OPNsense Forum

Archive => 19.7 Legacy Series => Topic started by: sporkman on November 29, 2019, 12:20:25 am

Title: OpenVPN server listen on multiple UDP ports?
Post by: sporkman on November 29, 2019, 12:20:25 am

I know the server technically can't, but if I have it listening on 1194, and I'd like to add a handful of other ports that I suspect wouldn't be blocked, is there any issue with doing this using port forwards?

Title: Re: OpenVPN server listen on multiple UDP ports?
Post by: banym on November 29, 2019, 09:47:52 am

You would have to reconfigure each client for the different port. Not a very practical solution in my opinion.
But it should work if you do so.

This will not work form networks protected by application layer firewalls, they will recognize the wrong protocol on different port and block it anyway.

Title: Re: OpenVPN server listen on multiple UDP ports?
Post by: sporkman on November 29, 2019, 05:26:16 pm

Reconfiguring the clients is fine, as it's just my phone and laptop.

I just want to make sure that the server side doesn't care about the redirect or that there's nothing in the handshake where the client and server try to enforce that the ports match (ie: client hitting port 443, server listening on 1194) - like some kind of primitive defense against a MiTM attack.

Just recently I was somewhere with guest wifi and I was not able to hit my home ovpn instance on the default 1194 port, but was able to hit another server on 443 UDP.