A current client will still use a v3 eip-service, for these we should use these defaults:
### v3 eip-service.json for clients < 21.3
* geoip bound to port 443 TCP, on frontend node
* openvpn is bound to port 80 TCP
* shapeshifter is bound to 443 TCP
### v4 eip-service.json
see https://0xacab.org/leap/dev-documentation/-/blob/self_healing/client_specs/connection_setup_fallback_strategy.md#generic-client-behavior
Default ports/transports with 1 ingress IP
1194 UDP OpenVPN
53 UDP OpenVPN
80 TCP Pluggable Transports: Question: OpenVPN or PluggableTransports show encrypted traffic to DPI
443 TCP OpenVPN
Second ingress IP
443 TCP PluggableTransports
## Different scenarios
1 gateway IP
in- and egress are the same. This is very likely too easy for a simple outside observer to link traffic to an end-user. Danger mode. Complicates setup a lot with demuxers like sslh and its routing
2 IP-mode
1 ingress and 1 egress IP to mix in- and outgoing traffic of users. It also prevents users to find out about each other (net_gateway in openvpn)
