Page 1 of 2 12 LastLast
Results 1 to 10 of 18
  1. #1
    Newbie
    Join Date
    Apr 2018
    Posts
    10

    Thumbs up Feature Request - OpenVPN Configuration

    Thank you, developers, for all you do. Untangle is a great product for SMB and home users (like me).

    I would like to request that OpenVPN be allowed to change its default port to 443. I have looked all over the forums and see that this is not currently possible (although I could change it to 80, but I would stick out like a sore thumb to anyone watching traffic at work). Because many corporate and even public firewalls block all but 80 and 443, I can't use 1194 in many places to use my OpenVPN solution here at home. I'm going to have to spin up a pfSense VM on premises or in AWS to be able to configure this and use port-forwarding blah blah. It would be much easier if I could do this natively.

    Thank you for your consideration.

  2. #2
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,096

    Default

    http://demo.untangle.com/admin/index...envpn/advanced

    beware you will have to change your access rules:
    http://demo.untangle.com/admin/index...d/access_rules

    and redistribute the config/client to ALL clients
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  3. #3
    Newbie
    Join Date
    Apr 2018
    Posts
    10

    Default

    Should I start a new thread if I have a question? Don't want to be posting this in the wrong place.

    I've already changed the access port under Config-Network-Services. The access rules under Advanced don't allow a change, so should I create a rule that supersedes what is there and just disable the current rulesets? I tried that with HTTPS over 443 on non-WAN yesterday and locked myself out of my router haha (even though I'm not using 443 for HTTPS administration...). Had to get to the config using the box itself.
    Port.JPG

  4. #4
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    6,592

    Default

    You need to move the admin GUI to another port as 443 is the default in /admin/index.do#config/network/services.

    Yes, create a new OpenVPN access rule.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  5. #5
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,096

    Default

    If you are talking about *TCP* port 443, then no, apache uses that port.
    It doesn't matter what you set in services - apache uses tcp port 443. Apache uses tcp port 443.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  6. #6
    Newbie
    Join Date
    Apr 2018
    Posts
    10

    Default

    Hmm, something's not adding up here. Thank you guys for the help, I must be missing something. I have moved the admin port away from 443 and provided a new access rule to allow UDP over 443 on any WAN. For some reason, I am still getting the message that the port is reserved. Attached are some screen shots. Any ideas why this would be happening? I shouldn't have anything reserved on 443 with UDP because I'm not using that port for anything anymore (apache is on TCP 443, but that's a different story).

    OpenVPN Config.JPGAccess Rules.JPGLocal Services.JPG

  7. #7
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,096

    Default

    your only option is to set it on a different port and use a port forward.

    if destined local and port = 443 and protocol = udp, forward to your external IP port 1194
    then put openvpn back on port 1194
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  8. #8
    Newbie
    Join Date
    Apr 2018
    Posts
    10

    Default

    That makes sense, thanks for the help. I've spent about an hour and a half now trying to find out how to directly address my public IP when it works on DHCP (not static since I'm a home user). How am I able to port forward to the WAN IP without knowing what it might be at any given time? I've checked netstat over SSH to see if 1194 is listening for open connections and it is, but I don't know what address to use as a port forward since I can't use a hostname (over DDNS which is setup currently). I've included screenshots of my rules that should be working. Internal host address for OpenVPN is 10.100.0.1/28. Access Rule.JPGPort Forward.JPG

  9. #9
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    22,202

    Default

    You just made this project 1000 times harder on yourself. Use Untangle as your edge router, then worry about OpenVPN. If you don't, you're going to need a static route in your current edge device, not to mention a perfect understanding of port forwarding and how Untangle works or you're in for a brutal hair loss session.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  10. #10
    Master Untangler TirsoJRP's Avatar
    Join Date
    Oct 2010
    Posts
    391

    Default

    If Untangle is not your edge device just forward the desired port from your edge devices to Untangle 1194. Also be warned that some ISP block some well known service ports for home users.
    jcoffin likes this.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2