Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    [Solved] Help with adjusting the VPN port

    OpenVPN
    4
    7
    133
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      DominikHoffmann last edited by DominikHoffmann

      I successfully followed the SprakLabs instructions for how to setting up an OpenVPN server with pfSense and Viscosity. That sets up a VPN port of 1194. The IT infrastructure at my work blocks pretty much everything, but Port 443. Since I am not running a web server from my home network, Port 443 is unused, but my work network has to keep that outbound port open for HTTPS.

      So, what I would like to do is have the OpenVPN server on my pfSense box also listen to Port 443. How do I do that?

      I have tried all sorts of things like:

      • Duplicating the OpenVPN server in pfSense that works and modifying only the local port (from 1194 to 443). I also had to change the tunnel network from 10.8.0.0/24 to 10.8.1.0/24, because pfSense does not allow two OpenVPN servers with the same tunnel network.

      • In Viscosity duplicating the connection preferences of the one that works on Port 1194 and changing the port to 443 and the server to 10.8.1.1.

      • Duplicating the firewall rule for allowing transport on Port 1194 for Port 443.

      This did not work. Neither did using the Client Export from the Client Export Package to generate another Viscosity Bundle with the correct parameters.

      I must be missing something.

      1 Reply Last reply Reply Quote 0
      • Z
        Zawi last edited by

        Use port forward to forward the traffic from port 443 to 1194.
        Firewall>NAT>Port Forward
        and modify OpenVPN client file to use port 443.

        But it could impact the access to your pfSense GUI from wan if you use 443(default) to manage your pfSense.
        I recommend to change https port.

        1 Reply Last reply Reply Quote 1
        • D
          DominikHoffmann last edited by

          Can I forward a WAN port to another WAN port?

          If not, with my pfSense box being at 192.168.1.1, can I redirect UDP-Port 443 to UDP-Port 1194 at 192.168.1.1 and have the VPN catch that there is a connection attempt from within the LAN?

          1 Reply Last reply Reply Quote 0
          • V
            viragomann last edited by

            You can forward the OpenVPN packets to wherever you want, but that makes no sense at all.
            This may only be useful if your server is listening on multiple interfaces.

            First ensure that your pfSense WebGUI is not listening on 443, otherwise you have to change that port as @Zawi already suggested.

            Also consider that your company probably only allows TCP, no UDP. So you will have change the protocol in the server for 443 as well.

            1 Reply Last reply Reply Quote 2
            • JeGr
              JeGr LAYER 8 Moderator last edited by

              @viragomann said in Help with adjusting the VPN port:

              You can forward the OpenVPN packets to wherever you want, but that makes no sense at all.

              second this! And if you really want to make it listen to various ports, setup the OpenVPN server itself to "localhost" instead of WAN (port e.g. 1194) and forward all ports you want the OVPN to listen on from your WAN to localhost. Otherwise you would "forward" from WAN to WAN - that's not a good thing to work with and can explode in your face.

              Also carefully watch @viragomann 's other hint:

              First ensure that your pfSense WebGUI is not listening on 443, otherwise you have to change that port as @Zawi already suggested.

              If you want OVPN to listen to tcp/443 or udp/443 make damn sure that the pfSense UI itself is configured to listen to another port like 1443, 4443, 10443 or whatever that you don't forward or use on WAN so you don't accidentally expose your WebUI on the internet!
              :)

              1 Reply Last reply Reply Quote 1
              • D
                DominikHoffmann last edited by

                Thanks, @Zawi, @viragomann and @JeGr! This worked. I have a neighbor (don’t know which) who has the default xfinitywifi public network turned on. Connecting through that. I have to actually go to my work and try, whether it works there, too.

                @JeGr, how do mark this topic as “[Solved]” in the topic subject line? Can I?

                JeGr 1 Reply Last reply Reply Quote 0
                • JeGr
                  JeGr LAYER 8 Moderator @DominikHoffmann last edited by

                  @DominikHoffmann said in Help with adjusting the VPN port:

                  @JeGr, how do mark this topic as “[Solved]” in the topic subject line? Can I?

                  not exactly marking it but you can edit your OP and write a [Solved] in your topic line yourself - that works just fine.

                  1 Reply Last reply Reply Quote 1
                  • First post
                    Last post

                  Products

                  • Platform Overview
                  • TNSR
                  • pfSense Plus
                  • Appliances

                  Services

                  • Training
                  • Professional Services

                  Support

                  • Subscription Plans
                  • Contact Support
                  • Product Lifecycle
                  • Documentation

                  News

                  • Media Coverage
                  • Press
                  • Events

                  Resources

                  • Blog
                  • FAQ
                  • Find a Partner
                  • Resource Library
                  • Security Information

                  Company

                  • About Us
                  • Careers
                  • Partners
                  • Contact Us
                  • Legal
                  Our Mission

                  We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                  Subscribe to our Newsletter

                  Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                  © 2021 Rubicon Communications, LLC | Privacy Policy