Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [Solved] Help with adjusting the VPN port

    Scheduled Pinned Locked Moved OpenVPN
    7 Posts 4 Posters 2.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      DominikHoffmann
      last edited by DominikHoffmann

      I successfully followed the SprakLabs instructions for how to setting up an OpenVPN server with pfSense and Viscosity. That sets up a VPN port of 1194. The IT infrastructure at my work blocks pretty much everything, but Port 443. Since I am not running a web server from my home network, Port 443 is unused, but my work network has to keep that outbound port open for HTTPS.

      So, what I would like to do is have the OpenVPN server on my pfSense box also listen to Port 443. How do I do that?

      I have tried all sorts of things like:

      • Duplicating the OpenVPN server in pfSense that works and modifying only the local port (from 1194 to 443). I also had to change the tunnel network from 10.8.0.0/24 to 10.8.1.0/24, because pfSense does not allow two OpenVPN servers with the same tunnel network.

      • In Viscosity duplicating the connection preferences of the one that works on Port 1194 and changing the port to 443 and the server to 10.8.1.1.

      • Duplicating the firewall rule for allowing transport on Port 1194 for Port 443.

      This did not work. Neither did using the Client Export from the Client Export Package to generate another Viscosity Bundle with the correct parameters.

      I must be missing something.

      1 Reply Last reply Reply Quote 0
      • Z
        Zawi
        last edited by

        Use port forward to forward the traffic from port 443 to 1194.
        Firewall>NAT>Port Forward
        and modify OpenVPN client file to use port 443.

        But it could impact the access to your pfSense GUI from wan if you use 443(default) to manage your pfSense.
        I recommend to change https port.

        1 Reply Last reply Reply Quote 1
        • D
          DominikHoffmann
          last edited by

          Can I forward a WAN port to another WAN port?

          If not, with my pfSense box being at 192.168.1.1, can I redirect UDP-Port 443 to UDP-Port 1194 at 192.168.1.1 and have the VPN catch that there is a connection attempt from within the LAN?

          1 Reply Last reply Reply Quote 0
          • V
            viragomann
            last edited by

            You can forward the OpenVPN packets to wherever you want, but that makes no sense at all.
            This may only be useful if your server is listening on multiple interfaces.

            First ensure that your pfSense WebGUI is not listening on 443, otherwise you have to change that port as @Zawi already suggested.

            Also consider that your company probably only allows TCP, no UDP. So you will have change the protocol in the server for 443 as well.

            1 Reply Last reply Reply Quote 2
            • JeGrJ
              JeGr LAYER 8 Moderator
              last edited by

              @viragomann said in Help with adjusting the VPN port:

              You can forward the OpenVPN packets to wherever you want, but that makes no sense at all.

              second this! And if you really want to make it listen to various ports, setup the OpenVPN server itself to "localhost" instead of WAN (port e.g. 1194) and forward all ports you want the OVPN to listen on from your WAN to localhost. Otherwise you would "forward" from WAN to WAN - that's not a good thing to work with and can explode in your face.

              Also carefully watch @viragomann 's other hint:

              First ensure that your pfSense WebGUI is not listening on 443, otherwise you have to change that port as @Zawi already suggested.

              If you want OVPN to listen to tcp/443 or udp/443 make damn sure that the pfSense UI itself is configured to listen to another port like 1443, 4443, 10443 or whatever that you don't forward or use on WAN so you don't accidentally expose your WebUI on the internet!
              :)

              Don't forget to upvote ๐Ÿ‘ those who kindly offered their time and brainpower to help you!

              If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

              1 Reply Last reply Reply Quote 1
              • D
                DominikHoffmann
                last edited by

                Thanks, @Zawi, @viragomann and @JeGr! This worked. I have a neighbor (donโ€™t know which) who has the default xfinitywifi public network turned on. Connecting through that. I have to actually go to my work and try, whether it works there, too.

                @JeGr, how do mark this topic as โ€œ[Solved]โ€ in the topic subject line? Can I?

                JeGrJ 1 Reply Last reply Reply Quote 0
                • JeGrJ
                  JeGr LAYER 8 Moderator @DominikHoffmann
                  last edited by

                  @DominikHoffmann said in Help with adjusting the VPN port:

                  @JeGr, how do mark this topic as โ€œ[Solved]โ€ in the topic subject line? Can I?

                  not exactly marking it but you can edit your OP and write a [Solved] in your topic line yourself - that works just fine.

                  Don't forget to upvote ๐Ÿ‘ those who kindly offered their time and brainpower to help you!

                  If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

                  1 Reply Last reply Reply Quote 1
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.