WireGuard Archive on lore.kernel.org
 help / Atom feed
* Seeking suggestions for a WG port to use with restrictive public wifi networks
@ 2018-11-19 20:33 John
  2018-11-19 20:53 ` Lonnie Abelbeck
  2018-11-19 20:54 ` Steve Gilberd
  0 siblings, 2 replies; 5+ messages in thread
From: John @ 2018-11-19 20:33 UTC (permalink / raw)
  To: wireguard

Use case: WG VPN server (linux) and iOS clients (I mention that
because the solution need to just-work with the iOS WG client without
extra steps for ease).

Goal: identify a port on which to run WG that has a good chance of
being open to clients on both LTE and public WiFi networks.

I currently run OpenVPN on 80/tcp which works for the vast majority of
networks.  I'd like to switch over to WG.

I found that port 123 is not very compatible with the public networks
I tend to use.  Port 53 seems to work on WiFi, but does not ork due to
Verizon actively blocking traffic on it.  I tried a few higher numbers
including 51820 and 41185 but they seem to be blocked.  I also tried a
few standard service ports including: 80, 443, and 1194 but all of
which failed to connect.

Should I stick with the "standard" udp service ports for my
trial-and-error based approach?  Wikipedia has an article that lists
many of these (List_of_TCP_and_UDP_port_numbers).  Any suggestions are
welcomed.
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: Seeking suggestions for a WG port to use with restrictive public wifi networks
  2018-11-19 20:33 Seeking suggestions for a WG port to use with restrictive public wifi networks John
@ 2018-11-19 20:53 ` Lonnie Abelbeck
  2018-11-19 21:47   ` John Huttley
  2018-11-20 14:23   ` John
  2018-11-19 20:54 ` Steve Gilberd
  1 sibling, 2 replies; 5+ messages in thread
From: Lonnie Abelbeck @ 2018-11-19 20:53 UTC (permalink / raw)
  To: John; +Cc: WireGuard mailing list


> On Nov 19, 2018, at 2:33 PM, John <graysky@archlinux.us> wrote:
> 
> Should I stick with the "standard" udp service ports for my
> trial-and-error based approach?  Wikipedia has an article that lists
> many of these (List_of_TCP_and_UDP_port_numbers).  Any suggestions are
> welcomed.

Possibly: UDP/500 (IPSec IKE) or UDP/4500 (IPSec NAT-T)


Lonnie

_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: Seeking suggestions for a WG port to use with restrictive public wifi networks
  2018-11-19 20:33 Seeking suggestions for a WG port to use with restrictive public wifi networks John
  2018-11-19 20:53 ` Lonnie Abelbeck
@ 2018-11-19 20:54 ` Steve Gilberd
  1 sibling, 0 replies; 5+ messages in thread
From: Steve Gilberd @ 2018-11-19 20:54 UTC (permalink / raw)
  To: wireguard

[-- Attachment #1.1: Type: text/plain, Size: 1700 bytes --]

Have you tried 1701/udp? That's the standard L2TP port - it's unlikely to
be particularly useful on networks which deliberate block VPN access, but
I've encountered a number of networks on which that port was usable, and
not much else.

Cheers,
Steve

On Tue, 20 Nov 2018 at 09:38 John <graysky@archlinux.us> wrote:

> Use case: WG VPN server (linux) and iOS clients (I mention that
> because the solution need to just-work with the iOS WG client without
> extra steps for ease).
>
> Goal: identify a port on which to run WG that has a good chance of
> being open to clients on both LTE and public WiFi networks.
>
> I currently run OpenVPN on 80/tcp which works for the vast majority of
> networks.  I'd like to switch over to WG.
>
> I found that port 123 is not very compatible with the public networks
> I tend to use.  Port 53 seems to work on WiFi, but does not ork due to
> Verizon actively blocking traffic on it.  I tried a few higher numbers
> including 51820 and 41185 but they seem to be blocked.  I also tried a
> few standard service ports including: 80, 443, and 1194 but all of
> which failed to connect.
>
> Should I stick with the "standard" udp service ports for my
> trial-and-error based approach?  Wikipedia has an article that lists
> many of these (List_of_TCP_and_UDP_port_numbers).  Any suggestions are
> welcomed.
> _______________________________________________
> WireGuard mailing list
> WireGuard@lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/wireguard
>
-- 

