[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] running on same port as NTP

  • Subject: Re: [Openvpn-users] running on same port as NTP
  • From: Florin Andrei <florin@xxxxxxxxxxxxxxx>
  • Date: Tue, 27 Nov 2007 09:05:23 -0800

Erhard Weinell wrote:
> Am Dienstag 27 November 2007 schrieb Florin Andrei:
>> I am the admin on the OpenVPN server. :-)
> Sure, but I guess you are not the NOC :) These are the guys that will be 
> happy to find services they don't expect. E.g. our NOC already found 
> sshds on such ports.

There's no NOC. My OpenVPN server is a machine under the table in my 
living room, on a DSL line.

>> Punching wouldn't work, as outbound packets with destination port
>> other than NTP are discarded by the firewall at that location. I
>> verified by doing an "nmap -sU -P0 -p 1-65535 the.openvpn.server"
>> from the restricted network and running tcpdump on the OpenVPN server
>> - only destination port 123 made it through the firewall.
> What do you mean by 'outbound'?

Packets coming out of the network, through the firewall, to the 
Internet, on any UDP port other than 123, are dropped by a deny filter 
on the firewall.

Florin Andrei
OpenVPN mailing lists