Xerobank open only on port 1194?

I was wondering if xerobank accepts connections only on port 1194. This is because I am now on a network with only ports 80 and 443 open... so any chance to use xerobank in this lan? Also, I am using an http proxy.

 

Well, I guess that yes, Xerobank is open only on port 1194. Which means it cannot be used in any network with only some ports (usually 80, 443, 25, 110, and few others) open. Which means it cannot be used in most of the public networks.
Also, I think that it only works in UDP mode, not in TCP mode, making it impossible to use with a proxy. Or maybe I am wrong about this.

Any help?

 

All XeroBank anonymity network servers do both TCP and UDP, and are reachable on port 443.

 

I am trying to connect from this network (http proxy and only port 80 and 443 open) and I keep getting a connection reset. Here is my log:

Code:

Thu Jan 22 09:29:54 2009 OpenVPN 2.1_rc9 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Jul 31 2008
Thu Jan 22 09:29:54 2009 WARNING: Make sure you understand the semantics of --tls-remote before using it (see the man page).
Thu Jan 22 09:29:54 2009 LZO compression initialized
Thu Jan 22 09:29:54 2009 Control Channel MTU parms [ L:1560 D:140 EF:40 EB:0 ET:0 EL:0 ]
Thu Jan 22 09:29:54 2009 Data Channel MTU parms [ L:1560 D:1450 EF:60 EB:135 ET:0 EL:0 AF:3/1 ]
Thu Jan 22 09:29:54 2009 Local Options hash (VER=V4): '958c5492'
Thu Jan 22 09:29:54 2009 Expected Remote Options hash (VER=V4): '79ef4284'
Thu Jan 22 09:29:54 2009 Attempting to establish TCP connection with IP_Proxy:8080
Thu Jan 22 09:29:54 2009 TCP connection established with IP_Proxy:8080
Thu Jan 22 09:29:54 2009 Send to HTTP proxy: 'CONNECT vpngate.us.xerobank.com:443 HTTP/1.0'
Thu Jan 22 09:29:57 2009 HTTP proxy returned: 'HTTP/1.0 200 Connection established'
Thu Jan 22 09:29:59 2009 Socket Buffers: R=[0->0] S=[0->0]
Thu Jan 22 09:29:59 2009 TCPv4_CLIENT link local: [undef]
Thu Jan 22 09:29:59 2009 TCPv4_CLIENT link remote: IP_Proxy:8080
Thu Jan 22 09:30:00 2009 TLS: Initial packet from IP_Proxy:8080, sid=36a05e05 4bf4336e
Thu Jan 22 09:30:13 2009 VERIFY OK: depth=1, /C=PA/ST=PA/L=Panama_City/O=XeroBank_VPN_CA/CN=XeroBank_VPN_CA_CA/emailAddress=vpn-ca@xerobank.com
Thu Jan 22 09:30:13 2009 VERIFY OK: nsCertType=SERVER
Thu Jan 22 09:30:13 2009 VERIFY X509NAME OK: /C=PA/ST=PA/L=Panama_City/O=XeroBank_VPN_CA/CN=vpngate.us.xerobank.com/emailAddress=vpn-ca@xerobank.com
Thu Jan 22 09:30:13 2009 VERIFY OK: depth=0, /C=PA/ST=PA/L=Panama_City/O=XeroBank_VPN_CA/CN=vpngate.us.xerobank.com/emailAddress=vpn-ca@xerobank.com
Thu Jan 22 09:30:32 2009 Connection reset, restarting [0]
Thu Jan 22 09:30:32 2009 TCP/UDP: Closing socket
Thu Jan 22 09:30:32 2009 SIGUSR1[soft,connection-reset] received, process restarting
Thu Jan 22 09:30:32 2009 Restart pause, 5 second(s)

And here is the config file I am using:

Code:

client
dev tun

proto tcp

remote vpngate.us.xerobank.com 443

resolv-retry infinite
nobind
persist-tun
mute-replay-warnings
tls-client
ca xbca.crt
cert best-effort.crt
key xb.key
dh xb-dh2048.pem
keepalive 20 200
cipher BF-CBC
cipher AES-256-CBC

tls-remote vpngate
ns-cert-type server
route-delay 2
redirect-gateway def1

;explicit-exit-notify 3

ns-cert-type server
comp-lzo
verb 3

What is wrong?

 

Ok, I got it to work. Here is my best effort.ovpn for anyone interested:

Code:

client
dev tun

--proto tcp-client

remote vpngate.us.xerobank.com 443

resolv-retry infinite
nobind
persist-tun
mute-replay-warnings
tls-client
ca xbca.crt
cert best-effort.crt
key xb.key
dh xb-dh2048.pem
keepalive 20 200
cipher BF-CBC
cipher AES-256-CBC

tls-remote vpngate
ns-cert-type server
route-delay 2
redirect-gateway def1

;explicit-exit-notify 3

ns-cert-type server
comp-lzo
verb 3

 

All of that looks right. We'll tackle it in a few hours.

 

I have solved, and in my post above you can see how I solved it. The problem was that I was using "proto tcp" and not "proto tcp-client".

 

interesting, because I am using it doing proto tcp, not proto tcp-client.

 

I still have a problem, since it looks like I am having a DNS leak (I guess because of proxy).
I have set my DNS to openDNS, but still I can see DNS requests going in clear through the proxy (which filters the sites I can reach). I think I have to use the "push" line somewhere in my client configuration file of xerobank, but I can't figure out how.
Any help? Steve, I count on you

 

Ok, stupid me. I had just forgot to change proxy settings in my browser, so all my web traffic was still going through the local proxy, which is not necessary anymore.
Problem solved.

 

Ah ha. What kind of proxy were you employing in your browser? I would like to help other users avoid this problem.

 

i would also like steve to know how you done this because if steve is asking the reply the other day to me about we at xerobank will have this sorted on monday sugests thats another thing he says but does not come off

 

Geazer, my impression is that he is saying the issue was he was running a different proxy, and *that* proxy was what he was detecting as the leak. That wouldn't be much of a surprise, but I'm still interested in how it was setup to see if others might be doing themselves harm that way as well.

As for the change I suggest would be taken care of on Monday? It is done, as I said it would be.

 

What I meant is that I had Firefox still setup to go through a proxy, and since the proxy is on the local network it wasn't being routed through the VPN. So that part of the traffic was unencrypted.

 

That makes sense, because our network wouldn't be trying to reach a locally routed address like a local proxy on 192.168.x.x or somesuch. It would try your local network interfaces first, which have their own DNS, naturally.