[SOLVED]Openvpn having trouble using different ports

jojo06 · 2023-11-27 23:45:53

As you know, the anti-vpn trend has emerged. They don't accept vpn. I found this on the internet about how to bypass it: openvpn for example uses 1194. I'm trying to change it to a another port.

I've searched a lot on the internet but I couldn't find a solution and unfortunately there are very few resources. I have installed networkmanager-openvpn. I installed openvpn with sudo Pacman not with pkg file/make install...

What I tried:
It doesn't work when I type --port from the command line
connection.ovpn does not connect when I change port 80 in it
&&
If i add lport/rpot/port, it still connects from port 80
Tried to run with --config parameter
Tried to change `client` to `server` in connection.ovpn:

Options error: Unrecognized option or missing or extra parameter(s) in 80tcp.ovpn:1: server (2.6.8)

I did the CA creation as wiki leads me

--------------------------------------

telnet is not installed, ss output is problematic and complex, nc/netstat is installed but I read a forum post recommending not to use it. Let me ask you how to check it correctly btw...

connection.ovpn:

client
dev tun3
proto tcp
remote *my_public_ip* 80
resolv-retry infinite
nobind
persist-key
persist-tun
auth-user-pass
comp-lzo
verb 3
cipher AES-256-CBC
fast-io
pull
route-delay 2
redirect-gateway
<ca>
-----BEGIN CERTIFICATE-----
*Private Key*
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
*Private Key*
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
*Private Key*
-----END PRIVATE KEY-----
</key>

client.conf:

client
dev tun
proto udp
remote serverurl 555 // serverurl indeed didnt changed
resolv-retry infinite
nobind
#user nobody
#group nobody
persist-key
persist-tun
tls-client
mute-replay-warnings
ca servername/ecc/ca.crt // just like it servername/ecc
cert servername/ecc/guns.crt // just like it servername/ecc
key servername/ecc/guns.key // just like it servername/ecc
remote-cert-eku "TLS Web Server Authentication"
verify-x509-name 'CN=guns' subject
remote-cert-tls server
tls-crypt guns/ecc/tc.key
cipher AES-256-GCM
auth SHA512
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 // i only hope this was right
reneg-sec 360
#comp-lzo
verb 3
#mute 20

auth-user-pass guns/secret.password
redirect-gateway def1
script-security 2
up /etc/openvpn/client/guns/update-resolv-conf.sh
down /etc/openvpn/client/guns/update-resolv-conf.sh

server.conf:

port 555
proto udp
dev tun

ca ecc/ca.crt // just like it /ecc
cert ecc/guns.crt // just like it /ecc
key ecc/guns.key // just like it /ecc

dh none

server 10.8.0.0 255.255.255.0 // from wiki
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1"
push "dhcp-option DNS 1.2.3.4" // from wiki strange but im connected anyways

keepalive 10 120

tls-crypt ecc/tc.key
auth SHA512
keysize 256
tls-server
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 // i only hope this was right
cipher AES-256-GCM
reneg-sec 360
remote-cert-eku "TLS Web Client Authentication"
script-security 2
auth-user-pass-verify /etc/openvpn/server/auth/auth.py via-file

user nobody
group nobody

persist-key
persist-tun

status openvpn-status.log
explicit-exit-notify 1

systemctl status NetworkManager:

● NetworkManager.service - Network Manager
     Loaded: loaded (/usr/lib/systemd/system/NetworkManager.service; enabled; preset: disabled)
     Active: active (running) since Mon 2023-11-27 20:21:52 PST; 3min 23s ago
       Docs: man:NetworkManager(8)
   Main PID: 1709 (NetworkManager)
      Tasks: 4 (limit: 19098)
     Memory: 8.2M
        CPU: 126ms
     CGroup: /system.slice/NetworkManager.service
             └─1709 /usr/bin/NetworkManager --no-daemon

