Openvpn
Posted: Tue Jun 30, 2020 5:41 pm
I tried change port of openvpn server but i couldn't connect from anything besides 1194.
A forum to discuss the Gargoyle web interface for Openwrt
https://www.gargoyle-router.com/phpbb/
Code: Select all
config server 'server'
option internal_mask '255.255.255.0'
option proto 'udp'
option cipher 'AES-256-CBC'
option redirect_gateway 'true'
option client_to_client 'true'
option duplicate_cn 'true'
option subnet_access 'true'
option subnet_ip '192.168.1.0'
option subnet_mask '255.255.255.0'
option internal_ip '10.0.8.1'
option pool '10.0.8.2 10.0.8.254 255.255.255.0'
option port '443'
option enabled 'true'
config client 'client'
option enabled 'false'
config allowed_client 'client1'
option id 'client1'
option name 'Client1'
option remote 'openvpngargoyle.duckdns.org'
option prefer_vpngateway '1'
option enabled 'true'
Code: Select all
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wan'
list network 'wan'
list network 'wan6'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
option reload '1'
config include
option type 'script'
option path '/usr/lib/gargoyle_firewall_util/gargoyle_additions.firewall'
option family 'IPv4'
option reload '1'
config include 'miniupnpd'
option type 'script'
option path '/usr/share/miniupnpd/firewall.include'
option family 'any'
option reload '1'
config include 'openvpn_include_file'
option path '/etc/openvpn.firewall'
option reload '1'
config include 'tor_include_file'
option path '/etc/tor.firewall'
option reload '1'
config redirect 'redirect_enabled_number_0'
option name 'OpenVPN'
option src 'wan'
option dest 'lan'
option proto 'tcp'
option src_dport '443'
option dest_ip '192.168.1.1'
option dest_port '443'
config redirect 'redirect_enabled_number_1'
option name 'OpenVPN'
option src 'wan'
option dest 'lan'
option proto 'udp'
option src_dport '443'
option dest_ip '192.168.1.1'
option dest_port '443'
config zone 'vpn_zone'
option name 'vpn'
option device 'tun0'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option mtu_fix '1'
option masq '1'
config forwarding 'vpn_lan_forwarding'
option src 'lan'
option dest 'vpn'
config forwarding 'lan_vpn_forwarding'
option src 'vpn'
option dest 'lan'
config forwarding 'vpn_wan_forwarding'
option src 'vpn'
option dest 'wan'
Code: Select all
mode server
port 443
proto udp
tls-server
ifconfig 10.0.8.1 255.255.255.0
topology subnet
client-config-dir /etc/openvpn/ccd
script-security 2
tls-verify "/usr/lib/gargoyle/ovpn-cn-check.sh /etc/openvpn/verified-userlist"
crl-verify /etc/openvpn/crl.pem
client-to-client
duplicate-cn
ifconfig-pool 10.0.8.2 10.0.8.254 255.255.255.0
cipher AES-256-CBC
dev tun
keepalive 25 180
status /var/run/openvpn_status
verb 3
dh /etc/openvpn/dh1024.pem
ca /etc/openvpn/ca.crt
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
tls-auth /etc/openvpn/ta.key 0
persist-key
persist-tun
comp-lzo
push "topology subnet"
push "route-gateway 10.0.8.1"
push "redirect-gateway def1"
This is usually not the case. Once you are behind NAT, then your IP will be completely blocked (port 443 will still be your ISP unless you have explicitly agreed).Cybereu wrote: Sometimes I'm behind a network that blocks a lot of ports but 443 doesn't.