this post was submitted on 28 Jun 2023
5 points (100.0% liked)

Privacy Guides

16990 readers
1 users here now

In the digital age, protecting your personal information might seem like an impossible task. We’re here to help.

This is a community for sharing news about privacy, posting information about cool privacy tools and services, and getting advice about your privacy journey.


You can subscribe to this community from any Kbin or Lemmy instance:

Learn more...


Check out our website at privacyguides.org before asking your questions here. We've tried answering the common questions and recommendations there!

Want to get involved? The website is open-source on GitHub, and your help would be appreciated!


This community is the "official" Privacy Guides community on Lemmy, which can be verified here. Other "Privacy Guides" communities on other Lemmy servers are not moderated by this team or associated with the website.


Moderation Rules:

  1. We prefer posting about open-source software whenever possible.
  2. This is not the place for self-promotion if you are not listed on privacyguides.org. If you want to be listed, make a suggestion on our forum first.
  3. No soliciting engagement: Don't ask for upvotes, follows, etc.
  4. Surveys, Fundraising, and Petitions must be pre-approved by the mod team.
  5. Be civil, no violence, hate speech. Assume people here are posting in good faith.
  6. Don't repost topics which have already been covered here.
  7. News posts must be related to privacy and security, and your post title must match the article headline exactly. Do not editorialize titles, you can post your opinions in the post body or a comment.
  8. Memes/images/video posts that could be summarized as text explanations should not be posted. Infographics and conference talks from reputable sources are acceptable.
  9. No help vampires: This is not a tech support subreddit, don't abuse our community's willingness to help. Questions related to privacy, security or privacy/security related software and their configurations are acceptable.
  10. No misinformation: Extraordinary claims must be matched with evidence.
  11. Do not post about VPNs or cryptocurrencies which are not listed on privacyguides.org. See Rule 2 for info on adding new recommendations to the website.
  12. General guides or software lists are not permitted. Original sources and research about specific topics are allowed as long as they are high quality and factual. We are not providing a platform for poorly-vetted, out-of-date or conflicting recommendations.

Additional Resources:

founded 2 years ago
MODERATORS
 

By default most people run Wireguard on port 51822. This of course shows that you are running a VPN. Is it better to run on another port, for example 443? But I heard that some ISPs frown on that.

What do the folks here think?

all 11 comments
sorted by: hot top controversial new old
[–] [email protected] 7 points 1 year ago (1 children)

Generally speaking, you never want to use a low port (<1024) for anything other than the service assigned to it, because it causes all kinds of headache. Both on your side and on the other side. As for high ports, pick whichever one you prefer. They don't have any binding to a given service, though there are some conventions.

The thing that shows people you're running a VPN is not the port but the protocol header, so changing the port is pretty much useless if you want your ISP to not know you're running a VPN for some reason.

[–] [email protected] 7 points 1 year ago (2 children)

Tbh I moved my VPS vpn to port 443 because some public networks (ie; public wifi) will block the default ports (ie 1194 for openvpn).

[–] [email protected] 4 points 1 year ago (1 children)

I've had the opposite problem before. I've had public networks notice that the traffic on 443 is not actually https and kill it. That's a little deeper than most places go though.

[–] [email protected] 3 points 1 year ago

I think the only place I had that was at a hospital that clearly had a snort tap running. And yeah the openvpn 1024 psk handshake in order to negotiate a TLS session is a dead giveaway.

[–] ghariksforge 1 points 1 year ago

Exactly some ports are blocked on managed networks.

[–] TheInsane42 6 points 1 year ago

I used 51968 when I still had WG in use (switched back to the old setup). Anything besides the default (51820 when I used DDG correctly) should be fine. I wouldn't use 443 as that's reserved for https, unless you want loads of https probes to be handled by wg ;) )

[–] [email protected] 4 points 1 year ago (1 children)

Changing ports isn’t a terrible thing, also not the perfect “fix” either, as you can still recognize open ports and scan the service on them.

Some ports are reserved in networking, so should stay away from those.

Some ISPs don’t allow you open ports on 80/443 as those are web hosting ports and they provide a service to consumers to download content from the internet, not for their consumer to be a web hosting provider as well. That’s at the residential level, if you have a business plan that might change, but it might be hard to convince and ISP otherwise.

[–] [email protected] 4 points 1 year ago (1 children)

Just change the port slightly, like 51831 or something. That will help a bit, but VPN traffic can be identified regardless of what port it's on.

[–] ghariksforge 1 points 1 year ago

but VPN traffic can be identified regardless of what port it’s on.

How so?

[–] [email protected] 1 points 1 year ago

picking a different port that isn't also used by another common service will eliminate most of the botscans you'll see otherwise.

... do you have a reason to belive your ISP cares if you run wireguard?