• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Additional VPN server on port 443 getting transport errors

Scheduled Pinned Locked Moved OpenVPN
4 Posts 2 Posters 2.0k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • N Offline
    NasKar
    last edited by Oct 14, 2017, 1:09 PM

    From what I've read hotels etc block ports other that 80 and 443 TCP so I'd like to have an option to connect on port 443/tcp.
    My setup:
    One WAN address with DDNS. I have openvpn setup and working on port 1195 UDP and a nextcloud server on port 443.

    I've created a new openvpn server on port 443/TCP with all the same setting as the 1195 one except it uses a different IPv4 tunnel network (172.16.3.0/24) and custom options has port-share 'localIP of my nextcloud server' 443 as described in https://doc.pfsense.org/index.php/Sharing_a_Port_with_OpenVPN_and_a_Web_Server
    I added a firewall rule to the WAN interface the same as the 1195 one with the protocol of TCP and port 443.

    When I try to connect on my iphone I get EVENT: TRANSPORT_ERROR Transport error on 'xxxxxx.ddns.net: TCP_SIZE_ERROR [ERR].

    Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz
    2 CPUs: 1 package(s) x 2 core(s)
    AES-NI CPU Crypto: No
    2 Gigs Ram
    SSD with ver 2.4.0
    IBM Intel Pro PCI-E Quad Port 10/100/1000 Server Adapter 39Y6138 (K210320)

    1 Reply Last reply Reply Quote 0
    • N Offline
      NasKar
      last edited by Oct 27, 2017, 8:24 PM

      In case it helps others.  I had a nextcloud server with port forwarding to port 443 as well.  After disabling it and adding port-share x.x.x.x 443 to the OpenVPN server per https://doc.pfsense.org/index.php/Sharing_a_Port_with_OpenVPN_and_a_Web_Server it works.

      Is there any downside to using port-share?
      Can I get the server to automatically switch from UDP 1195 to TCP 443 if UPD 1195 is blocked?

      Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz
      2 CPUs: 1 package(s) x 2 core(s)
      AES-NI CPU Crypto: No
      2 Gigs Ram
      SSD with ver 2.4.0
      IBM Intel Pro PCI-E Quad Port 10/100/1000 Server Adapter 39Y6138 (K210320)

      1 Reply Last reply Reply Quote 0
      • K Offline
        kejianshi
        last edited by Oct 27, 2017, 9:22 PM

        After you share the port, put your web gui on some other rarely used unassigned port.  If you have a bad case of alzheimer's, write it down and save it in your favorites.

        1 Reply Last reply Reply Quote 0
        • N Offline
          NasKar
          last edited by Oct 27, 2017, 9:43 PM

          @kejianshi:

          After you share the port, put your web gui on some other rarely used unassigned port.  If you have a bad case of alzheimer's, write it down and save it in your favorites.

          By web gui do you mean pfsense GUI? I currently use http: port 80 for it.

          Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz
          2 CPUs: 1 package(s) x 2 core(s)
          AES-NI CPU Crypto: No
          2 Gigs Ram
          SSD with ver 2.4.0
          IBM Intel Pro PCI-E Quad Port 10/100/1000 Server Adapter 39Y6138 (K210320)

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
            This community forum collects and processes your personal information.
            consent.not_received