Solved: Re: RV042 leaves ports 80 and 443 open to Shields UP! when using

newkansan · ‎01-03-2012

Is there a way to use QuickVPN with the RV042 without leaving ports 80 and 443 wide open to Shields UP! scans? As a workaround, I am forwarding these ports to a non-existent IP and forcing QuickVPN to use port 60443. Yes, 60443 shows as open too if I scan it, but at least it's not in the first 1056 ports.

Any help greatly appreciated.

Router is Linksys-branded, using latest firmware for this hardware (1.3.13.02-tm)

jasbryan · ‎01-03-2012

Tim,

As shields up is a really good tool to run inside your network to get an idea on what ports are open. It's better to run the scan from a computer that isn't behind your network. I use nmap http://nmap.org/ and scan my network from the outside to get a better idea on which ports will show open. Since Shields up is ran on your computer it will show results based on your computers firewall also. Yes Qvpn requires either 443 or 60443 to be listening by the router to make a connection.

Thanks,

Jasbryan

View solution in original post

jasbryan · ‎01-03-2012

Tim,

Qvpn doesn't use port 80 - only 443 and 60443 as connection listening ports (Also 500/4500) Not sure why port 80 was showing opened , make sure remote management was disabled and on a different port other than 80. No way to disable ports beside what you have done. You could possibly set up ACL’s to block all traffic on port 80 & 443 also.

Hope this helps,

Jasbryan

newkansan · ‎01-03-2012

Hi Jasbryan,

Thanks for the reply. I do have remote management disabled. When I was testing, I noted when I turn off HTTPS in the Firewall settings, ports 80 and 443 become stealthed (closed and NOT responding to connection attempts). When I enable HTTPS in the Firewall settings (which QuickVPN requires), then port 80 shows as OPEN, while 443 is stealthed. If I forward port 80 to a non-existent IP and rescan, port 80 is now stealthed, while port 443 (which showed stealthed when 80 was not being forwarded) shows as open! Bizarre behavior. So this is why I've been forwarding both 80 and 443 to non-existent IPs.

So QuickVPN requires an open port in order to connect? I am forcing it to use 60443, which Shields Up also shows as open if I manually scan it.

jasbryan · ‎01-03-2012

Tim,

As shields up is a really good tool to run inside your network to get an idea on what ports are open. It's better to run the scan from a computer that isn't behind your network. I use nmap http://nmap.org/ and scan my network from the outside to get a better idea on which ports will show open. Since Shields up is ran on your computer it will show results based on your computers firewall also. Yes Qvpn requires either 443 or 60443 to be listening by the router to make a connection.

Thanks,

Jasbryan

newkansan · ‎01-05-2012

In my opinion, requiring a port to be wide open for VPN to work could be considered a bug by way of security flaw. What is the proper procedure for reporting bugs?

newkansan · ‎01-03-2012

Thank you, Jasbryan. A note and small correction: Shields Up can only test your public IP's most WAN-facing connection. In my case it is the RV042. For example, if you have multiple routers daisy-chained, Shields Up only tests the one directly connected to your modem. It stands to reason, therefore that any particular machine's firewall settings will have no bearing on Shields Up results. It's testing on your public IP, not any private IPs.

Is it normal for a VPN to require open ports, or is this a QuickVPN-specific feature? I would think that such ports wouldn't need to be advertised as open, that some technology could be used to "stealth" them.

RV042 leaves ports 80 and 443 open to Shields UP! when using QuickVPN