On Fri, Dec 11, 2015 at 9:14 AM, C. R. Oldham <[email protected]> wrote: > Greetings, > > We've recently replaced both our routers with pfSense. I am using tinc for > site-to-site VPN and OpenVPN for clients to connect. > > Since some of our support engineers often end up onsite with customers, I > want to enable OpenVPN over TCP port 443--we've noticed that many of our > customers block outbound UDP, but using the https port works fine. > > However, we also have haproxy on our firewall proxying for some web > applications on port 443. but on a different virtual IP from OpenVPN. If I > enable OpenVPN on the TCP port, haproxy stops working, even though they are > listening on different IPs. >
One or the other must be bound to *:443 (guessing haproxy since OpenVPN will only bind to a single IP). You can check that with 'sockstat -4' if you want to pursue that further. It's probably easiest to just run your OpenVPN on some other port on localhost, say port 4443. Then add a port forward on WAN to send 443 on the OpenVPN VIP to 127.0.0.1:4443. Then you can also add port forwards for ports 80, 53, and however many others you want to make available for additional options. _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
