[Solved] Help with adjusting the VPN port
-
I successfully followed the SprakLabs instructions for how to setting up an OpenVPN server with pfSense and Viscosity. That sets up a VPN port of 1194. The IT infrastructure at my work blocks pretty much everything, but Port 443. Since I am not running a web server from my home network, Port 443 is unused, but my work network has to keep that outbound port open for HTTPS.
So, what I would like to do is have the OpenVPN server on my pfSense box also listen to Port 443. How do I do that?
I have tried all sorts of things like:
-
Duplicating the OpenVPN server in pfSense that works and modifying only the local port (from 1194 to 443). I also had to change the tunnel network from 10.8.0.0/24 to 10.8.1.0/24, because pfSense does not allow two OpenVPN servers with the same tunnel network.
-
In Viscosity duplicating the connection preferences of the one that works on Port 1194 and changing the port to 443 and the server to 10.8.1.1.
-
Duplicating the firewall rule for allowing transport on Port 1194 for Port 443.
This did not work. Neither did using the Client Export from the Client Export Package to generate another Viscosity Bundle with the correct parameters.
I must be missing something.
-
-
Use port forward to forward the traffic from port 443 to 1194.
Firewall>NAT>Port Forward
and modify OpenVPN client file to use port 443.But it could impact the access to your pfSense GUI from wan if you use 443(default) to manage your pfSense.
I recommend to change https port. -
Can I forward a WAN port to another WAN port?
If not, with my pfSense box being at 192.168.1.1, can I redirect UDP-Port 443 to UDP-Port 1194 at 192.168.1.1 and have the VPN catch that there is a connection attempt from within the LAN?
-
You can forward the OpenVPN packets to wherever you want, but that makes no sense at all.
This may only be useful if your server is listening on multiple interfaces.First ensure that your pfSense WebGUI is not listening on 443, otherwise you have to change that port as @Zawi already suggested.
Also consider that your company probably only allows TCP, no UDP. So you will have change the protocol in the server for 443 as well.
-
@viragomann said in Help with adjusting the VPN port:
You can forward the OpenVPN packets to wherever you want, but that makes no sense at all.
second this! And if you really want to make it listen to various ports, setup the OpenVPN server itself to "localhost" instead of WAN (port e.g. 1194) and forward all ports you want the OVPN to listen on from your WAN to localhost. Otherwise you would "forward" from WAN to WAN - that's not a good thing to work with and can explode in your face.
Also carefully watch @viragomann 's other hint:
First ensure that your pfSense WebGUI is not listening on 443, otherwise you have to change that port as @Zawi already suggested.
If you want OVPN to listen to tcp/443 or udp/443 make damn sure that the pfSense UI itself is configured to listen to another port like 1443, 4443, 10443 or whatever that you don't forward or use on WAN so you don't accidentally expose your WebUI on the internet!
:) -
Thanks, @Zawi, @viragomann and @JeGr! This worked. I have a neighbor (don’t know which) who has the default xfinitywifi public network turned on. Connecting through that. I have to actually go to my work and try, whether it works there, too.
@JeGr, how do mark this topic as “[Solved]” in the topic subject line? Can I?
-
@DominikHoffmann said in Help with adjusting the VPN port:
@JeGr, how do mark this topic as “[Solved]” in the topic subject line? Can I?
not exactly marking it but you can edit your OP and write a [Solved] in your topic line yourself - that works just fine.
