Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit here or GitHub Ξ
Ξ If you're looking for tutorials/guides, check out the new https://cryptostorm.is/#section6 Ξ

ECC port 5060?

Looking for assistance with a cryptostorm connection issue? Post here & we'll help out. Also: if you're not sure where to post, do so here & we'll move things around as needed. Also: for quickest support, email our oddly calm & easygoing support reps at support@cryptostorm.is :)

Topic Author
maltfield
Posts: 8
Joined: Mon Jul 24, 2017 2:47 am
Contact:

ECC port 5060?

Postby maltfield » Thu Jul 05, 2018 11:38 pm

Hi,

Why do your ecc servers listen on port 5060 instead of 443?

I was just on a network the other day that had a very strict outgoing port whitelist. They only allowed traffic out on ports 21, 53, 80, 143, 443, 465, 587, 993, 1935, and 4070. Everything else was just dropped before it reached the Internet.

* https://tech.michaelaltfield.net/2018/0 ... tquiz-net/

In the network described above, I would have been effectively banned from cs's ecc servers. Indeed, many networks permit 5060 out, but I think we can all agree that far, far more would allow 443 out.

I imagine that's why the other cs configs use 443, which I've always appreciated.

* https://github.com/cryptostorm/cryptost ... vpn#L7-L10

So why did you change to 5060 for the ecc configs? Is there any reason they can't change to use 443?

User avatar

parityboy
Site Admin
Posts: 1264
Joined: Wed Feb 05, 2014 3:47 am

Re: ECC port 5060?

Postby parityboy » Fri Jul 06, 2018 10:22 pm

@maltfield

The non-ECC instances are already running on UDP/443 which helps to support clients which do not or cannot have the latest version of OpenVPN installed. Additionally, I do not know if OpenVPN can auto-negotiate between ECC and non-ECC ciphers.

Perhaps it can't?

User avatar

df
Site Admin
Posts: 376
Joined: Thu Jan 01, 1970 5:00 am

Re: ECC port 5060?

Postby df » Tue Oct 09, 2018 1:44 am

The ECC instances and the new Ed25519 and Ed448 instances use ports 5060, 5061, and 5062.
The reason for this was as parityboy said, the non-ECC instances are already using other ports.
Only way for us to offer ECC on other ports would be to buy twice (or rather, 3 times) as many IP addresses as we already have.


Return to “member support & tech assistance”

Who is online

Users browsing this forum: Google [Bot] and 22 guests

Login