SSl/SSH Questions

[fasi72 0]

How should I configure Comodo for SSL and SSH?

 

What port would you recommend for SSH?

 

SSH and non-tunneled connections use the same server IPs whereas SSL doesn't, why is this?

[Staff 9973]

Hello!

 

About OpenVPN over SSH, our servers listen to ports 22, 53 and 80 of the entry-IP address, and to port 22 of the Alternative Entry-IP address.

 

About OpenVPN over SSL, our servers listen to port 443 of the entry-IP address.

 

About OpenVPN "direct" or "over a proxy", our servers listen to ports 53, 80 and 443 both of the Entry-IP and the Alternative Entry-IP address.

 

In Comodo, for OpenVPN over SSH/SSL you need, on top of the rules described in our guide for Comodo to prevent lekas, to allow communications from "Any IP Address" to 10.50.0.0/255.255.0.0 and from 10.50.0.0/255.255.0.0 to "Any IP Address" (Comodo will display "Any IP address" as "MAC Any" in the rules).

 

There is no generally valid recommendation about which port to choose: if your ISP performs port shaping on some ports, some ports can provide better performance than others.

 

Keep in mind that OpenVPN over SSH or over SSL should be used ONLY if your ISP disrupts OpenVPN communications, because the additional SSH/SSL tunnel causes a performance hit without increasing security. OpenVPN over SSH/SSL have been implemented originally for China only, where OpenVPN connections are disrupted. The purpose of SSH/SSL is to encrypt the OpenVPN typical fingerprint, not to increase significantly the security.

 

There is no such a thing as a non-tunneled connection in our service, unless you explicitly decide to reject the pushed routes by our servers.

 

Kind regards

[fasi72 0]

OK so I added those two rules to Comodo(I assume you only need to allow TCP), ran the batch file(I double clicked it) then ran OpenVPN but it won't connect(see attachment)?

 

I want to use SSH because I suspect my ISP throttles OpenVPN.

[Staff 9973]

@fasi72

 

Hello,

 

there's no attachment in your message, can you please try again? Also, what is your OS, and which server are you trying to connect over SSH?

 

Kind regards

[fasi72 0]

Should be attached now.

 

I'm using XP and trying to connect to Virginis.

[Staff 9973]

Hello,

 

it seems that Putty is either not running or not listening to port 1412. Can you please make sure that you execute the script file (the .bat file) from a command prompt? Also, can you please send us the output?

 

Kind regards

[fasi72 0]

Here's the output.

[fasi72 0]

Bump

[fasi72 0]

Can I get this resolved please?

[Staff 9973]

Hello!

 

Apparently you did not paste all the files generated by the Configuration Generator in your command line current working directory, in particular plink.exe, can you please check?

 

Kind regards

[fasi72 0]

OK it seems to be working now thanks, but

 

Would you recommend SSL or SSH?

 

Should I enter the all the different SSL server IPs into Comodo?

[Staff 9973]

OK it seems to be working now thanks, but

 

Would you recommend SSL or SSH?

 

Hello,

 

assuming that your ISP throttles SSL and SSH in the same way, SSH implementation is generally more efficient.

 

 

Should I enter the all the different SSL server IPs into Comodo?

 

Yes, you need to authorize communications with all the entry-IP addresses of the VPN servers you wish to connect to, as usual.

 

Kind regards

[fasi72 0]

OK I'll go with SSH then to save entering all those IPs, but I've got two new problems:

 

Only the AirVPN site works

 

Some of the .bat files don't work(see attachment)

[fasi72 0]

Still having problems see above post

[fasi72 0]

Sigh, can you please reply already!