Cheers,

*Steve Gilberd*
Erayd LTD *·* Consultant
*Phone: +64 4 974-4229 **·** Mob: +64 27 565-3237*
*PO Box 10019, The Terrace, Wellington 6143, NZ*

[-- Attachment #1.2: Type: text/html, Size: 2706 bytes --]

[-- Attachment #2: Type: text/plain, Size: 148 bytes --]

_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: Seeking suggestions for a WG port to use with restrictive public wifi networks
  2018-11-19 20:53 ` Lonnie Abelbeck
@ 2018-11-19 21:47   ` John Huttley
  2018-11-20 14:23   ` John
  1 sibling, 0 replies; 5+ messages in thread
From: John Huttley @ 2018-11-19 21:47 UTC (permalink / raw)
  To: wireguard

And also 4433 which is used by DTLS

https://wiki.wireshark.org/DTLS

--dad

On 20/11/18 9:53 AM, Lonnie Abelbeck wrote:
>> On Nov 19, 2018, at 2:33 PM, John <graysky@archlinux.us> wrote:
>>
>> Should I stick with the "standard" udp service ports for my
>> trial-and-error based approach?  Wikipedia has an article that lists
>> many of these (List_of_TCP_and_UDP_port_numbers).  Any suggestions are
>> welcomed.
> Possibly: UDP/500 (IPSec IKE) or UDP/4500 (IPSec NAT-T)
>
>
> Lonnie
>
> _______________________________________________
> WireGuard mailing list
> WireGuard@lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/wireguard
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: Seeking suggestions for a WG port to use with restrictive public wifi networks
  2018-11-19 20:53 ` Lonnie Abelbeck
  2018-11-19 21:47   ` John Huttley
@ 2018-11-20 14:23   ` John
  1 sibling, 0 replies; 5+ messages in thread
From: John @ 2018-11-20 14:23 UTC (permalink / raw)
  To: lists; +Cc: wireguard

Good call on these ports, Lonnie.  I am able use use either 500 or
4500 get WireGuard connectivity on my public WiFis.  I also tested
4433 and 1701 (suggested by others in reply to my query) but got a
mixed result with some networks allowing traffic on them and others
not.
On Mon, Nov 19, 2018 at 3:53 PM Lonnie Abelbeck
<lists@lonnie.abelbeck.com> wrote:
>
>
> > On Nov 19, 2018, at 2:33 PM, John <graysky@archlinux.us> wrote:
> >
> > Should I stick with the "standard" udp service ports for my
> > trial-and-error based approach?  Wikipedia has an article that lists
> > many of these (List_of_TCP_and_UDP_port_numbers).  Any suggestions are
> > welcomed.
>
> Possibly: UDP/500 (IPSec IKE) or UDP/4500 (IPSec NAT-T)
>
>
> Lonnie
>
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, back to index

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-11-19 20:33 Seeking suggestions for a WG port to use with restrictive public wifi networks John
2018-11-19 20:53 ` Lonnie Abelbeck
2018-11-19 21:47   ` John Huttley
2018-11-20 14:23   ` John
2018-11-19 20:54 ` Steve Gilberd

WireGuard Archive on lore.kernel.org

Archives are clonable: git clone --mirror https://lore.kernel.org/wireguard/0 wireguard/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 wireguard wireguard/ https://lore.kernel.org/wireguard \
		wireguard@lists.zx2c4.com zx2c4-wireguard@archiver.kernel.org
	public-inbox-index wireguard


Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/com.zx2c4.lists.wireguard


AGPL code for this site: git clone https://public-inbox.org/ public-inbox