[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] running on same port as NTP


  • Subject: Re: [Openvpn-users] running on same port as NTP
  • From: Florin Andrei <florin@xxxxxxxxxxxxxxx>
  • Date: Tue, 27 Nov 2007 00:11:33 -0800

Erhard Weinell wrote:
> Am Dienstag 27 November 2007 schrieb Florin Andrei:
> 
>> Do you think there will be any conflict between the two daemons?
> 
> I guess no, as the --local option allows to bind to a specific address / 
> iface only. However, no administrator likes to find services on ports 
> they don't belong to.

I am the admin on the OpenVPN server. :-)

> As an alternative, have you considered UDP 
> punching[1]? Admins don't like this either, but you can stick to 1194.
> 
> [1] http://www.heise-security.co.uk/articles/82481

Punching wouldn't work, as outbound packets with destination port other 
than NTP are discarded by the firewall at that location. I verified by 
doing an "nmap -sU -P0 -p 1-65535 the.openvpn.server" from the 
restricted network and running tcpdump on the OpenVPN server - only 
destination port 123 made it through the firewall.

-- 
Florin Andrei
______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users