Anyone know how to do this? Have server working great and listening on one udp port but I want to simultaneously run on 443TCP.
You need to create another OpenVPN-instance, but you can use the same PKI.
How do you do that? I thought I did that but I get Mon Feb 4 13:41:33 2019 daemon.err openvpn(Server443)[17922]: TCP/UDP: Socket bind failed on local address [AF_INET][undef]:443: Address in use (errno=98)
netstat -lnpt | grep :443
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 4489/uhttpd
You can make uhttpd listen only LAN-interface to avoid collision with OpenVPN:
NET_IF="lan"
. /lib/functions/network.sh
network_flush_cache
network_get_ipaddr NET_ADDR "${NET_IF}"
network_get_ipaddr6 NET_ADDR6 "${NET_IF}"
uci -q delete uhttpd.main.listen_http
uci add_list uhttpd.main.listen_http="${NET_ADDR}:80"
uci add_list uhttpd.main.listen_http="[${NET_ADDR6}]:80"
uci -q delete uhttpd.main.listen_https
uci add_list uhttpd.main.listen_https="${NET_ADDR}:443"
uci add_list uhttpd.main.listen_https="[${NET_ADDR6}]:443"
uci commit uhttpd
/etc/init.d/uhttpd restart
Okay, so, cant access luci anymore. VPN 443 also not working... But I still got a good feeling about us:)
You can always restore default config:
cp -f /rom/etc/config/uhttpd /etc/config/uhttpd
service uhttpd restart
That worked. So what do think the problem is? Luci running on port 443?
Yes uhttpd binds 443/TCP to run LuCI over SSL.
You should either disable HTTPS-listener for uhttpd, or find some way to resolve the conflict.
For example bind uhttpd to LAN-interface only and bind OpenVPN to WAN-interface.
Thank you. I'm still unable to get both ports running simultaneously, could it be due to me running server as TAP? Im getting the same error
It shouldn't be a problem.
Try to set LAN IP-address explicitly or edit the config manually:
uci delete uhttpd.main.listen_https
uci add_list uhttpd.main.listen_https="192.168.1.1:443"
uci commit uhttpd
service uhttpd restart
And use option local
to bind OpenVPN to WAN-interface only:
It works for me.
2.4.6? Otherwise you probably need to upgrade as the package was somewhat broken before that.
Which part of it is broken? openvpn-openssl-2.4.5-4.2
works fine for me.
Configure section
Well, port-share
option looks promising, although local
option works too.
Hey guys
All is working great now (been meaning to update this post...)
Thanks vgaetera for the assistance... I actually visited an older thread where you were assisting with the same issue for someone else as well. Ya, didn't dawn on me that luci ssl was in conflict with road warrier setup, make sense. Didn't notice before because I typically run with uhttpd disabled for security reason. So is this why we use port share feature for openvpn. I understand what it is but still don't understand use case scenario.
Many public WiFi networks block users from going to any server port other than 80 and 443. So a server may need to offer the VPN on 443 to allow those users. The port share let's the server also have a conventional web server.
Do not open uhttpd / Luci directly to the Internet, it is not considered secure.