Nodes on port 80,443,..., to work around firewalls

[mrkiko]

I know this isn't a "project issue" in the real sense: nodes are run by volunteers and to them goes my gratitude. So take this as a technical stance, not an "issue" or a "report2.

the problem, from my perspective, is: if we want to replace Skype we should be able to cope with TCP-only newtowkr, and networks that don't allow outgoing connections on "arbitrary" ports. If Tox starts getting used really and by a lot of people, there will be a lot of situations (in my opinion9 where we'll need to work with this. So I think we should think about having more and more nodes running on usually-permitted ports. It' not clean nor nice maybe, but this seems the norm.

Well-accepted ports from my experience: I list here the purposes of the ports to give an idea of why I think these ports are mostly allowed.

• 21 (FTP)
• 22 (SSH)
• 80 (HTTP)
• 443 (HTTPS)
• 587 (SMTP/STARTLS?)
• 873 (RSYNC)
• 5222 (XMPP / Whatsapp / Apple Push ??)
• 5223 (Apple Push?? Don't remember if it's 5223 or 5222)
• 9418 (probably rare, GIT)

this is only what I found, so take it as an example.

Thank you for your great work guys.

[LuccoJ]

Keep in mind that working around firewalls this way may result in sysadmins banning Tox from their networks completely. When sysadmins limit ports, they generally mean it.

[mrkiko]

... Oh, I wasn't referring to working around network restrictions (even if I apreciate it often I should say :D ). But to make tox usable. various software uses well-known ports simply because they end up "working". Look at what Telegram does for example. Or Skype. Then sysadmins can ban Tox from their network anyway probably. I think weneed to be pragmatic in this case. :D Thank you.

[ProMcTagonist]

may result in sysadmins banning Tox from their networks completely.

if they're able to we've failed our users

[LuccoJ]

"Able to"? It's not like Tox is a stealthy app that hides itself... and the normal protocols that run on those ports can be distinguished from Tox.

[ProMcTagonist]

not like Tox is a stealthy app that hides itself

Yet. Traffic disguising has been discussed in the past. But we're drifting off-topic.

[ananace]

If we're talking common ports that often aren't blocked for outgoing traffic, port 53 (UDP and TCP) is a good candidate. Not many people block DNS access after all.

[fcore117]

LuccoJ: tox should work even if someone "sysadmin" try to block tox or else censored countries will use those ways. Only way to block tox should be takedown of whole internet link. Old times i remember that skype was reallly really hard to block.

[LuccoJ]

@fcore117 It's an endeavour I could get behind, just keep in mind that it's very difficult to make traffic from something like Tox completely opaque and indistinguishable from other types of traffic. It would be a much bigger job than just letting Tox run on 80 or 443.

[optimumtact]

At the very least offering some tox nodes running on well known unblocked ports will help users behind restrictive corporate firewalls.

[ElLamparto]

IMHO, first of all the Tox ports should be clearily defined on tox.chat. Then they should be configurable.

[ghost]

IIRC Tor nodes are TCP 443 by default. And many proxies are only allowing TCP 80 and 443.

[LittleVulpix]

When you get the bootstrap daemon, assuming you don't change anything, the ports that are set by default are 33445, 443 and 3389.

[ElLamparto]

@LittleVulpix, tcp, udp or both ? All three are required ?

[GrayHatter]

no, it just tries for all three. if you're running a bootstrap node, you REALLY SHOULD use both. But if you can only UDP that's fine

[ElLamparto]

@GrayHatter, Thanks!

1. Some information on how to run a bootstrap node would be useful,
2. A small, discrete indicator on the GUI, showing if the port is open / incoming connections accepted, would be useful too.

[LittleVulpix]

@ElLamparto

https://wiki.tox.chat/users/runningnodes + https://github.com/irungentoo/toxcore/tree/master/other/bootstrap_daemon how to run a node and https://nodes.tox.chat/ to see which ports/protocols are used on a node. Green = all good, Orange= UDP disabled, Red = down. Click on each row to see all the ports advertised/available by the node, not just the "main" port.

You can contact @Impyy to add you to the node list once you have a running node.