Nov 27 20:21:53 roses nm-openvpn[1725]: Options error: --cert fails with '/home/guns/.cert/nm-openvpn/vpnbook-uk68-tcp80-cert.pem': No such file or directory (errno=2)
Nov 27 20:21:53 roses nm-openvpn[1725]: WARNING: cannot stat file '/home/guns/.cert/nm-openvpn/vpnbook-uk68-tcp80-key.pem': No such file or directory (errno=2)
Nov 27 20:21:53 roses nm-openvpn[1725]: Options error: --key fails with '/home/guns/.cert/nm-openvpn/vpnbook-uk68-tcp80-key.pem': No such file or directory (errno=2)
Nov 27 20:21:53 roses nm-openvpn[1725]: Options error: Please correct these errors.
Nov 27 20:21:53 roses nm-openvpn[1725]: Use --help for more information.
Nov 27 20:21:53 roses NetworkManager[1709]: <warn>  [1701145313.7553] vpn[0x55c9b5bd0ee0,b4e8ad5b-c416-428c-88c6-a392f7c87e5f,"vpnbook-uk68-tcp80"]: dbus: failure: connect-failed (1)
Nov 27 20:21:53 roses NetworkManager[1709]: <warn>  [1701145313.7554] vpn[0x55c9b5bd0ee0,b4e8ad5b-c416-428c-88c6-a392f7c87e5f,"vpnbook-uk68-tcp80"]: dbus: failure: connect-failed (1)
Nov 27 20:21:53 roses NetworkManager[1709]: <info>  [1701145313.7554] device (enp3s0): state change: secondaries -> activated (reason 'connection-assumed', sys-iface-state: 'assume')
Nov 27 20:21:53 roses NetworkManager[1709]: <info>  [1701145313.7557] device (enp3s0): Activation: successful, device activated.
Nov 27 20:21:53 roses NetworkManager[1709]: <info>  [1701145313.7560] manager: startup complete

I tried to uninstall/re-install the networkmanager-openvpn, i can connect the internet and vpn anyways. But its problem when i reboot without closing the vpn connection. And im not using vpnbook-uk68 anymore, but it has the errors and warnings about it.

Last edited by jojo06 (2023-12-01 10:14:57)

-thc · 2023-11-28 09:08:14

Your posting is full of double (or possible triple) configurations, questionable options and questionable actions.

Can you please explain - in simple words - what exactly are you trying to achieve?
What role(s) do your Arch installation(s) play? OpenVPN-Server? OpenVPN-Client?

jojo06 · 2023-11-28 15:48:37

Thank you for your reply and your interest. I thought I should share them in case there might be a problem in a different area.

What I'm trying to do is I want to use OpenVPN on the port of my choice, so OpenVPN uses 1194 and I want to connect to the internet on 555 or some other port.

Zod · 2023-11-28 15:57:57

What do you suspect will happen if you try to connect to another computer on port 555 (or whatever) ?

-thc · 2023-11-28 16:51:15

jojo06 wrote:

What I'm trying to do is I want to use OpenVPN on the port of my choice, so OpenVPN uses 1194 and I want to connect to the internet on 555 or some other port.

That's what you already asked in your first post.

You can use OpenVPN on any port you like - as long as your OpenVPN server and your OpenVPN client are both configured in this way.

Since you haven't answered my question about the roles involved
- Is your Arch box the server?
- Or the client?
- Or is a windows client (configuration file with the suffix "ovpn") involved?
it's still unclear what you are trying to achieve.

jojo06 · 2023-11-29 04:04:09

@Zod I don't have any doubts, as I mentioned in the topic, the reason I want this is so I can continue to use a VPN. Some sites don't allow you to use a VPN, they do it by blocking certain ports. 1194 is a well known Openvpn port, but if I can change it to 555 or something else, the block will disappear.

@-thc I have searched a bit on the internet and the server seems a bit extreme and unnecessary, I would like to configure the client. The server will be the websites I will connect to, openvpn and vpnbook.opvn will be my connection points.

-thc · 2023-11-29 06:40:50

jojo06 wrote:

@-thc I have searched a bit on the internet and the server seems a bit extreme and unnecessary, I would like to configure the client. The server will be the websites I will connect to, openvpn and vpnbook.opvn will be my connection points.

Your VPN provider (VPNBook) sets/determines the port number on the VPNBook OpenVPN servers and you cannot change this.

jojo06 · 2023-11-29 15:26:05

Really? I read something on the Internet that it can be changed. It has parameters like lport/rpot and port. Even when I change 80 it doesn't connect to the internet or with a different setting, when I change the port of the vpn connection it shows that it connects through 555. But not exactly, unfortunately. And it must be connecting through 80 because the sites are saying "VPN detected" and won't allow the connection.

So what do you recommend to bypass this, paid vpn, hideme or something else?

-thc · 2023-11-29 17:11:01

VPNs are detected by their IP range. If you connect to VPNBook the sites blocking you detect an IP address from VPNBook's address range.

Port numbers have nothing to do with this at all.

jojo06 · 2023-11-30 05:00:26

I see. So can we find a solution to this? What can you suggest, for example, would a paid vpn solve the problem? Or DNS?

