|
|
Erhard Weinell wrote: > Am Dienstag 27 November 2007 schrieb Florin Andrei: > >> Do you think there will be any conflict between the two daemons? > > I guess no, as the --local option allows to bind to a specific address / > iface only. However, no administrator likes to find services on ports > they don't belong to. I am the admin on the OpenVPN server. :-) > As an alternative, have you considered UDP > punching[1]? Admins don't like this either, but you can stick to 1194. > > [1] http://www.heise-security.co.uk/articles/82481 Punching wouldn't work, as outbound packets with destination port other than NTP are discarded by the firewall at that location. I verified by doing an "nmap -sU -P0 -p 1-65535 the.openvpn.server" from the restricted network and running tcpdump on the OpenVPN server - only destination port 123 made it through the firewall. -- Florin Andrei ______________________ OpenVPN mailing lists https://lists.sourceforge.net/lists/listinfo/openvpn-users |