Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

reason to not use port 443 also for the vpn connection? #2951

Open
ne0YT opened this issue Nov 25, 2024 · 3 comments
Open

reason to not use port 443 also for the vpn connection? #2951

ne0YT opened this issue Nov 25, 2024 · 3 comments
Labels
feature-request

Comments

@ne0YT
Copy link

ne0YT commented Nov 25, 2024

Is your feature request related to a problem? Please describe.
form some places tcp 443 is open to the internet, but other ports are not. so it would make life easier to be able to connect to tcp 443 form the netbird clients instead.

Describe the solution you'd like
not only use tcp 443 for the webui but also for the vpn

Describe alternatives you've considered
reverse-proxy
@ne0YT ne0YT changed the title reason to not use port 443 also for the vpn conneciton? reason to not use port 443 also for the vpn connection? Nov 25, 2024
@saule1508
Copy link

I am not sure I understand, but from my experience netbird management and netbird signal both can use 443 (grpc) and for coturn you can also use tcp 443 (address will be turns:...:443?transport=tcp. Also if you use the relay functionality it can use https.
But for wireguard itself, I don't know, I think it uses udp and cannot be changed. Maybe this is what your request would do ?
By having coturn listening on tcp 443 we are able to use netbird client on a restrictive corporate environment (behind zscaler)

@mgarces
Copy link

mgarces commented Nov 29, 2024

hi @ne0YT ; like @saule1508 perfectly described, we already run most of the control layer on TCP 443, but what you are asking is related to Wireguard itself. You can configure your client to run on any port (as long as it's available on your host), but this will be UDP, and on restrictive environments, even if 443 and 80 are allowed (TCP), Wireguard would still be blocked (UDP != TCP). Perhaps the best way you could go around this would be to use UDP 53 (DNS), but again, a restrictive network will probably block all requests to UDP 53 for exact IP addresses (like 1.1.1.1).

@ne0YT
Copy link
Author

ne0YT commented Nov 29, 2024

hi @ne0YT ; like @saule1508 perfectly described, we already run most of the control layer on TCP 443, but what you are asking is related to Wireguard itself. You can configure your client to run on any port (as long as it's available on your host), but this will be UDP, and on restrictive environments, even if 443 and 80 are allowed (TCP), Wireguard would still be blocked (UDP != TCP). Perhaps the best way you could go around this would be to use UDP 53 (DNS), but again, a restrictive network will probably block all requests to UDP 53 for exact IP addresses (like 1.1.1.1).

hi @mgarces how do I configure my client ot use port 443 udp?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature-request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mgarces @saule1508 @ne0YT