[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] doesn't always use port 1194


  • Subject: Re: [Openvpn-users] doesn't always use port 1194
  • From: Leonardo Rodrigues Magalhães <leolistas@xxxxxxxxxxxxxx>
  • Date: Mon, 30 Jul 2007 17:21:02 -0300



Brian J. Murrell escreveu:
I have openvpn on my OpenWRT gateway as well as another computer (to
which I create and receive tunnels from).

I find that at times both ends will use port 1194 and at other times,
one end will use an ephemeral port (i.e. >1023) port rather than 1194.
I would prefer both ends always used port 1194 for tighter firewalling.

Is there any way I can force such behaviour?
Filtering based on destination/source address and DESTINATION port should be enough for almost anyone. Filtering based on LOCAL port doesnt seem to be a great idea. OpenVPN can guarantee that, but any NAT in front of OpenVPN would certainly break it.

--


	Atenciosamente / Sincerily,
	Leonardo Rodrigues
	Solutti Tecnologia
	http://www.solutti.com.br

	Minha armadilha de SPAM, NÃO mandem email
	gertrudes@xxxxxxxxxxxxxx
	My SPAMTRAP, do not email it




Attachment: smime.p7s
Description: S/MIME Cryptographic Signature