Xerobank open only on port 1194?

Discussion in 'privacy technology' started by markoman, Jan 19, 2009.

Thread Status:
Not open for further replies.
  1. markoman

    markoman Registered Member

    Joined:
    Aug 28, 2008
    Posts:
    188
    I was wondering if xerobank accepts connections only on port 1194. This is because I am now on a network with only ports 80 and 443 open... so any chance to use xerobank in this lan? Also, I am using an http proxy.
     
  2. markoman

    markoman Registered Member

    Joined:
    Aug 28, 2008
    Posts:
    188
    Well, I guess that yes, Xerobank is open only on port 1194. Which means it cannot be used in any network with only some ports (usually 80, 443, 25, 110, and few others) open. Which means it cannot be used in most of the public networks.
    Also, I think that it only works in UDP mode, not in TCP mode, making it impossible to use with a proxy. Or maybe I am wrong about this.

    Any help?
     
  3. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    All XeroBank anonymity network servers do both TCP and UDP, and are reachable on port 443.
     
    Last edited: Jan 21, 2009
  4. markoman

    markoman Registered Member

    Joined:
    Aug 28, 2008
    Posts:
    188
    I am trying to connect from this network (http proxy and only port 80 and 443 open) and I keep getting a connection reset. Here is my log:

    Code:
    Thu Jan 22 09:29:54 2009 OpenVPN 2.1_rc9 i686-pc-mingw32 [SSL] [LZO2] [PKCS11] built on Jul 31 2008
    Thu Jan 22 09:29:54 2009 WARNING: Make sure you understand the semantics of --tls-remote before using it (see the man page).
    Thu Jan 22 09:29:54 2009 LZO compression initialized
    Thu Jan 22 09:29:54 2009 Control Channel MTU parms [ L:1560 D:140 EF:40 EB:0 ET:0 EL:0 ]
    Thu Jan 22 09:29:54 2009 Data Channel MTU parms [ L:1560 D:1450 EF:60 EB:135 ET:0 EL:0 AF:3/1 ]
    Thu Jan 22 09:29:54 2009 Local Options hash (VER=V4): '958c5492'
    Thu Jan 22 09:29:54 2009 Expected Remote Options hash (VER=V4): '79ef4284'
    Thu Jan 22 09:29:54 2009 Attempting to establish TCP connection with IP_Proxy:8080
    Thu Jan 22 09:29:54 2009 TCP connection established with IP_Proxy:8080
    Thu Jan 22 09:29:54 2009 Send to HTTP proxy: 'CONNECT vpngate.us.xerobank.com:443 HTTP/1.0'
    Thu Jan 22 09:29:57 2009 HTTP proxy returned: 'HTTP/1.0 200 Connection established'
    Thu Jan 22 09:29:59 2009 Socket Buffers: R=[0->0] S=[0->0]
    Thu Jan 22 09:29:59 2009 TCPv4_CLIENT link local: [undef]
    Thu Jan 22 09:29:59 2009 TCPv4_CLIENT link remote: IP_Proxy:8080
    Thu Jan 22 09:30:00 2009 TLS: Initial packet from IP_Proxy:8080, sid=36a05e05 4bf4336e
    Thu Jan 22 09:30:13 2009 VERIFY OK: depth=1, /C=PA/ST=PA/L=Panama_City/O=XeroBank_VPN_CA/CN=XeroBank_VPN_CA_CA/emailAddress=vpn-ca@xerobank.com
    Thu Jan 22 09:30:13 2009 VERIFY OK: nsCertType=SERVER
    Thu Jan 22 09:30:13 2009 VERIFY X509NAME OK: /C=PA/ST=PA/L=Panama_City/O=XeroBank_VPN_CA/CN=vpngate.us.xerobank.com/emailAddress=vpn-ca@xerobank.com
    Thu Jan 22 09:30:13 2009 VERIFY OK: depth=0, /C=PA/ST=PA/L=Panama_City/O=XeroBank_VPN_CA/CN=vpngate.us.xerobank.com/emailAddress=vpn-ca@xerobank.com
    Thu Jan 22 09:30:32 2009 Connection reset, restarting [0]
    Thu Jan 22 09:30:32 2009 TCP/UDP: Closing socket
    Thu Jan 22 09:30:32 2009 SIGUSR1[soft,connection-reset] received, process restarting
    Thu Jan 22 09:30:32 2009 Restart pause, 5 second(s)

