Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

feature request ~ enable use from port restricted client networks

See original GitHub issue

Some client networks are more locked down than others, limiting traffic to use of only a small number of specific ports. But, even on these limited networks, the usual web ports (“80”, “443”, …) are almost always functional. A VPN connection, in addition to encrypting content, can also liberalize these limited networks back to full operation.

Unfortunately, the current Outline VPN implementation is unusable on those networks, even though other, commercial / main stream, VPN services can be used (eg, Private Internet Access (PIA)).

By allowing use of specific ports, especially port “443” (which is expected to be encrypted) or even “8443” (less ideal), would allow stealth usage on those networks. The server wouldn’t have to be attached specifically to “443”; a server or host firewall could redirect traffic from “443” to another, less privileged port. But, the server would ultimately need to respond to traffic on a specific port or port range.

Not knowing shadowsocks, I’m not sure whether this is already possible. If so, some instruction on a working configuration would be welcome.

I’m happy to assist with a Wiki page detailing the process, if helpful.

Issue Analytics

State:
Created 5 years ago
Reactions:20
Comments:19 (7 by maintainers)

Top GitHub Comments

13reactions

iinevacommented, Sep 16, 2019

Temporary solution:

Edit following files change all current port to you want:

/opt/outline/persisted-state/outline-ss-server/config.yml
/opt/outline/persisted-state/shadowbox_server_config.json
/opt/outline/persisted-state/shadowbox_config.json

Restart containers:

docker restart watchtower
docker restart shadowbox

# Or just restart docker (Ubuntu):
# systemctl restart docker

2reactions

VictoriaRaymondcommented, Jan 4, 2019

Using Shadowsocks on port 443 (or other well-known ports) is not recommended, as Shadowsocks protocol doesn’t look like TLS (that runs on port 443). It is easy to tell that your client connects to some 443 port, but transferring non-TLS data. This is a highly suspicious footprint, and may be easily blocked.

You may consider V2Ray which has an ability to transfer data over TLS+WebSocket. It can combine with web servers (such as Nginx) to create purely HTTPS traffic against censorship.

Here is some reference (mainly in Chinese, sorry):

Top Results From Across the Web

Restrict clients allowed to make remote calls to SAM

The Network access: Restrict clients allowed to make remote calls to SAM security policy setting controls which users can enumerate users and ...

Feature Requests - Goverlan Reach Remote Support

Create a repository where Goverlan customers (worldwide) can upload useful Custom Actions they have created, so they can be shared with other Goverlan...

Advanced Option Settings On The Command Line | OpenVPN

Here you will find a summary of the Advanced option settings available on the command line inside OpenVPN Access Server.

Remove port 25 restriction from your EC2 instance - AWS

Enter your email address so that AWS Support can contact you with updates about your request. Provide the required information in the Use...

Restrict access to the BIG-IP management interface using ...

Beginning in BIG-IP 14.1.0 you can configure network firewall rules to limit access to the management interface on the BIG-IP system. The ...