EN
Русский
TCP
Remote Access
Port 1194 (OpenVPN)
Learn about port 1194 (OpenVPN) - security risks, vulnerabilities, and common uses. Find devices with port 1194 open.
Quick Info
Port Number
1194
Protocol
TCP
Service
OpenVPN
IANA Name
OpenVPN
Service Description
Network port 1194, when using TCP, is predominantly associated with OpenVPN, a widely used open-source virtual private network (VPN) system. OpenVPN allows for the creation of secure point-to-point or site-to-site connections using custom security protocols that rely on SSL/TLS for key exchange. While OpenVPN can operate over both TCP and UDP, the TCP variant on port 1194 is employed when reliable, ordered data delivery is crucial, albeit with a potential performance overhead due to TCP's inherent acknowledgement and retransmission mechanisms. Historically, OpenVPN emerged as a flexible and customizable alternative to traditional VPN solutions like IPSec, offering easier configuration and traversal of firewalls and NAT devices. OpenVPN encapsulates data within SSL/TLS tunnels, providing encryption and authentication to protect data confidentiality and integrity. The TCP mode specifically handles connection establishment and ensures reliable data transfer, making it suitable for environments with strict network conditions or when UDP is blocked.
At a technical level, OpenVPN using TCP on port 1194 functions by establishing a persistent TCP connection between the OpenVPN client and server. The initial handshake involves SSL/TLS negotiation, where the client and server exchange certificates, verify identities, and establish a shared secret key for encryption. After the secure channel is established, all subsequent data packets are encrypted and transmitted over the TCP connection. OpenVPN utilizes a custom protocol for managing the VPN tunnel, including control messages for managing the connection, renegotiating keys, and handling errors. The TCP protocol ensures that packets are delivered in order and without loss, which is essential for applications that require reliable data transfer. However, TCP-over-TCP can lead to performance issues, especially in lossy networks, because of the potential for TCP congestion control mechanisms interfering with each other (TCP meltdown).
## Firewall Recommendations
It is generally recommended to allow traffic on port 1194 (TCP) only if you are running an OpenVPN server and need to provide VPN services. If you are not using OpenVPN, blocking this port can prevent unauthorized access attempts. When allowing traffic, restrict access to only trusted IP addresses or networks. Implement strong authentication mechanisms, such as certificate-based authentication, to prevent unauthorized users from connecting to the VPN. Regularly update OpenVPN software to patch any known security vulnerabilities. Monitor network traffic for suspicious activity, such as excessive connection attempts or unusual data transfer patterns. Consider using a firewall with intrusion detection and prevention capabilities to detect and block malicious traffic targeting port 1194. If possible, consider using UDP instead of TCP, as it generally offers better performance. If using TCP, carefully consider the network environment and potential for TCP-over-TCP issues.
At a technical level, OpenVPN using TCP on port 1194 functions by establishing a persistent TCP connection between the OpenVPN client and server. The initial handshake involves SSL/TLS negotiation, where the client and server exchange certificates, verify identities, and establish a shared secret key for encryption. After the secure channel is established, all subsequent data packets are encrypted and transmitted over the TCP connection. OpenVPN utilizes a custom protocol for managing the VPN tunnel, including control messages for managing the connection, renegotiating keys, and handling errors. The TCP protocol ensures that packets are delivered in order and without loss, which is essential for applications that require reliable data transfer. However, TCP-over-TCP can lead to performance issues, especially in lossy networks, because of the potential for TCP congestion control mechanisms interfering with each other (TCP meltdown).
## Firewall Recommendations
It is generally recommended to allow traffic on port 1194 (TCP) only if you are running an OpenVPN server and need to provide VPN services. If you are not using OpenVPN, blocking this port can prevent unauthorized access attempts. When allowing traffic, restrict access to only trusted IP addresses or networks. Implement strong authentication mechanisms, such as certificate-based authentication, to prevent unauthorized users from connecting to the VPN. Regularly update OpenVPN software to patch any known security vulnerabilities. Monitor network traffic for suspicious activity, such as excessive connection attempts or unusual data transfer patterns. Consider using a firewall with intrusion detection and prevention capabilities to detect and block malicious traffic targeting port 1194. If possible, consider using UDP instead of TCP, as it generally offers better performance. If using TCP, carefully consider the network environment and potential for TCP-over-TCP issues.
Security Information
While OpenVPN itself is generally considered secure, the use of port 1194 (TCP) can introduce security risks if not properly configured and maintained. Improperly configured OpenVPN servers can be vulnerable to denial-of-service (DoS) attacks, where attackers flood the port with traffic to exhaust server resources. Man-in-the-middle (MITM) attacks are also a concern if the OpenVPN server's certificate is not properly validated or if weak TLS ciphers are used. In addition, vulnerabilities in the OpenVPN software itself can expose the server to remote code execution or other security breaches. OpenVPN servers are often targeted by attackers because they provide access to internal networks, making them attractive targets for gaining unauthorized access to sensitive data or systems. Configuration errors, such as weak passwords, default settings, or outdated software, can significantly increase the risk of exploitation.
Known Vulnerabilities
| CVE | Name | Severity | Description |
|---|---|---|---|
| CVE-2020-15078 | OpenVPN AS and Community Edition Denial of Service Vulnerability | Medium | An issue was discovered in OpenVPN Access Server before 2.8.6 and Community Edition before 2.5.0. A remote attacker can exhaust server resources by sending a large number of packets without authentication to the TCP port. |
| CVE-2017-7521 | OpenVPN 2.4.1 DoS Vulnerability | Medium | OpenVPN 2.4.1 and earlier is vulnerable to a denial-of-service attack. By sending a crafted UDP or TCP packet, a remote attacker can cause the OpenVPN process to crash. |
| CVE-2018-10355 | OpenVPN 2.4.5 Information Disclosure | Low | OpenVPN versions before 2.4.6 and 2.3.18 have an information disclosure vulnerability. If a server is configured to use deferred authentication, a malicious client can cause the server to log sensitive information about other clients. The vulnerability is triggered during the deferred authentication process when the server logs the username associated with the client certificate. |
Common Software
- OpenVPN
- pfSense
- OPNsense
- SoftEther VPN
- Viscosity
- Tunnelblick
- OpenVPN Access Server
Find devices with this port
Discover all devices with port 1194 open in any country.
Search Port 1194Find all devices with port 1194 open
ScaniteX scans millions of IPs to find devices with specific ports open. Perfect for security research and network auditing.
Start Mass Scanning