-thc · 2023-11-30 06:35:07

That's actually depending on the reason why you use VPNs in the first place. To circumvent geoblocking? To mask your activities from your ISP or your government? Or something else?

jojo06 · 2023-11-30 11:06:47

For each and every one of them lol. Mostly for privacy and freedom. To bypass geographical barriers and yes to bypass the ISP and use a universal internet.

-thc · 2023-11-30 16:20:23

Then IMHO it's an open game of whack-a-mole with a bunch of different VPN providers.

jojo06 · 2023-11-30 16:29:28

I see. I was just about to say that since we're moving towards a VPN, we might as well get a paid one. For surfing, I mean, to surf freely. I use it for geo-restriction and security/privacy purposes.

For informational purposes, why do you need a different VPN to hide from the ISP and the government? Can't the government request data from the ISP or vice versa? So is the assumption I have in my mind correct or is it: if it's privacy in the cyber/program sense, the ISP should be avoided, but if it's a freedom of speech etc., the government should be hidden (in this case the ISP doesn't have to provide information?)

-thc · 2023-11-30 18:30:25

jojo06 wrote:

For informational purposes, why do you need a different VPN to hide from the ISP and the government? Can't the government request data from the ISP or vice versa? So is the assumption I have in my mind correct or is it: if it's privacy in the cyber/program sense, the ISP should be avoided, but if it's a freedom of speech etc., the government should be hidden (in this case the ISP doesn't have to provide information?)

Not sure what you mean by "a different VPN to hide from the ISP and the government" - I didn't mean or imply that. You asked for tips to circumvent the "VPN blocking" of some sites - using another VPN provider might work.

Your government can also possibly request data from your VPN provider.

Ultimately it comes down to a simply question: Whom do you trust?

jojo06 · 2023-11-30 18:43:32

Ultimately it comes down to a simply question: Whom do you trust?

I would say to the VPN provider

I didn't mean or imply that. -> To mask your activities from your ISP or your government?

I understand what you mean by hiding data from the government, I think it's called `freedom of speech`. There are separate privacy matters for copyright and protecting fresh band or smt and broadcast privacy, etc.
So I think, if you haven't committed a crime, your VPN provider (service-supplier-server) {I know this especially from vps servers} doesn't have to give information. They can choose this freedom, especially in the Netherlands.

I only want it for geo-blocking and privacy. I'll just surf.

Edit: Geeking: And I think because it can't be fingerprint, it's like a whole new scheme - as you said, there is masking and protection, both for the internet provider and for the organizations, and I didn't know that - it gives you privacy in every sense. And I wondered how they used to do this identification process when there were no fingerprints, everything was more convenient and there was no need for that, I guess.

Edit2: Another VPN provides will do.

Last edited by jojo06 (2023-12-01 10:14:38)

Arch Linux

#1 2023-11-27 23:45:53

[SOLVED]Openvpn having trouble using different ports

I did the CA creation as wiki leads me

#2 2023-11-28 09:08:14

Re: [SOLVED]Openvpn having trouble using different ports

#3 2023-11-28 15:48:37

Re: [SOLVED]Openvpn having trouble using different ports

#4 2023-11-28 15:57:57

Re: [SOLVED]Openvpn having trouble using different ports

#5 2023-11-28 16:51:15

Re: [SOLVED]Openvpn having trouble using different ports

#6 2023-11-29 04:04:09

Re: [SOLVED]Openvpn having trouble using different ports

#7 2023-11-29 06:40:50

Re: [SOLVED]Openvpn having trouble using different ports

#8 2023-11-29 15:26:05

Re: [SOLVED]Openvpn having trouble using different ports

#9 2023-11-29 17:11:01

Re: [SOLVED]Openvpn having trouble using different ports

#10 2023-11-30 05:00:26

Re: [SOLVED]Openvpn having trouble using different ports

#11 2023-11-30 06:35:07

Re: [SOLVED]Openvpn having trouble using different ports

#12 2023-11-30 11:06:47

Re: [SOLVED]Openvpn having trouble using different ports

#13 2023-11-30 16:20:23

Re: [SOLVED]Openvpn having trouble using different ports

#14 2023-11-30 16:29:28

Re: [SOLVED]Openvpn having trouble using different ports

#15 2023-11-30 18:30:25

Re: [SOLVED]Openvpn having trouble using different ports

#16 2023-11-30 18:43:32

Re: [SOLVED]Openvpn having trouble using different ports

Board footer