Additional VPN server on port 443 getting transport errors

NasKar · Oct 14, 2017, 1:09 PM

From what I've read hotels etc block ports other that 80 and 443 TCP so I'd like to have an option to connect on port 443/tcp.
My setup:
One WAN address with DDNS. I have openvpn setup and working on port 1195 UDP and a nextcloud server on port 443.

I've created a new openvpn server on port 443/TCP with all the same setting as the 1195 one except it uses a different IPv4 tunnel network (172.16.3.0/24) and custom options has port-share 'localIP of my nextcloud server' 443 as described in https://doc.pfsense.org/index.php/Sharing_a_Port_with_OpenVPN_and_a_Web_Server
I added a firewall rule to the WAN interface the same as the 1195 one with the protocol of TCP and port 443.

When I try to connect on my iphone I get EVENT: TRANSPORT_ERROR Transport error on 'xxxxxx.ddns.net: TCP_SIZE_ERROR [ERR].

NasKar · Oct 27, 2017, 8:24 PM

In case it helps others. I had a nextcloud server with port forwarding to port 443 as well. After disabling it and adding port-share x.x.x.x 443 to the OpenVPN server per https://doc.pfsense.org/index.php/Sharing_a_Port_with_OpenVPN_and_a_Web_Server it works.

Is there any downside to using port-share?
Can I get the server to automatically switch from UDP 1195 to TCP 443 if UPD 1195 is blocked?

kejianshi · Oct 27, 2017, 9:22 PM

After you share the port, put your web gui on some other rarely used unassigned port. If you have a bad case of alzheimer's, write it down and save it in your favorites.

NasKar · Oct 27, 2017, 9:43 PM

@kejianshi:

After you share the port, put your web gui on some other rarely used unassigned port. If you have a bad case of alzheimer's, write it down and save it in your favorites.

By web gui do you mean pfsense GUI? I currently use http: port 80 for it.