OpenVPN Server Two Ports Simultaneously

Anyone know how to do this? Have server working great and listening on one udp port but I want to simultaneously run on 443TCP.

You need to create another OpenVPN-instance, but you can use the same PKI.

How do you do that? I thought I did that but I get Mon Feb 4 13:41:33 2019 daemon.err openvpn(Server443)[17922]: TCP/UDP: Socket bind failed on local address [AF_INET][undef]:443: Address in use (errno=98)

netstat -lnpt | grep :443
1 Like

tcp 0 0* LISTEN 4489/uhttpd

You can make uhttpd listen only LAN-interface to avoid collision with OpenVPN:

. /lib/functions/
network_get_ipaddr NET_ADDR "${NET_IF}"
network_get_ipaddr6 NET_ADDR6 "${NET_IF}"
uci -q delete uhttpd.main.listen_http
uci add_list uhttpd.main.listen_http="${NET_ADDR}:80"
uci add_list uhttpd.main.listen_http="[${NET_ADDR6}]:80"
uci -q delete uhttpd.main.listen_https
uci add_list uhttpd.main.listen_https="${NET_ADDR}:443"
uci add_list uhttpd.main.listen_https="[${NET_ADDR6}]:443"
uci commit uhttpd
/etc/init.d/uhttpd restart

Okay, so, cant access luci anymore. VPN 443 also not working... But I still got a good feeling about us:)

You can always restore default config:

cp -f /rom/etc/config/uhttpd /etc/config/uhttpd
service uhttpd restart

That worked. So what do think the problem is? Luci running on port 443?

Yes uhttpd binds 443/TCP to run LuCI over SSL.
You should either disable HTTPS-listener for uhttpd, or find some way to resolve the conflict.
For example bind uhttpd to LAN-interface only and bind OpenVPN to WAN-interface.

Thank you. I'm still unable to get both ports running simultaneously, could it be due to me running server as TAP? Im getting the same error

It shouldn't be a problem.

Try to set LAN IP-address explicitly or edit the config manually:

uci delete uhttpd.main.listen_https
uci add_list uhttpd.main.listen_https=""
uci commit uhttpd
service uhttpd restart

And use option local to bind OpenVPN to WAN-interface only:

It works for me.

1 Like

2.4.6? Otherwise you probably need to upgrade as the package was somewhat broken before that.

Which part of it is broken? openvpn-openssl-2.4.5-4.2 works fine for me.

Configure section

Well, port-share option looks promising, although local option works too.

Hey guys

All is working great now (been meaning to update this post...)

Thanks vgaetera for the assistance... I actually visited an older thread where you were assisting with the same issue for someone else as well. Ya, didn't dawn on me that luci ssl was in conflict with road warrier setup, make sense. Didn't notice before because I typically run with uhttpd disabled for security reason. So is this why we use port share feature for openvpn. I understand what it is but still don't understand use case scenario.

Many public WiFi networks block users from going to any server port other than 80 and 443. So a server may need to offer the VPN on 443 to allow those users. The port share let's the server also have a conventional web server.

Do not open uhttpd / Luci directly to the Internet, it is not considered secure.