Discussion:
[Openvpn-users] Fixing source and destination ports
Callan Tham
2004-07-13 00:57:15 UTC
Permalink
Hi list,

Is it possible to configure both the source and destination vpn ports to
use the same high port? eg, I want to tunnel openvpn between machine A's
port 2000 to the VPN server's port 2000.

Thanks in advance,
Callan
Mathias Sundman
2004-07-13 04:34:00 UTC
Permalink
Post by Callan Tham
Is it possible to configure both the source and destination vpn ports to
use the same high port? eg, I want to tunnel openvpn between machine A's
port 2000 to the VPN server's port 2000.
Yes. Man page says:

--port port
TCP/UDP port number for both local and remote.
--lport port
TCP/UDP port number for local (default=5000).
--rport port
TCP/UDP port number for remote (default=5000).
--
_____________________________________________________________
Mathias Sundman (^) ASCII Ribbon Campaign
NILINGS AB X NO HTML/RTF in e-mail
Tel: +46-(0)8-666 32 28 / \ NO Word docs in e-mail
Callan Tham
2004-07-13 06:19:38 UTC
Permalink
Post by Mathias Sundman
Post by Callan Tham
Is it possible to configure both the source and destination vpn ports to
use the same high port? eg, I want to tunnel openvpn between machine A's
port 2000 to the VPN server's port 2000.
--port port
TCP/UDP port number for both local and remote.
--lport port
TCP/UDP port number for local (default=5000).
--rport port
TCP/UDP port number for remote (default=5000).
Hi Mathias,

Thanks for the reply. I've put the --lport and --rport bits into the
config, but somehow the netstat output is still

# netstat -anlp | grep 20021
tcp 0 0 aaa.aaa.aaa.aaa:45754 bbb.bbb.bbb.bbb:20021
ESTABLISHED 9959/openvpn

I will give the --port assignment a try. Thanks again!

Callan
Callan Tham
2004-07-13 07:59:01 UTC
Permalink
I have tried to specify the --port assignment in the config files for
both server and client, but the client is still using a high port to
connect to the server.

I should have explained earlier that my configuration tunnels over TCP,
and even though I have read that it is not a good idea to tunnel IP over
TCP, I need to configure it that way. Is it still possible to fix both
the client and server to use the same ports over TCP?

Thanks in advance (again),

Callan
Mathias Sundman
2004-07-13 09:00:09 UTC
Permalink
Post by Callan Tham
I have tried to specify the --port assignment in the config files for
both server and client, but the client is still using a high port to
connect to the server.
I should have explained earlier that my configuration tunnels over TCP,
and even though I have read that it is not a good idea to tunnel IP over
TCP, I need to configure it that way. Is it still possible to fix both
the client and server to use the same ports over TCP?
You're right. I always use udp and there you can bind the source port
using --port or --lport.

In tcp-client mode OpenVPN does not seem to bind the source port
regardless of these options.

I did a quick test to change line 880 in socket.c to sock->bind_local=true
instead of false. Then the initial connection is bound atleast. Didn't do
anymore testing if it accually works. This however causes openvpn to
always bind the source port regardless of the --port and --lport options,
so a better patch should be made to support both modes.
--
_____________________________________________________________
Mathias Sundman (^) ASCII Ribbon Campaign
NILINGS AB X NO HTML/RTF in e-mail
Tel: +46-(0)8-666 32 28 / \ NO Word docs in e-mail
Loading...