AR-300M16 2.264 how to close port 443 (ShieldsUp!)

whatid · January 28, 2019, 9:55pm

Hello,

after checking with ShieldsUp! the result was open port 443 which suggested a potential vulnerability and should be closed. How can I do that please? It is an AR-300M16 2.264. Please do not suggest to upgrade as this is a stable firmware for my openvpn.

thank you

jeffsf · January 29, 2019, 1:29am

That you’ve got port 443 open to the public Internet and you don’t know why is concerning. Have you installed or configured a public web server intentionally?

If you’re not intentionally serving web pages over HTTP-S to the public Internet, checking your firewall rules to make sure that 443 is blocked for input from “WAN” would be a wise idea. Checking the configuration for nginx or uhttpd, whichever you’re using for LuCI would be wise as well. In my opinion, it should only “listen” on a protected interface, either a management interface for advanced users, or “LAN” for other users.

(BTW, “Shields Up” is an interesting tool for a quick check, but many security-aware users and professionals find significant fault with its output and the interpretations if the results it provides.)

whatid · January 29, 2019, 7:39am

I have found out that port 443 opens when I set openvpn on router (safervpn). How can I avoid this?

In firewall rules there is no rule for port 443, neither nginx or uhttpd configuration.

I have checked port 443 with other tools too, it is confirmed open.

How can set a rule to block 443 for input from WAN?

Please advise

kyson-lok · January 29, 2019, 8:26am

You can ssh to the router, execute cat /etc/config/firewall. Show the firewall configuration file in here.

jeffsf · January 29, 2019, 2:20pm

Check your OpenVPN config. I would bet that it is set to listen for clients on port 443. Port 443 is commonly used as firewalls at other locations typically do not block the port, at least for TCP.

Shodan · May 14, 2022, 9:35am

I have the same issue. The .ovpn doesn’t openly say anything about 443 and there is no listener option in the gui mistakenly activated, and blocking it in the firewall doesn’t work.

wcs2228 · May 14, 2022, 3:57pm

OpenVPN TCP connections use Port 443. OpenVPN UDP connections use Port 1194.

EDIT:
OpenVPN may use TCP as a fallback, by default, in case UDP fails.

I do not work for and I do not have formal association with GL.iNet