Foo over UDP

Posted Oct 7, 2014 0:12 UTC (Tue) by jonabbey (guest, #2736)
In reply to: Foo over UDP by malor
Parent article: Foo over UDP

To ask a silly question, how are you guaranteed to receive the UDP packets sent back to you? Why wouldn't firewalls be filtering those out if you were in a hotel, etc.?

Foo over UDP

Posted Oct 7, 2014 0:23 UTC (Tue) by malor (guest, #2973) [Link] (2 responses)

Most stateful firewalls will set up an implicit accept rule allowing UDP traffic back in for a couple of minutes after you send a packet out. (in iptables, this entry goes into the ESTABLISHED table.) As long as a packet shows up at least once every couple of minutes, the connection will normally stay alive.

Details, of course, are dependent on what OS is being used on the router, its NAT engine, and its configuration. But usually, most of the time, replies are allowed back in.

I don't think I've ever been in a network that blocked OpenVPN. If you use a password, rather than an SSL key exchange, the connection just looks like random bytes. If you're using SSL certs, packet inspection can see the connection setup and key exchange, so they can tell it's a VPN. Inspection engines could block either scenario, and firewall rules could block the UDP traffic, but I've never seen either done in a guest-oriented network.

Foo over UDP

Posted Oct 10, 2014 11:15 UTC (Fri) by mathstuf (subscriber, #69389) [Link] (1 responses)

Is there a way to hide the SSL key exchange with a password? I guess a two-factor setup would be possible as well. I'll have to look into that.

Foo over UDP

Posted Oct 12, 2014 12:38 UTC (Sun) by malor (guest, #2973) [Link]

I don't remember seeing anything about that in the documentation, but I imagine you could probably hack the code to make it work how you wanted.

How easy that would be, though, I dunno.