Brian J. Murrell escreveu:
Filtering based on destination/source address and DESTINATION port
should be enough for almost anyone. Filtering based on LOCAL port doesnt
seem to be a great idea. OpenVPN can guarantee that, but any NAT in
front of OpenVPN would certainly break it.
I have openvpn on my OpenWRT gateway as well as another computer (to
which I create and receive tunnels from).
I find that at times both ends will use port 1194 and at other times,
one end will use an ephemeral port (i.e. >1023) port rather than 1194.
I would prefer both ends always used port 1194 for tighter firewalling.
Is there any way I can force such behaviour?
Atenciosamente / Sincerily,
Minha armadilha de SPAM, NÃO mandem email
My SPAMTRAP, do not email it
Description: S/MIME Cryptographic Signature