WireGuard Archive on lore.kernel.org
 help / Atom feed
* Seeking suggestions for a WG port to use with restrictive public wifi networks
@ 2018-11-19 20:33 John
  2018-11-19 20:53 ` Lonnie Abelbeck
  2018-11-19 20:54 ` Steve Gilberd
  0 siblings, 2 replies; 5+ messages in thread
From: John @ 2018-11-19 20:33 UTC (permalink / raw)
  To: wireguard

Use case: WG VPN server (linux) and iOS clients (I mention that
because the solution need to just-work with the iOS WG client without
extra steps for ease).

Goal: identify a port on which to run WG that has a good chance of
being open to clients on both LTE and public WiFi networks.

I currently run OpenVPN on 80/tcp which works for the vast majority of
networks.  I'd like to switch over to WG.

I found that port 123 is not very compatible with the public networks
I tend to use.  Port 53 seems to work on WiFi, but does not ork due to
Verizon actively blocking traffic on it.  I tried a few higher numbers
including 51820 and 41185 but they seem to be blocked.  I also tried a
few standard service ports including: 80, 443, and 1194 but all of
which failed to connect.

Should I stick with the "standard" udp service ports for my
trial-and-error based approach?  Wikipedia has an article that lists
many of these (List_of_TCP_and_UDP_port_numbers).  Any suggestions are
welcomed.
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: Seeking suggestions for a WG port to use with restrictive public wifi networks
  2018-11-19 20:33 Seeking suggestions for a WG port to use with restrictive public wifi networks John
@ 2018-11-19 20:53 ` Lonnie Abelbeck
  2018-11-19 21:47   ` John Huttley
  2018-11-20 14:23   ` John
  2018-11-19 20:54 ` Steve Gilberd
  1 sibling, 2 replies; 5+ messages in thread
From: Lonnie Abelbeck @ 2018-11-19 20:53 UTC (permalink / raw)
  To: John; +Cc: WireGuard mailing list


> On Nov 19, 2018, at 2:33 PM, John <graysky@archlinux.us> wrote:
> 
> Should I stick with the "standard" udp service ports for my
> trial-and-error based approach?  Wikipedia has an article that lists
> many of these (List_of_TCP_and_UDP_port_numbers).  Any suggestions are
> welcomed.

Possibly: UDP/500 (IPSec IKE) or UDP/4500 (IPSec NAT-T)


Lonnie

_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: Seeking suggestions for a WG port to use with restrictive public wifi networks
  2018-11-19 20:33 Seeking suggestions for a WG port to use with restrictive public wifi networks John
  2018-11-19 20:53 ` Lonnie Abelbeck
@ 2018-11-19 20:54 ` Steve Gilberd
  1 sibling, 0 replies; 5+ messages in thread
From: Steve Gilberd @ 2018-11-19 20:54 UTC (permalink / raw)
  To: wireguard

[-- Attachment #1.1: Type: text/plain, Size: 1700 bytes --]

Have you tried 1701/udp? That's the standard L2TP port - it's unlikely to
be particularly useful on networks which deliberate block VPN access, but
I've encountered a number of networks on which that port was usable, and
not much else.

Cheers,
Steve

On Tue, 20 Nov 2018 at 09:38 John <graysky@archlinux.us> wrote:

> Use case: WG VPN server (linux) and iOS clients (I mention that
> because the solution need to just-work with the iOS WG client without
> extra steps for ease).
>
> Goal: identify a port on which to run WG that has a good chance of
> being open to clients on both LTE and public WiFi networks.
>
> I currently run OpenVPN on 80/tcp which works for the vast majority of
> networks.  I'd like to switch over to WG.
>
> I found that port 123 is not very compatible with the public networks
> I tend to use.  Port 53 seems to work on WiFi, but does not ork due to
> Verizon actively blocking traffic on it.  I tried a few higher numbers
> including 51820 and 41185 but they seem to be blocked.  I also tried a
> few standard service ports including: 80, 443, and 1194 but all of
> which failed to connect.
>
> Should I stick with the "standard" udp service ports for my
> trial-and-error based approach?  Wikipedia has an article that lists
> many of these (List_of_TCP_and_UDP_port_numbers).  Any suggestions are
> welcomed.
> _______________________________________________
> WireGuard mailing list
> WireGuard@lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/wireguard
>
-- 

Cheers,

*Steve Gilberd*
Erayd LTD *·* Consultant
*Phone: +64 4 974-4229 **·** Mob: +64 27 565-3237*
*PO Box 10019, The Terrace, Wellington 6143, NZ*

[-- Attachment #1.2: Type: text/html, Size: 2706 bytes --]

