Question: SSL VPN and SSL Proxy possible at the same time?

[Jhjacobs81]

Hello,

So currently we are running 2 different Sophos firewalls. one for the SSL proxy (port 443) and one for the SSL VPN (port 443)

People on the Sophos have complained about this (they cant both be run on the same port) since ages, and kept asking for this possibility, but so far to no avail.

I wonder, can OpnSense do this? I would really like to get rid of our "temporary" solution :)

[Gauss23]

I´m not sure if I understand your "problem" correctly. 2 services cannot run on the same interface and on the same port with the same protocol.

But the services you are talking should run on different interfaces:
usually the SSL VPN will run on the WAN interface whereas the SSL proxy should run on the internal interfaces.

This is something you can configure with OPNsense. You just need to move the web GUI to another port if you want to use port 443 on an internal interface

[Jhjacobs81]

I'm sorry, i was not clear enough :-)

We have an SSL proxy (with Nginx) that allow external users to access internal sites.
We also have a SSL VPN server, so users can use VPN without beeing blocked when inside other company's network. (I really dont understand why you would want to block ANY VPN protoco anyways.. but alas! Some comoany's only allow outgoing connections on port 80/443)

They cant share an IP/PORT anyways. We have now found another solution :)

[Patrick M. Hausen]

Sslh can multiplex at least

• HTTPS
• OpenVPN
• SSH

all on one port, e.g. 443 with much better performance than the builtin fallback function of OpenVPN.

I plan do write a plugin for Hacktoberfest.

https://github.com/yrutschle/sslh