OpenVPN on port 80



  • Hello.
    Is it safe to have OpenVPN listening (allowing all traffic to "This Firewall") on TCP/80 while protocol for webConfigurator is set to <https>in <system>- <advanced>Should be ok to my logic, but I do not know how WebGUI binding and etc works under the hood, so it is worth double checking.</advanced></system></https>


  • Rebel Alliance Developer Netgate

    Yes, so long as you disable the GUI redirect that occupies port 80 by default: System > Advanced, check "Disable webConfigurator redirect rule" and save

    And remember that running OpenVPN on TCP can be problematic and slower than UDP, any loss outside the tunnel is compounded by the inner and outer TCP connections attempting to resend, etc, etc.

    In some cases it's necessary though, to get around restrictions in other remote networks.

    You might still run into some issues if anyone remotely does protocol enforcement. With non-HTTP traffic on port 80, it might be dropped by a filter or proxy in between the client and your firewall.


Log in to reply