Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
litespeed_wiki:config:enable_quic [2019/03/26 18:14]
Jackson Zhang [LF_SPI needs to be turned off when CSF used]
litespeed_wiki:config:enable_quic [2020/12/14 04:05]
Eric Leu
Line 27: Line 27:
  
 If there is no extra firewall such as CSF, UDP 443 should be enabled by default. If CSF is used, you need to enable it at the CSF level. ​ If there is no extra firewall such as CSF, UDP 443 should be enabled by default. If CSF is used, you need to enable it at the CSF level. ​
 +ConfigServer Security & Firewall -> csf - ConfigServer Firewall -> Firewall Configuration -> IPv4 Port Settings -> UDP_IN and UDP_OUT should enable ''​443''​.
 +
 {{ :​litespeed_wiki:​config:​udp-443-csf-quic.png?​400 |}} {{ :​litespeed_wiki:​config:​udp-443-csf-quic.png?​400 |}}
  
-Also make sure that ''​UDPFLOOD''​ is set to 0.+Also make sure that ''​UDPFLOOD''​ is set to Off ''​0''​. 
 + 
 ==== Plesk ==== ==== Plesk ====
 If a firewall is activated, you need to enable UDP 443 manually. If a firewall is activated, you need to enable UDP 443 manually.
Line 50: Line 54:
 ===== How to Test UDP Incoming and Outgoing Connections ===== ===== How to Test UDP Incoming and Outgoing Connections =====
 Although you have enabled UDP on 443 on your server, it may be blocked by the data center at the route/​switch/​firewall level. To verify this, you can run the following: Although you have enabled UDP on 443 on your server, it may be blocked by the data center at the route/​switch/​firewall level. To verify this, you can run the following:
 +
 +==== Verify with NC command ====
 ==== Test Incoming ==== ==== Test Incoming ====
 To test incoming UDP connections to your server, you can run the following command from somewhere else, such as your local VM, or your other test client machine, but not within your server to be tested: ​ To test incoming UDP connections to your server, you can run the following command from somewhere else, such as your local VM, or your other test client machine, but not within your server to be tested: ​
Line 62: Line 68:
   Ncat: Version 6.40 ( http://​nmap.org/​ncat )   Ncat: Version 6.40 ( http://​nmap.org/​ncat )
   Ncat: Connected to 74.125.24.104:​443.   Ncat: Connected to 74.125.24.104:​443.
 +
 +==== Verify with TCPDUMP ====
 +Sometimes that ''​nc -vu''​ command is not enough to verify UDP 443 port unless it will return some information back
 +You can verify it with tcpdump, e.g. 
 +Run tcpdump on the website'​s server.
 +
 +  tcpdump -vv udp port 443 -X
 +  ​
 +Run nc command from any client server.
 +
 +  nc -vu YOUR_DOMAIN 443
 +
 +and you should see some output on server if there'​s any UDP port 443 traffic in and out.
  
  
  • Admin
  • Last modified: 2020/12/14 04:05
  • by Eric Leu