SSL VPN and port forwarding with one IP

[murmelbahn]

Hi all,

at home I have only one dynamic IP adaress. As today I'm using multiple cnames on a duckdns entry. I'm forwarding port 80 and 443 to a NGINX reverse proxy. My question is if it is possible to use a SSL VPN with port 443 and also using my current setup? I think the OPNsense should must take a look at the domain name for example vpn.domain.tld and decide if it should answer a VPN or a web access.

Thanks in advance.

[bartjsmit]

OpenVPN can share a port with another daemon with the 'port-share' option. It will analyse the packets and forward those that not VPN specific.

If both are running on the same host, you will need to make sure that OpenVPN listens only on the external interface and the other daemon listens only on the loopback interface.

Details are here: https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage

Bart...

[murmelbahn]

Sorry, I forget to mention that the OPNSense is also the OpenVPN Server. Ist this function in the implementation for OPNSense included?

[bartjsmit]

There isn't a GUI option for this so you'll likely have to get your hands dirty. OpenVPN configurations are kept in /var/etc/openvpn

I don't use nginx so you'll have to experiment with that one. The config file should also appear under /var/etc

There's a chance that the configs will get overwritten when OPNsense or the relevant plugins are updated.

Bart...