChuckHL (2014-07-09 16:15:05)

Offline

#13 2016-01-19 21:02:22

melvinv
Member
Registered: 2016-01-19
Posts: 1

Re: OpenVPN on port 443

If I add one of the 2 solutions to my NAS it says "iptables unknown option --to-destination". What can I do about this?

Offline

Board footer