Messages

1

23.7 Legacy Series / Re: OpenVPN - New Instances cannot use Advanced options like "port-share"

« on: August 24, 2023, 06:21:11 am »

Following the advice on this thread, I have been trying the sslh package for the last few days. This is really easy to setup.
However, there is one problem I have not yet been able to solve. Because sslh takes port 443 and "forward" to services hosted on other ports on localhost (like 1194 for openVPN et 444 for nginx, for exemple), the source IP that is logged by these services is only the localhost IP, and not the real source IP. Thus, IP ACLs setup in Nginx do not work, for exemple.

The original software  has a "transparent mode" that solve this problem, but this mode does not seem (or I was not able to find it) to be available on OPNsense.

2

23.7 Legacy Series / OpenVPN - New Instances cannot use Advanced options like "port-share"

« on: August 16, 2023, 03:11:42 am »

Some roadwarrior users use their openVPN connection on very restricred networks where they are usually allowed only port 80 et 443. We only have one public IP address and host a couple of web applications on the same 443 port.

As such, I have setup an openVPN server over TCP, port 443 with the option "port-share" where non-openVPN traffic (i.e. normal https traffic) is forwarded to an nginx reverse proxy.

On the new "Instances" UI, there is not anymore the possibility to use advances options like "port-share". On the "old" UI for openVPN server, the Advanced option is even commented with "This option will be removed in the future due to being insecure by nature".

Is there any plan to add the posbility to use the "port-share" option on the new Instances UI ?