I block all ports and only have protocol 4 open. Seems to work for me. Is this reasonable?
Jerry, N0MR
-----Original Message----- From: Brian Sent: Tuesday, June 07, 2016 12:41 PM To: 44net@hamradio.ucsd.edu Subject: Re: [44net] Unable to Receive rip44 Datagram
(Please trim inclusions from previous messages) _______________________________________________ James et al;
On Tue, 2016-06-07 at 13:25 -0400, James Sharp wrote:
I haven't run in to 443 "filtering", but I have run into instances where the ISP will drop TCP connections that are active for more than a few minutes, forcing openvpn to restart the connection.
Chances are your issue is the same as mine was. The CPE (router) has a built in watchdog timer that cuts all sockets after a few minutes. Using port 443 wouldn't make any difference. To the average web user this isn't an issue because each time a page is opened/refreshed a new socket is created, thus a new timer engages. The same may be said for services such as pop3/smtp/etc. where you're engaging a new socket each time you pop or send email. As long as the attachments aren't that big where you may exceed the watchdog's timer you'll never notice this.
I was noticing it when someone asked me to ssh into their system to review their config, tweek their system, etc... and SSH would simply get dropped. When I put the ISP's router into bridge mode and installed a wifi router with DD-WRT, I had found where I was able to disable the watchdog timer and have had no trouble with such things since. Yes it's at the expense of having to use a second device and a little more electricity but for now it's fixed the issues.
You also should be able to receive your RIP broadcasts just fine as well.