OpenVPN server ports limited
I just bought a new Archer C9 and went to set up the OpenVPN server, but for some reason the ports are limited. Does anybody know why this is? Is there anything I can do about it? I need to be on TCP 443 to get past a strict firewall, but an error when changing the port. It has to be 1024+.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
It was meant so the common service ports would be avoided. The entry box will only accept port numbers within a range of 1024 to 65535.
- Copy Link
- Report Inappropriate Content
Tony wrote
It was meant so the common service ports would be avoided. The entry box will only accept port numbers within a range of 1024 to 65535.
Is there any way to create a request to have this changed? The VPN function is half the reason I bought the router and it’s useless to me without being able to use port 443. It would be such an easy change to implement too.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
I just purchased an Archer C5400X router and the only reason I purchased the router is because it said that it had OpenVPN support. I assumed, incorrectly, that it would support Port 443 TCP like my old ASUS RT-N66U.
As this is my primary reason for purchasing this router, if it is unable to be patched to support a port lower than 1024 than I have no need for the router and I will be returning it.
If there is a fix coming soon that will enable this feature, then I will keep the router, otherwise, I must return it as this is a required feature that I need.
I reached out to support and they confirmed the limitation on the port ranges but graciously indicated that they would reach out to engineering to see if there was willingness to enable support for OpenVPN port 443.
The software for controlling the router could potentially be updated to check for port conflicts in the live configuration settings, like my old ASUS, instead of a simple forced JQuery range check on a text form field.
Please add my voice to this same request that the OpenVPN software in the router support any port the user chooses to set even if there is a chance for a conflict and consider adding software logic to the firmware that verifies that the port is not being used elsewhere for port forwarding or triggering so as to prevent conflicts.
Many Thanks in Advance!
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
That is a great question. Why would one want to use port TCP port 443 for their OpenVPN client?
Here are a few possible reasons someone may want to use port 443 instead of 1194 UDP.
- The internet runs on ports 80 and 443, no one typically blocks either port unless they don’t want any kind of web traffic to flow through their services.
- Businesses or other services providing Wi-Fi may have firewall polices in place that block other ports.
- I am not using port 443 at home to host HTTPS web or RESTful APIs traffic on my home static IP address.
- Protected tunneling and to some degree disguised traffic. Who typically is closely monitoring 443 traffic to see if it is or isn’t standard Web based HTTPS traffic outside of some large businesses and government entities.
- To get around their “at work” firewall policies and fully tunnel their YouTube and Facebook habits through their home network. (Don’t get fired for breaking rules…)
- To get around any other reason out there where other ports could or would be blocked for what ever reason someone thought they needed to block VPN traffic and I ultimately want all of my traffic safe and securely routed from my phone while I did my mobile banking from a public Muni-Wi-Fi or other hosted public Wi-Fi location.
I know some of these overlapped a little but number six is my primary reason. Before switching my old ASUS router from the default 1194 port to 443 I encountered a handful of times where my VPN connection was actually blocked. After changing my configuration to use port TCP 443 for my OpenVPN on that old little ASUS, I didn’t have those issues again. After authenticating to the public Wi-Fi and agreeing to their policies I was easily able to route all of my privately encrypted and tunneled data through 443 to my home IP and back out to the Internet, denying snoops and other sniffers where and what I was doing on the web.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Information
Helpful: 4
Views: 4196
Replies: 7