Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse

Cloudron Forum

Apps | Demo | Docs | Install

OpenVPN on Port 443

Scheduled Pinned Locked Moved OpenVPN
11 Posts 4 Posters 880 Views
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • 7dowWilkes7 Offline
    7dowWilkes7 Offline
    7dowWilkes
    wrote on last edited by
    #1

    hello all,
    is it possible to use OpenVPN via TCP on port 443? Unfortunately cloudron does not allow this in the app option menu. Background is that the firewall in my usage area only allows connections via port 443 and blocks the default VPN port 7494.

    girishG 1 Reply Last reply
    0
  • girishG Offline
    girishG Offline
    girish Staff
    replied to 7dowWilkes on last edited by
    #2

    @7dowwilkes Currently, this is not possible on Cloudron since 443 is where we have put the reverse proxy/nginx for https traffic.

    One thing is a smart enough firewall can always filter out traffic that is not https. So, the firewall admins can always detect openvpn traffic at 443 and block it.

    That said, I understand why something like this can be useful when things are not in your control.

    mehdiM 1 Reply Last reply
    0
  • robiR Offline
    robiR Offline
    robi
    wrote on last edited by
    #3

    There is a way to proxy this via Nginx, see:

    https://forum.opnsense.org/index.php?topic=23828.0

    Life of sky tech

    1 Reply Last reply
    0
  • 7dowWilkes7 Offline
    7dowWilkes7 Offline
    7dowWilkes
    wrote on last edited by
    #4

    ok i understand. thank you both for your help!

    1 Reply Last reply
    0
  • mehdiM Offline
    mehdiM Offline
    mehdi App Dev
    replied to girish on last edited by
    #5

    @girish actually, it's supposed to be very hard to distinguish between OpenVPN TCP and HTTPS traffic on a network level, because they both are in an SSL tunnel, so a firewall cannot see into it and know what kind of protocol is going on inside the tunnel.

    1 Reply Last reply
    0
  • 7dowWilkes7 Offline
    7dowWilkes7 Offline
    7dowWilkes
    wrote on last edited by
    #6

    @mehdi said in OpenVPN on Port 443:

    actually, it's supposed to be very hard to distinguish between OpenVPN TCP and HTTPS traffic on a network level, because they both are in an SSL tunnel, so a firewall cannot see into it and know what kind of protocol is going on inside the tunnel.

    a colleague of mine, who works in the same environment as me, uses OpenVPN via his Synology DiskStation on port 443 and it works there. this confirms what mehdi said. i will keep looking for ways...

    mehdiM 1 Reply Last reply
    0
  • mehdiM Offline
    mehdiM Offline
    mehdi App Dev
    replied to 7dowWilkes on last edited by
    #7

    @7dowwilkes Honestly, I don't think there is any way to do it with cloudron, as 443 is already taken by HTTPS and there is no way to do both on the same server (well, there are, but they would not work in this case).

    However, I think you should look for other ports that your network will allow through, there most probably are some others, like IMAP / SMTP ports, maybe ftp, stuff like that. You most probably would be able to put OpenVPN on these and get it to work.

    robiR 1 Reply Last reply
    0
  • robiR Offline
    robiR Offline
    robi
    replied to mehdi on last edited by
    #8

    @mehdi nginx can distinguish and filter the two on the same port simply via domain destination (vhost). vpn.d.c vs www.d.c

    See my post above.

    Life of sky tech

    mehdiM 1 Reply Last reply
    0
  • mehdiM Offline
    mehdiM Offline
    mehdi App Dev
    replied to robi on last edited by
    #9

    @robi I do not mean that it is impossible to do. I said that it would not work in this case with the current software : Even if one manages to find a nginx config which would work, Cloudron does not support custom edits of the nginx config, as they would get overwritten all the time. And this would be very custom ^^

    robiR 1 Reply Last reply
    0
  • robiR Offline
    robiR Offline
    robi
    replied to mehdi on last edited by
    #10

    @mehdi Impossible is my middle name. 😆

    It wouldn't have to be custom if it was a default option.

    @girish is also magic. 🎩

    Life of sky tech

    1 Reply Last reply
    0
  • 7dowWilkes7 Offline
    7dowWilkes7 Offline
    7dowWilkes
    wrote on last edited by
    #11

    thank you all. i've almost resigned myself to the fact that it doesn't work with simple gui settings. i also don't know enough to tinker with config files on my own. i asked my colleague again about his settings on synology. he redirects port 443 to the default port 1194 via his home router. So he uses the router-nat, is reachable from outside via 443 and simply routes to the VPN instance.

    there is probably no comparable NAT function in cloudron, is there?

    while searching the internet i found the "haproxy" in docker-hub. maybe such a container (app) could transparently redirect from a host with port 443 to an internal ip with port 7494. but this is probably going too far and i don't want to overuse your help.

    1 Reply Last reply
    0

  • Login

  • Don't have an account? Register

  • Login or register to search.
  • First post
    Last post
0
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Login

  • Don't have an account? Register

  • Login or register to search.