[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] running on same port as NTP

  • Subject: Re: [Openvpn-users] running on same port as NTP
  • From: Erhard Weinell <weinell0707@xxxxxx>
  • Date: Tue, 27 Nov 2007 10:05:16 +0100

Am Dienstag 27 November 2007 schrieb Florin Andrei:

> I am the admin on the OpenVPN server. :-)

Sure, but I guess you are not the NOC :) These are the guys that will be 
happy to find services they don't expect. E.g. our NOC already found 
sshds on such ports.

> Punching wouldn't work, as outbound packets with destination port
> other than NTP are discarded by the firewall at that location. I
> verified by doing an "nmap -sU -P0 -p 1-65535 the.openvpn.server"
> from the restricted network and running tcpdump on the OpenVPN server
> - only destination port 123 made it through the firewall.

What do you mean by 'outbound'? If udp traffic is restricted in BOTH 
directions, then you are out of luck. Punching applies in cases only 
one direction is restricted and the firewall wants to implement 
some 'statefulness' on udp. Maybe try the other direction, from the 
server to the client. 
OpenVPN mailing lists