Staying connected on the train

Written early in the evening in English • Tags: , , ,

VR-junaverkko blocks most outgoing ports, which is a repeating source of annoyance when traveling. I would think that a traffic shaping approach would be more effective, but maybe I don’t have a sufficient understanding of their bandwith limitations.

I’m an old-school terminal window user, so I was really happy to learn about mosh. It works really well with changing client IP addresses, low bandwidth and intermittent connectivity outages. In other words, the train is an ideal environment for using it.1 Unfortunately it won’t work on the VR trains, as UDP ports 60000-61000 are not open.

My solution is to use mosh over port 4500 (use the -p option), which thankfully is open.2 Works well, but you can only have one user grab that port on the server side. With more than one of your users on the train at the same time, you’d better have dedicated servers or at least dedicated IP addresses per user.

Another old-school trait of mine: IRC. But forget about connecting to port 6667 from the train. Then again, staying connected to anything over TCP is impossible, as connectivity can be disrupted for minutes at a time. (You will notice that even if “just” browsing the web.) Before I had mosh working, I used a proxy on port 1723.3 It still comes in handy for quickly connecting to my IRC session from mobile clients.

Today I’m on the train for 5 hours and I was sad to be cut off from Google Talk again. I should have done this little bit of research months and months ago: turns out you can connect to talk.google.com on port 443 as well (with SSL, just like port 5223, since about 7 years ago). You’ll just be bouncing a lot, but it is generally possible to hold a conversation.

I see that the VR web page has a new section encouraging feedback, so I should probably use that option.

In the mean time, if you are suffering from no connectivity, you could make your favorite services available on the following ports:

  • TCP: 22, 25,4 80, 110, 143, 220, 443, 465, 500, 585, 587, 993, 995, 1723
  • UDP: 53,5 67, 110, 143, 220, 259, 500, 993, 995, 1701, 2746, 4500

There might be more ports open above 4349/TCP or 7542/UDP.


  1. It is also great on a laptop as you move about. It also lets you have your desktop sleep without losing remote terminal sessions. 

  2. Port 4500/UDP is the registered port for NAT traversal (IPsec NAT-T). 

  3. Port 1723/TCP is the registered port for PPTP

  4. Of all the ports, they allow (unauthenticated) SMTP

  5. But they decided to break DNSSEC by blocking large responses over 53/TCP.