I am just wondering how easy a third-party want to find a connection is a VPN connection or not? For example, If I connect to my home VPN server from Japan, is it easy/possible for an agent to find my internet connection is a VPN connection and also find the server ip?
Thanks, James -----Original Message----- From: David Sommerseth [mailto:open...@sf.lists.topphemmelig.net] Sent: Sunday, July 08, 2018 5:55 PM To: James Peng <oldyounggu...@yahoo.com>; openvpn-users@lists.sourceforge.net Subject: Re: [Openvpn-users] change vpn port number On 08/07/18 05:07, James Peng via Openvpn-users wrote: > Hello, > > Can I change my personal openVPN server's the default port number? Yes. And this is already answered. > How about 8080 to make it looks like a webserver? This is a very weak argument to for changing the port number. Do a port scan against port 8080 and the scanner soon enough detects it is an OpenVPN server and not a web server. So this is security through obscurity. To avoid port scans of typical services, rather pick an unusual port number. The downside of this is that some ISPs (and especially wifi hotspots on hotels, public sites, etc) will more commonly block these unusual ports. If you want to hide your VPN server behind a web server, then rather look at the --port-share option. The downside of this approach is that you must use TCP, while UDP generally works better for most users. Many who try to avoid getting blocked on some networks but still want to have the best performance where possible often setup two OpenVPN server configs on the same host; one with UDP and one with TCP. The client configs can then enlist both ports like this: remote myvpnserver.example.org 1194 udp remote myvpnserver.example.org 443 tcp If the VPN client won't get a connection on the first UDP port, it will continue to the second one automatically after a little bit. But, there are more traps when going this approach too. You need to carefully think about your VPN IP segments, firewalls and routing - as each VPN server config needs a separate VPN IP subnet. But done correctly, this can work quite well. -- kind regards, David Sommerseth OpenVPN Inc ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
