On 25/09/13 11:16, jack seth wrote: > Thanks for the response. Yes I have that implemented. I am running > both a TCP and UDP server. Of course it is the TCP that is replying. > Actually the port is listed as 'closed' but I want it to appear as > 'stealth' (i.e. no response).
Just to reiterate - you can't do that with any TCP application. By *definition*, TCP/IP requires a 3-way packet transaction before any client (like openvpn client) can even begin to talk to it. So if you want openvpn to run over TCP, then you have to accept that anyone can "know" you have something running on that port. Of course, they won't be able to tell just what TCP service is running on it (it isn't smtp, http, https, etc) - but they will know something's there PS: either your scanner is broken, or you actually don't have it running on TCP. If scanning a TCP port returns "closed", that 100% means there's nothing running on it (ignoring firewall rules that limit by ip address). It *must* return "open" for any of your openvpn clients to ever be able to use it -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +1 408 481 8171 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 ------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60133471&iu=/4140/ostg.clktrk _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