<div dir="ltr">Have you tried 1701/udp? That&#39;s the standard L2TP port - it&#39;s unlikely to be particularly useful on networks which deliberate block VPN access, but I&#39;ve encountered a number of networks on which that port was usable, and not much else.<div><br></div><div>Cheers,</div><div>Steve<br><br><div class="gmail_quote"><div dir="ltr">On Tue, 20 Nov 2018 at 09:38 John &lt;<a href="mailto:graysky@archlinux.us">graysky@archlinux.us</a>&gt; wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Use case: WG VPN server (linux) and iOS clients (I mention that<br>
because the solution need to just-work with the iOS WG client without<br>
extra steps for ease).<br>
<br>
Goal: identify a port on which to run WG that has a good chance of<br>
being open to clients on both LTE and public WiFi networks.<br>
<br>
I currently run OpenVPN on 80/tcp which works for the vast majority of<br>
networks.  I&#39;d like to switch over to WG.<br>
<br>
I found that port 123 is not very compatible with the public networks<br>
I tend to use.  Port 53 seems to work on WiFi, but does not ork due to<br>
Verizon actively blocking traffic on it.  I tried a few higher numbers<br>
including 51820 and 41185 but they seem to be blocked.  I also tried a<br>
few standard service ports including: 80, 443, and 1194 but all of<br>
which failed to connect.<br>
<br>
Should I stick with the &quot;standard&quot; udp service ports for my<br>
trial-and-error based approach?  Wikipedia has an article that lists<br>
many of these (List_of_TCP_and_UDP_port_numbers).  Any suggestions are<br>
welcomed.<br>
_______________________________________________<br>
WireGuard mailing list<br>
<a href="mailto:WireGuard@lists.zx2c4.com" target="_blank">WireGuard@lists.zx2c4.com</a><br>
<a href="https://lists.zx2c4.com/mailman/listinfo/wireguard" rel="noreferrer" target="_blank">https://lists.zx2c4.com/mailman/listinfo/wireguard</a><br>
</blockquote></div></div></div>-- <br><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><p dir="ltr">Cheers,</p>
<p dir="ltr"><b>Steve Gilberd</b><br>
<span style="color:rgb(102,102,102)">Erayd LTD </span><span style="color:rgb(102,102,102)"><b>·</b></span><span style="color:rgb(102,102,102)"> Consultant</span><br>
<span style="color:rgb(102,102,102)"><i>Phone: +64 4 974-4229 </i></span><span style="color:rgb(102,102,102)"><i><b>·</b></i></span><span style="color:rgb(102,102,102)"><i> Mob: +64 27 565-3237</i></span><br>
<span style="color:rgb(102,102,102)"><i>PO Box 10019, The Terrace, Wellington 6143, NZ</i></span></p>
</div></div>

[-- Attachment #2: Type: text/plain, Size: 148 bytes --]

_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: Seeking suggestions for a WG port to use with restrictive public wifi networks
  2018-11-19 20:53 ` Lonnie Abelbeck
@ 2018-11-19 21:47   ` John Huttley
  2018-11-20 14:23   ` John
  1 sibling, 0 replies; 5+ messages in thread
From: John Huttley @ 2018-11-19 21:47 UTC (permalink / raw)
  To: wireguard

And also 4433 which is used by DTLS

https://wiki.wireshark.org/DTLS

--dad

On 20/11/18 9:53 AM, Lonnie Abelbeck wrote:
>> On Nov 19, 2018, at 2:33 PM, John <graysky@archlinux.us> wrote:
>>
>> Should I stick with the "standard" udp service ports for my
>> trial-and-error based approach?  Wikipedia has an article that lists
>> many of these (List_of_TCP_and_UDP_port_numbers).  Any suggestions are
>> welcomed.
> Possibly: UDP/500 (IPSec IKE) or UDP/4500 (IPSec NAT-T)
>
>
> Lonnie
>
> _______________________________________________
> WireGuard mailing list
> WireGuard@lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/wireguard
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: Seeking suggestions for a WG port to use with restrictive public wifi networks
  2018-11-19 20:53 ` Lonnie Abelbeck
  2018-11-19 21:47   ` John Huttley
@ 2018-11-20 14:23   ` John
  1 sibling, 0 replies; 5+ messages in thread
From: John @ 2018-11-20 14:23 UTC (permalink / raw)
  To: lists; +Cc: wireguard

Good call on these ports, Lonnie.  I am able use use either 500 or
4500 get WireGuard connectivity on my public WiFis.  I also tested
4433 and 1701 (suggested by others in reply to my query) but got a
mixed result with some networks allowing traffic on them and others
not.
On Mon, Nov 19, 2018 at 3:53 PM Lonnie Abelbeck
<lists@lonnie.abelbeck.com> wrote:
>
>
> > On Nov 19, 2018, at 2:33 PM, John <graysky@archlinux.us> wrote:
> >
> > Should I stick with the "standard" udp service ports for my
> > trial-and-error based approach?  Wikipedia has an article that lists
> > many of these (List_of_TCP_and_UDP_port_numbers).  Any suggestions are
> > welcomed.
>
> Possibly: UDP/500 (IPSec IKE) or UDP/4500 (IPSec NAT-T)
>
>
> Lonnie
>
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, back to index

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-11-19 20:33 Seeking suggestions for a WG port to use with restrictive public wifi networks John
2018-11-19 20:53 ` Lonnie Abelbeck
2018-11-19 21:47   ` John Huttley
2018-11-20 14:23   ` John
2018-11-19 20:54 ` Steve Gilberd

WireGuard Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/wireguard/0 wireguard/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 wireguard wireguard/ https://lore.kernel.org/wireguard \
		wireguard@lists.zx2c4.com zx2c4-wireguard@archiver.kernel.org
	public-inbox-index wireguard


Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/com.zx2c4.lists.wireguard


AGPL code for this site: git clone https://public-inbox.org/ public-inbox