1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SSH and OpenVPN Ports

Discussion in 'Tomato Firmware' started by James Newman, May 18, 2012.

  1. James Newman

    James Newman Serious Server Member

    Hi,

    I'm currently running the SSH Daemon and the OpenVPN (TUN) on my tomato router. My main use of each function is to securely tunnel into my home network for secure web/mail/etc when traveling and using an unsecure/unknown network.

    I plan on using OpenVPN when I am using my personal laptop, with my client keys all setup so that all my traffic gets routed to my tomato router at home.

    The SSH is used primarily when I am NOT using my personal laptop. I have putty on a USB drive which I'll use to secure tunnel into my router primarily for secure web use. This is so that I don't have to worry about have my private client keys on a foreign computer, and so that I don't have to install VPN client software on the foreign computer.

    My main problem is choosing the ports. I've already decided that port 443 will be used for either VPN or SSH. However, I don't know what other port to use for the other application. Which other port should I use? I want it ideally to satisfy these conditions:

    1) Has a high probability of being open on a foreign network. For example, if I'm at a hotel, chances are they are NOT blocking port 443 because it's used for https access.

    2) Not readily detectable. For example, tunneling ssh through port 443 is not that suspicious because 443 handles a lot of encrypted traffic. What's another port that does the same?

    ********
    A second unrelated question - when I'm using ssh tunneling, the only tunneling I am able to do is Socks v5. I can't seem to use just a http proxy. Does anyone know how to fix this? I ask because I've read in various parts that Socks leaks DNS requests which is very bad for privacy/DNS hijacking. Apparently firefox has a setting to prevent leaks, but 1) I don't know if that setting actually works, and 2) I hate firefox, and I use google chrome. Apparently http proxy doesn't leak dns requests?
     
  2. James Newman

    James Newman Serious Server Member

    also related to this--but is it possible to run privoxy on my toastman tomato RT-N16?
     
  3. humba

    humba Network Guru Member

    How about using OpenVPN's port sharing feature to run both services on the same port?
    Alternatively, use another frequently used port like HTTP, DNS, POP3, SMTP
     
  4. James Newman

    James Newman Serious Server Member

    Hmm... haven't heard about the port sharing feature. Doing a google search right now and looking into it. Since you seem knowledgeable about it...are there any disadvantages to port sharing?
     
  5. James Newman

    James Newman Serious Server Member

    looked into port sharing.. seems like it can only work with TCP? I'm running the VPN on my tomato router as UDP because I heard it's much more reliable/efficient. So would I have to switch to TCP in this instance?
    Or even better...if I'm running my OpenVPN server on UDP port 443, does SSH run on TCP or UDP? Because if it runs on TCP 443 it wouldn't conflict would it?
    When run in TCP server mode, share the OpenVPN port with another application,
    such as an HTTPS server. If OpenVPN senses a connection to its port which is
    using a non-OpenVPN protocol, it will proxy the connection to the server at
    host:port. Currently only designed to work with HTTP/HTTPS, though it would
    be theoretically possible to extend to other protocols such as ssh.
     

Share This Page