openvpn port 53 bypasses allows restrictions ( find similar ports)

networking wireless-networking vpn firewall bypass
24,654

To identify the magic port, you can use nmap while inside the wifi network, and scan the IP address of your VPS for all UDP and TCP ports:

nmap -sU -sS -p1-65535 <vps ip>

The idea here is that the firewall at the wifi end is blocking packets leaving the local network, but any that get through, must be via open ports. So on the VPS side, you run

tcpdump -i <interface name> host <public IP address of wifi router>

You will need to work out the public address by going to http://whatismyip.com

We are not interested in the results that nmap comes back with, we want to see what tcpdump sees - any packet that makes it to the VPS will have passed through the firewall, so the destination port of the packet will tell us which ports are open:

13:23:32.805549 IP <wifi router>.2154 > <vps>.ssh

The above fragment shows that a packet arrived on the ssh port, which is 22, which must be permitted through the firewall.

Note that while you are able to do DNS queries, it does not follow that port 53 is open to the internet. The usual case is that you are permitted contact to controlled DNS servers, and it is those that can forward DNS requests out to the internet - much like in a domestic setting you often set your router to be the DNS server for the network, and it is the router that resolves queries.

If it is the case that port 53 is open only to specific DNS server, then you can get around it using an IP over DNS tunnel. If you have a VPS running a DNS server and you have a domain name you can can control, you could use iodine which allows you to tunnel IP over DNS queries, and so removes the need for OpenVPN (though running OpenVPN inside the tunnel will ensure your packets are protected. You could also do the same with ssh).

Share:
24,654

Related videos on Youtube

user181216
Author by

user181216

Updated on September 18, 2022

Comments

  • user181216
    user181216 over 1 year

    scenario of wifi : i'm using wifi in hostel which having cyberoam firewall and all the computer which uses that access point. that access point have following configuration 

    default gateway : 192.168.100.1
primary dns server  : 192.168.100.1

    here, when i try to open a website the cyberoam firewall redirects the page to a login page (with correct login information, we can browse internet else not), and also website access and bandwidth limitations.

    once i've heard about pd-proxy which finds open port and tunnels through a port ( usually udp 53). using pd-proxy with UDP 53 port, i can browse internet without login, even bandwidth limit is bypassed !!!

    and another software called openvpn with connecting openvpn server through udp port 53 i can browse internet without even login into the cyberoam.

    both of softwares uses port 53, specially openvpn with port 53, now i've a VPS server in which i can install openvpn server and connect through the VPS server to browse internet.

    i know why that is happening because with pinging on some website(eb. google.com) it returns it's ip address that means it allows dns queries without login.

    but the problem is there is already DNS service is running on the VPS server on port 53. and i can only use 53 port to bypass the limitations as i think. and i can not run openvpn service on my VPS server on port 53.

    so how to scan the wifi for vulnerable ports like 53 so that i can figure out the magic port and start a openvpn service on VPS on the same port. ( i want to scan similar vulnerable ports like 53 on cyberoam in which the traffic can be tunneled, not want to scan services running on ports).

    improvement of the question with retags and edits are always welcomed...

    Another Question

    i'ave made simple client server application in which a external computer acts as server running on UDP port 53 and client running inside the wifi; will connnect to that out side server that is running on UDP port 53. problem is it can't connect that server application. what should be the reason, why client inside wifi can't connect outside server running on UDP port 53 ?

    NOTE : all these are for Educational purpose only, i'm curious about network related knowledge.....

    • Paul
      Paul over 11 years
      Re: another question - is this separate from the original question, or in the context of the blocked wifi router?
    • Paul
      Paul over 11 years
      Answer updated, please see the note at the end
  • user181216
    user181216 over 11 years
    hmmm thanks ... and see another edited question, you might able to answer ...
  • user181216
    user181216 over 11 years
    another question : will it capture UDP ports also ?
  • Paul
    Paul over 11 years
    @user181216 That nmap scan above scans both tcp and udp ports.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

UFW or IPTables on Ubuntu for OpenVPN?
Can't connect to PPTP VPN with ufw enabled on Ubuntu 14.04 with kernel 3.18
UFW for OpenVPN
VPN Issue - successful connection through mobile (iPhone Hotspot) but unsuccessful through home WIFI
WireGuard VPN and Uncomplicated Firewall
Network Connections: Cannot Load Dialog. Error 623: The system could not find the phone book entry for this connection
How to bridge tap to eth0 on raspberry pi?
Can you use the Wi-Fi of a router when set in bridge mode?
Connect To Shared Folder When Connected To VPN
How to use iptables to allow traffic only through ONE SPECIFIC VPN