OPNsense Forum

Archive => 18.1 Legacy Series => Topic started by: stefan21 on June 11, 2018, 08:31:42 am

Title: OpenVPN with TCP on Port 443
Post by: stefan21 on June 11, 2018, 08:31:42 am

I need to set up a VPN server/client with TCP proto on port 443.

Could anybody advise/help with a sample configuration and the corresponding FW rules? I can't get a connect. My VPN with UDP on port 1194 works flawless.

Thank's in advance.

regards,
stefan

Title: Re: OpenVPN with TCP on Port 443
Post by: fabian on June 11, 2018, 05:21:06 pm

If you are running the web interface of TCP/443 it won't work - you have to move it to another port first.

Title: Re: OpenVPN with TCP on Port 443
Post by: stefan21 on June 16, 2018, 11:16:21 am

fabian,

thank's for your reply.

I changed the port already to 4443. Still no luck.

Here's what I tried so far:

I created a new cert for the TCP-server and the TCP-client. I added a new server with the server wizard. Additional rules are added automatically. I added a new client. As I did this alle before successfully many times on different OPNsense installations with UDP and port 1194, I'm quite sure the config of server and client is corresponding. It might be additional params are needed (like "float", "mssfix", ...) which I overlooked or don't know.

For the test I disabled the openvpn UDP-client and the UDP-server. Only the TCP-server and TCP-client are running. Now trying to connect a laptop as road-warrior from a different location does not work. Trying the same on UDP 1194 does work.

It could also be, that additional rules are needed or the rules aren't in the correct order.

The OPNsense is behind a FritzBox as an exposed host. The openvpn client connects via static ip to the OPNsense - again, working flawless on UDP 1194.

I'd really like to know, what am I missing? Isn't there nobody out there with a similar configuration who could point me in the right direction?

regards,
stefan

Title: Re: OpenVPN with TCP on Port 443
Post by: bartjsmit on June 16, 2018, 08:42:45 pm

Does it work with a client on the Fritzbox network?

Do you see the 443 TCP packets appear in a WAN packet trace?

I have my OpenVPN running on 443 TCP with just a WAN rule for HTTPS allow to the WAN address.

Bart...

Title: Re: OpenVPN with TCP on Port 443
Post by: stefan21 on June 16, 2018, 11:39:08 pm

bartjsmit,

thank you very much for trying to help.

Meanwhile I figured out, that the problem is caused by a NAT-rule. Right now I am able to connect a road-warrior to the server. I'd like to check this from a different location which I can do on monday or tuesday. If that works also, I'll be back and report.

regards,
stefan

Title: Re: OpenVPN with TCP on Port 443
Post by: theq86 on June 20, 2018, 11:51:42 am

Quote from: fabian on June 11, 2018, 05:21:06 pm

If you are running the web interface of TCP/443 it won't work - you have to move it to another port first.

I have a working setup of the webinterface running on port 443 and openvpn also on 443.

Seems OpenVPN just listens for the webinterface on LAN:443 and WAN:443 is free to use.

However, I could not detect any problems with my setup.