Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Additional VPN server on port 443 getting transport errors

    Scheduled Pinned Locked Moved OpenVPN
    4 Posts 2 Posters 1.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N Offline
      NasKar
      last edited by

      From what I've read hotels etc block ports other that 80 and 443 TCP so I'd like to have an option to connect on port 443/tcp.
      My setup:
      One WAN address with DDNS. I have openvpn setup and working on port 1195 UDP and a nextcloud server on port 443.

      I've created a new openvpn server on port 443/TCP with all the same setting as the 1195 one except it uses a different IPv4 tunnel network (172.16.3.0/24) and custom options has port-share 'localIP of my nextcloud server' 443 as described in https://doc.pfsense.org/index.php/Sharing_a_Port_with_OpenVPN_and_a_Web_Server
      I added a firewall rule to the WAN interface the same as the 1195 one with the protocol of TCP and port 443.

      When I try to connect on my iphone I get EVENT: TRANSPORT_ERROR Transport error on 'xxxxxx.ddns.net: TCP_SIZE_ERROR [ERR].

      Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz
      2 CPUs: 1 package(s) x 2 core(s)
      AES-NI CPU Crypto: No
      2 Gigs Ram
      SSD with ver 2.4.0
      IBM Intel Pro PCI-E Quad Port 10/100/1000 Server Adapter 39Y6138 (K210320)

      1 Reply Last reply Reply Quote 0
      • N Offline
        NasKar
        last edited by

        In case it helps others.  I had a nextcloud server with port forwarding to port 443 as well.  After disabling it and adding port-share x.x.x.x 443 to the OpenVPN server per https://doc.pfsense.org/index.php/Sharing_a_Port_with_OpenVPN_and_a_Web_Server it works.

        Is there any downside to using port-share?
        Can I get the server to automatically switch from UDP 1195 to TCP 443 if UPD 1195 is blocked?

        Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz
        2 CPUs: 1 package(s) x 2 core(s)
        AES-NI CPU Crypto: No
        2 Gigs Ram
        SSD with ver 2.4.0
        IBM Intel Pro PCI-E Quad Port 10/100/1000 Server Adapter 39Y6138 (K210320)

        1 Reply Last reply Reply Quote 0
        • K Offline
          kejianshi
          last edited by

          After you share the port, put your web gui on some other rarely used unassigned port.  If you have a bad case of alzheimer's, write it down and save it in your favorites.

          1 Reply Last reply Reply Quote 0
          • N Offline
            NasKar
            last edited by

            @kejianshi:

            After you share the port, put your web gui on some other rarely used unassigned port.  If you have a bad case of alzheimer's, write it down and save it in your favorites.

            By web gui do you mean pfsense GUI? I currently use http: port 80 for it.

            Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz
            2 CPUs: 1 package(s) x 2 core(s)
            AES-NI CPU Crypto: No
            2 Gigs Ram
            SSD with ver 2.4.0
            IBM Intel Pro PCI-E Quad Port 10/100/1000 Server Adapter 39Y6138 (K210320)

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.