Solved: EasyVPN and TCP ports

StanDamen · ‎03-22-2010

Hey folks,

Got another problem with EasyVPN that requires some assistance.

Or actually, not as much a problem but more a wish.

I saw that easyVPN is able to send the VPN traffic over TCP.

You can also specify the port to use.

vpnclient ipsec-over-tcp port <port number>

Now it would be really great if it would be possible to set up the tunnel over a standard port
that is open on most firewalls: 443

Unfortanetly when i do this:

vpnclient ipsec-over-tcp port 443

The tunnel is gone and wont set itself back up.

Is it possible to do this, and send it over 443 or another standard port?

The errors/messages in the EasyVPN server log:

Built inbound TCP connection 625 for outside:10.1.0.2/1075 (10.1.0.2/1075) to identity:10.0.0.1/443 (10.0.0.1/443)

Teardown TCP connection 625 for outside:10.1.0.2/1075 to identity:10.0.0.1/443 duration 0:00:08 bytes 0 TCP Reset-O

Any ideas on this?

Jennifer Halim · ‎03-22-2010

Unfortunately can't use any of the well known ports, ie: anything below port 1024.

View solution in original post

Jennifer Halim · ‎03-22-2010

Unfortunately not on port 443. You would need to use TCP port higher than 1024 for the ipsec-over-tcp port#.

TCP/443 is application specific (well known port) for https, therefore you can't use it and most firewall/application inspection device would inspect it as a normal HTTPS traffic and ipsec-over-tcp does not resemble the HTTPS.

StanDamen · ‎03-22-2010

Yeah thats why 443 would have been great, as it is open pretty much always even at external clients LAN's.

Is there any other common port that can be used?

Jennifer Halim · ‎03-22-2010

Unfortunately can't use any of the well known ports, ie: anything below port 1024.