VPN through port 443 plus https more secure?

Question

My vpn allows me to use TCP 443. I heard that using VPN through port 443 is more secure.

If I use VPN on port 443 it means that vpn tunnel will run through port 443 and the traffic would appear as if it is SSL traffic.

Can I use vpn on TCP port 443 and at the same time use SSL version of the website?

I have a doubt that if I use VPN on port 443 and open an https website will the traffic run through the VPN tunnel inside port 443 or there is no benefit to use https version of the site and vpn on port 443 simultaneously or does it mean 3x times more security first traffic running through port 443, second encrypted vpn tunnel and third https encrypted version of the site inside the tunnel ?

Answer 1

Let me start with a diagram!

You <------> Internet <-------> VPN <--------> Website (with HTTPS)

So the idea behind using a VPN is to securely transmit data to and fro on a public network.

So let me answer your questions:

1. Yes, your traffic will be tunneled through 443. So it is a secure tunnel.
2. Yes, you can use both your secure tunnel and the secure version of the website (HTTPS version). The HTTPS is basically between the website and the VPN endpoint.
3. It is definitely not an issue if you use the secure (HTTPS) version of the site through your secure tunnel. It doesn't really mean 3x more security. But it's definitely not a bad idea.

Hope this helps!

Answer 2

A web service that is listening on port 443 can serve normal TLS/SSL encrypted web traffic (HTTPS) or be configured as a VPN server to handle VPN traffic. It cannot do both at the same time on the same port. It is either going to be 1) HTTPS, 2) VPN, or 3) some other undefined/non-standard thing. But it can only one of these.

VPN being on 443 has nothing to do with being more secure. The port number does not make it more secure. Whether the VPN is listening on 1194, 52013, or 443, its security depends on its configuration.

Why then 443? You answered the question: it provides a way to get around firewalls that would otherwise seek to block you from accessing a VPN because the traffic over the port is not discernible from normal HTTPS traffic without a considerably deeper analysis of the data.

Answer 3

A VPN and HTTPS are two different use cases, and neither is a replacement for the other:

• A VPN acts as an intermediary network node between you and your final destination that will encrypt the traffic from your machine until that node. Any traffic between the VPN node and the destination may or may not be encrypted (and/or intercepted). It may also serves as a cloak for hiding your final destination from snoopers between your machine and the VPN node (e.g. your ISP). All of this comes with caveats (e.g. DNS-leaking) which the user must watch out for.

• HTTPS allows serving end-to-end encrypted content between your machine and the final destination. Note that it is still possible to tell you are interacting with this website, just not spying on the content of the traffic.

VPN providers offer their service on port 443 as a censorship-evasion measure. Since port 443 is the default port for HTTPS content, censors are deterred from blocking the port altogether since it would mean blocking all of HTTPS traffic, which is a very high cost for just blocking VPNs disguising their traffic as "HTTPS". Note that there are measures to hamper the use of VPNs other than port-blocking.

There is no intrinsic security-related benefit for offering a VPN connection on port 443. Any traffic of any kind can technically be served through any port. However, for computer networks work in a sane way, there needs to be a consensus on what port to use for what type of traffic, as recorded here. This is how your browser knows to connect to port 443 when you type in https://, or 80 when you type in http://.

I have a doubt that if I use VPN on port 443 and open an https website will the traffic run through the VPN tunnel inside port 443

You can visit an HTTPS website through a VPN tunnel, even if both are served on port 443; it works. The ports here are inconsequential to you since, in both cases, they are the ports on the respective servers, not your own machine.

or there is no benefit to use https version of the site and vpn on port 443 simultaneously

There is no intrinsic benefit, it depends on your threat model. I explained above some merits and shortcomings of both use cases. If you are concerned with the confidentiality of your traffic with an HTTPS website, but not that someone will know you are using this website at all (e.g. banking maybe?), then you have no need of a VPN. If you are concerned with snoopers seeing that you are interacting with a certain website or service, then perhaps a VPN can help.

or does it mean 3x times more security first traffic running through port 443, second encrypted vpn tunnel and third https encrypted version of the site inside the tunnel ?

No, network security doesn't work like that. Adding a VPN in the mix means that the VPN provider is one extra actor that will be able to tell what you are doing. A VPN provider is in fact in a really good position for spying on you: they know who you are and they know what website you are interacting with. They probably won't be able to crack the HTTPS traffic, but if you visit clearweb HTTP websites (or other unencrypted services), they will see everything.

Do you trust your VPN provider more than your ISP?

Disclaimer: a VPN is a poor anonymity solution. Providers keep logs of your activity even if they say they don't. Look up Tor instead of your VPN if you are concerned with privacy.