Forward OpenVPN and SSL through the Same Port

  • I use my OMV server not only as a NAS server, but also as a VPN server. I have configured my router to allow me to access the administration panel for the server without needing to be connected to my network, and to make things more secure, I use HTTPS with the connection. I have recently run in to an issue with connecting to my VPN server on a network that only allows for communication through TCP ports 80 and 443. Everything else is blocked, making the use of my VPN server impossible.

    To get around this, I would like to forward my VPN server through TCP 443, but I am concerned that since I already use 443 for HTTPS, this will not be possible. I have not tried this because I am currently traveling, and do not want to try making the change only to find out that I can no longer connect to either the web interface or the VPN server because of it.

    I have remote access to my router even without being connected to the VPN, so it is possible for me to make port forwarding changes even though I am not able to get on my VPN.

  • Why not only use VPN? After you VPN'ed, you can connect to any other port of your OMV via local network.
    It's anyway a bad idea to open your OMV-Web to the public.


    I have remote access to my router even without being connected to the VPN

    However, that idea is even worse.

    What you should do:
    1) Port forwarding from 443 of your router to your OMV-VPN port (probably 1194)
    2) Close all other ports.
    Then connect via VPN Port 443 to your local network. If necessary, do a local (LAN) connection to OMV and Router interface.

  • A lot of VPN services will setup the port that the service is to access through. If you think you can move the port that is open on your router it is not always the case. Every change in the VPN server will require a change to the clients. Whatever you set in the settings of your VPN Server is the port that should be open for the client on your router.

    What you are saying does work well with other services like SSH. On your OMV you could leave SSH on the standard port 22 but open a higher port on your router and forward it to 22, This would help prevent attacks that would come via the standard port.

    I think it is best to open as little ports as possible. I always use a VPN connection, except on a ARM device I use for WOL, and once connected via VPN I connect to other services on their standard ports via the VPN connection. For file transfers this may not be optimal and you might want to seek alternatives. But for most services (e.g. the web gui on port 80) this works great.

  • It works, but I would advise only to do it if absolutely necessary, as it significantly reduces performance. In my case, I've set it up as a workaround for a restrictive network while traveling, but as soon as I no longer need to use it, I plan to switch back to UDP 1194.

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!