• 0 Posts
  • 9 Comments
Joined 1 year ago
cake
Cake day: December 14th, 2023

help-circle
  • So I’m not sure if this is the problem affecting your friend, however, RCS messaging uses additional ports rather than just the standard tcp/443 port to send traffic. This port is specifically tcp/5223. If your friend connects to a wireless network that has a firewall that doesn’t have the port open, then the RCS messages will fail to send/receive until they are either connected to their cellular network or a wireless network that doesn’t have that port blocked.

    The catch is, if you try to send a message while you are on a network where the traffic isn’t allowed, the RCS message doesn’t attempt to resend right away after changing to a network where the traffic is allowed.

    I have a firewall in my house that has very strict rules and I had to enable a firewall policy to allow this traffic to be able to send / receive RCS messages when I was connected to my home’s WiFi. My wife’s company WIFi network has that port blocked so she doesn’t connect to it anymore and RCS works just fine.

    If you want to see if this is the case for your friend’s phone, have them use their mobile network while sending / receiving RCS messages to test.


  • This VPN protocol usually uses a private key (client) / public key (server) combo that is used to connect through a public IP address (the 2 nodes can’t communicate it without) using the specified TCP or UDP (more often lately) and port to create the VPN tunnel that’s gets established during the handshakes.

    There is a whole lot more going on with the process but that’s a high level view. But I have a WireGuard VPN service running on a raspberry pi that I put in a DMZ on my perimeter firewall.

    But a port scanner would be able to see that port is open. Make sure you keep your software up to date. Hopefully the software devs of the VPN application is keeping their stuff up to date to avoid any vulnerabilities getting exposed in the code and a backdoor getting created because of it. As long as that doesn’t become an issue, no one will be able to get through without the private key. And those are usually uncrackable in a lifetime with the complexity and length of the key.




  • I’m not in front of my computer atm, but I think I have something that can help you out. I have a 3-node Lenovo Thin client cluster that I manage their KVMs using the Intel vPro. I even went a step further using MeshCentral running on a VM to centralize my KVM access since I have 3 of them, but that’s another story.

    Anyway, I’ll see if I can grab you some URLs in the morning if someone else doesn’t beat me to it or you find it on your own running google queries.






  • Did you setup a NAT on the firewall? You have to setup a static NAT on the interface that your Public IP sits on and to the private IP address of your VPS (you are using a private network space from one of the other interfaces on your FW right?).

    Make sure that the policy that you create with the NAT includes UDP 51820 (unless you changed the default port) People often mistake using TCP which is a different protocol. If that doesn’t work, then look at the traffic on your FW