    And here is the config file I am using:

    Code:
    client
    dev tun
    
    proto tcp
    
    remote vpngate.us.xerobank.com 443
    
    resolv-retry infinite
    nobind
    persist-tun
    mute-replay-warnings
    tls-client
    ca xbca.crt
    cert best-effort.crt
    key xb.key
    dh xb-dh2048.pem
    keepalive 20 200
    cipher BF-CBC
    cipher AES-256-CBC
    
    tls-remote vpngate
    ns-cert-type server
    route-delay 2
    redirect-gateway def1
    
    ;explicit-exit-notify 3
    
    ns-cert-type server
    comp-lzo
    verb 3
    What is wrong?
     
    Last edited: Jan 22, 2009
  5. markoman

    markoman Registered Member

    Joined:
    Aug 28, 2008
    Posts:
    188
    Ok, I got it to work. Here is my best effort.ovpn for anyone interested:

    Code:
    client
    dev tun
    
    --proto tcp-client
    
    remote vpngate.us.xerobank.com 443
    
    resolv-retry infinite
    nobind
    persist-tun
    mute-replay-warnings
    tls-client
    ca xbca.crt
    cert best-effort.crt
    key xb.key
    dh xb-dh2048.pem
    keepalive 20 200
    cipher BF-CBC
    cipher AES-256-CBC
    
    tls-remote vpngate
    ns-cert-type server
    route-delay 2
    redirect-gateway def1
    
    ;explicit-exit-notify 3
    
    ns-cert-type server
    comp-lzo
    verb 3
     
  6. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    All of that looks right. We'll tackle it in a few hours.
     
  7. markoman

    markoman Registered Member

    Joined:
    Aug 28, 2008
    Posts:
    188
    I have solved, and in my post above you can see how I solved it. The problem was that I was using "proto tcp" and not "proto tcp-client".
     
  8. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    interesting, because I am using it doing proto tcp, not proto tcp-client.
     
  9. markoman

    markoman Registered Member

    Joined:
    Aug 28, 2008
    Posts:
    188
    I still have a problem, since it looks like I am having a DNS leak (I guess because of proxy).
    I have set my DNS to openDNS, but still I can see DNS requests going in clear through the proxy (which filters the sites I can reach). I think I have to use the "push" line somewhere in my client configuration file of xerobank, but I can't figure out how.
    Any help? Steve, I count on you :)
     
  10. markoman

    markoman Registered Member

    Joined:
    Aug 28, 2008
    Posts:
    188
    Ok, stupid me. I had just forgot to change proxy settings in my browser, so all my web traffic was still going through the local proxy, which is not necessary anymore.
    Problem solved.
     
  11. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    Ah ha. What kind of proxy were you employing in your browser? I would like to help other users avoid this problem.
     
  12. geazer40

    geazer40 Registered Member

    Joined:
    Jun 11, 2008
    Posts:
    128

    i would also like steve to know how you done this because if steve is asking the reply the other day to me about we at xerobank will have this sorted on monday sugests thats another thing he says but does not come off
     
  13. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    Geazer, my impression is that he is saying the issue was he was running a different proxy, and *that* proxy was what he was detecting as the leak. That wouldn't be much of a surprise, but I'm still interested in how it was setup to see if others might be doing themselves harm that way as well.

    As for the change I suggest would be taken care of on Monday? It is done, as I said it would be.
     
  14. markoman

    markoman Registered Member

    Joined:
    Aug 28, 2008
    Posts:
    188
    What I meant is that I had Firefox still setup to go through a proxy, and since the proxy is on the local network it wasn't being routed through the VPN. So that part of the traffic was unencrypted.
     
  15. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    That makes sense, because our network wouldn't be trying to reach a locally routed address like a local proxy on 192.168.x.x or somesuch. It would try your local network interfaces first, which have their own DNS, naturally.
     
Loading...
Thread Status:
Not open for further replies.