Security – How to check that an OpenVPN server is listening on a remote port without using OpenVPN client

openvpnSecuritytelnettesting

I need to check that an OpenVPN (UDP) server is up and accessible on a given host:port.

I only have a plain Windows XP computer with no OpenVPN client (and no chance to install it) and no keys needed to connect to the server – just common WinXP command line tools, a browser and PuTTY are in my disposition.

If I was testing something like an SMTP or POP3 servert I'd use telnet and see if it responds, but how to do this with OpenVPN (UDP)?

Best Answer

Here is a shell one-liner:

echo -e "\x38\x01\x00\x00\x00\x00\x00\x00\x00" | 
   timeout 10 nc -u openvpnserver.com 1194 | cat -v

if there is an openvpn on the other end the output will be

@$M-^HM--LdM-t|M-^X^@^@^@^@^@@$M-^HM--LdM-t|M-^X^@^@^@^@^@@$M-^HM--LdM-t|M-^X...

otherwise it will just be mute and timeout after 10 seconds or display something different.

NOTE: this works only if tls-auth config option is not active, otherwise the server rejects messages with incorrect HMAC.

Best Answer

Related Solutions

How to Telnet to Pop3 server

Security – Our security auditor is an idiot. How to give him the information he wants

Related Topic