Use static network ports for adding a second device

Feature Proposal
1

While trying Deltachat for small/medium business use I came across the following issue: desktops and mobile phones are in different VLANs. Traffic between VLANs passes a router/firewall, which only allows specific connections. See also this thread: Add second device: which network connections are made?

Expected behavior

I need to allow inter VLAN connections in the firewall to Deltachat destination ports, so that mobile phones can be added as second device to existing desktop clients.

Actual behavior

When adding a second device Deltachat choses a random network port for the incoming connection. I cannot allow a random port in the firewall.

Solution

Deltachat should try some static ports for incoming connections first. If those ports are already in use by other tools, use a random port.

Examples:

  1. try port 62009 first, then random: a single port is more likely to be already occupied, so…
  2. try ports 62009-620011 first, then random. Easy to configure in firewall.
  3. try ports 62009, 63009, 64009 first, then random. Probably the highest chance to get a free static port.

Falling back to random port makes sure it will always work for the home user just like before.

2 Likes
Add second device: which network connections are made?
2

Is there any case for trying a set port in amongst some random ones, to avoid fingerprinting? IRL people will add contacts over dodgy LANs.

3

Hi, what do you mean by fingerprinting here? The dodgy LAN owner can recognize that you are probably using Deltachat?

Is it a good idea to add second devices on untrusted LANs? Is the connection encrypted and authenticated?

4

Yes, some countries block traffic that is recognisably from tools they ban, and they may require that private individuals implement such censoring configs. At the extreme, Russia restricts use of non-whitelisted mailservers!

The connection is encrypted but I don’t think that would hide the port. :slight_smile:

5

I don’t see how this is related to the "add second device” function :roll_eyes:

1 Like
6

Fair, I was thinking that a similar setup might be used for adding contacts, without reason. Adding a second device onwan adversary-configured network would be a rarer concern.