Port knocking from Mikrotik
Hello. I have an OpenVPN connection between two mikrotik. I would like to hide the OpenVPN port (1194) with Port Knocking. There are many descriptions on the Internet on how to configure it on the server side, but how to make the mikrotik client knock on the server before connecting?
Re: Port knocking from Mikrotik
Not tested, but I guess you can use the fetch command some like this:
Code:Select all
/tool fetch url="remote_host:8888" keep-result=no /tool fetch url="remote_host:9999" keep-result=no /tool fetch url="remote_host:5555" keep-result=no
Re: Port knocking from Mikrotik
WHY?
You have a vpn connection why do you think you need port knocking?
Nevermind, you should drop ovpn and simply use wireguard.
You have a vpn connection why do you think you need port knocking?
Nevermind, you should drop ovpn and simply use wireguard.
Re: Port knocking from Mikrotik
+1000[...] you should drop ovpn and simply use wireguard.
Re: Port knocking from Mikrotik
@anav
depenс what u need , about the performance, yes with wireguard, u can get much more bandwidth then ovpn, but from other way ovpn has own advantages.
it's works same as physical interface (TAP), so you can add vlan on that or put in the bridge, choice btw udp/tcp & port.
depenс what u need , about the performance, yes with wireguard, u can get much more bandwidth then ovpn, but from other way ovpn has own advantages.
it's works same as physical interface (TAP), so you can add vlan on that or put in the bridge, choice btw udp/tcp & port.
Re: Port knocking from Mikrotik
I have yet to see a situation for the majority of users that wireguard doesnt solve.@anav
depenс what u need , about the performance, yes with wireguard, u can get much more bandwidth then ovpn, but from other way ovpn has own advantages.
it's works same as physical interface (TAP), so you can add vlan on that or put in the bridge, choice btw udp/tcp & port.
If ovpn is so good, then why need port knocking.
So be consistent if you are going to espouse NOt wireguard at least have the courtesy to promote IKEv2. You also would do this knowing that OVPN is not fully implemented in ROS.
Re: Port knocking from Mikrotik
If ovpn is so good, then why need port knocking.
添加额外的保护层在服务endpoint (OVPN or any other) never hurts ... and doesn't have much to do with how "protected" service handles possible attacks. It's just that some services are outright dangerous if exposed to the wild without any 3rd party protection due to known vulnerabilities, some don't have similar problems ... yet.
BTW, I'm pretty sure wireguard would work behind this additional shield just fine.
Re: Port knocking from Mikrotik
I have some VPN tunnel (L2TP IPSec) for personal use only and I can see from the logs (Splunk) that there are always someone trying to open the tunnel, so I see the added security using Port Knocking.
On my work computer I can not use Wireguard, since I can not install any extra protocol doe to limited admin access, so that is not an option.
On my work computer I can not use Wireguard, since I can not install any extra protocol doe to limited admin access, so that is not an option.
Re: Port knocking from Mikrotik
Sorry for that, but I can't resist...
https://www.youtube.com/watch?v=nJaEy03MEK0
https://www.youtube.com/watch?v=nJaEy03MEK0
Re: Port knocking from Mikrotik
Great.
It'd get even better if doors actually opened after that port knocking sequence
It'd get even better if doors actually opened after that port knocking sequence
Re: Port knocking from Mikrotik
:facepalm:
Who is online
Users browsing this forum: No registered users and 25 guests