By default most people run Wireguard on port 51822. This of course shows that you are running a VPN. Is it better to run on another port, for example 443? But I heard that some ISPs frown on that.

What do the folks here think?

  • NightDice@feddit.de
    link
    fedilink
    English
    arrow-up
    6
    ·
    1 year ago

    Generally speaking, you never want to use a low port (<1024) for anything other than the service assigned to it, because it causes all kinds of headache. Both on your side and on the other side. As for high ports, pick whichever one you prefer. They don’t have any binding to a given service, though there are some conventions.

    The thing that shows people you’re running a VPN is not the port but the protocol header, so changing the port is pretty much useless if you want your ISP to not know you’re running a VPN for some reason.

    • Freeman@lemmy.pub
      link
      fedilink
      English
      arrow-up
      6
      ·
      1 year ago

      Tbh I moved my VPS vpn to port 443 because some public networks (ie; public wifi) will block the default ports (ie 1194 for openvpn).

      • GreyBeard
        link
        fedilink
        English
        arrow-up
        4
        ·
        1 year ago

        I’ve had the opposite problem before. I’ve had public networks notice that the traffic on 443 is not actually https and kill it. That’s a little deeper than most places go though.

        • Freeman@lemmy.pub
          link
          fedilink
          English
          arrow-up
          3
          ·
          1 year ago

          I think the only place I had that was at a hospital that clearly had a snort tap running. And yeah the openvpn 1024 psk handshake in order to negotiate a TLS session is a dead giveaway.