[solved] Openvpn --port-share 443

Hi guys,

i want to use openvpn port-share function but i cant set it up right with uci in /etc/config/openvpn. I dont't find anything on this wiki or documentation.

this i want to do:
client would like to connect to https ->Internet Gateway 443 -> Lede ( vpn port share 443) -> forward to website
client would like to connect to vpn (port 443 ) -> ->Internet Gateway 443 -> Lede ( vpn port share 443) connect to vpn

sry for bad english

try the sslh package. It is a port multiplexor. I think that it is mainly expecting to port-multiplex multiple services on the same physical device (i.e. your OpenWRT/LEDE router), but you may be able to use the port-forwarding/firewall rules to redirect to an external host, if needed.

BTW, it is not recommended to expose your OpenWRT/LEDE web interface (LuCI) to the internet -- even with https and a strong password, it may invite hacking attempts by people or bots. It is best to use a VPN (such as OpenVPN that you are already using) or ssh for remote access of the router itself. Obviously, you can disregard this warning entirely if you like, and it doesn't really apply if you are setting up an unrelated web server (but as always, be sure to properly secure it :slight_smile:)

thx psherman for the fast replay, but this is not what I'm search for. I want only to use this option "--port-share host port [dir]" https://community.openvpn.net/openvpn/wiki/Openvpn24ManPage. The target of my forward is my nginx Server. In the original openvpn config without uci/openwrt/lede specifc the option show

port-share 192.168.xxx.xxx 443

in lede this option dont work
option 'port-share' '192.168.xxx.xxx 443' in lede dont work.

If I understand your original question properly, you want to use the same incoming port for two services -- openvpn and https. And to do this, you need something that can properly direct the traffic according to the type (openvpn connection or https request from the outside).

I am successfully using sslh to do this on one of my systems, but I am not attempting to use the openvpn config method you've mentioned.

You can think of this as a service that sits in front of the services you are trying to share, and it remaps the service ports appropriately (and transparently):

As an example:

LEDE/OpenWRT Router:
incoming 443 connection --> sslh port multiplexer --> | --> OpenVPN on localhost:81443
                                                      | --> https on <HOST1_IP>:443
                                                      | --> another service on <HOST2_IP>:443
                                                      | --> and yet another service on localhost:82443

These multiplexed port numbers (8443, 81443, 82443) are arbitrary, but just an example. It is totally transparent except that your server will listen on the respective new port. sslh auto-detects many types of traffic and directs it to a new port or to an IP:Port according to the type.

Assuming what I've described is what you're looking for, you might want to try sslh and remove the openvpn port-share directive entirely

psherman thx again. I'am found a solution without uci and port mutliplexer. I've edit the the init file of openvpn and now it works :slight_smile:

diff  /etc/init.d/openvpn.orig /etc/init.d/openvpn
<               --config "$conf"
>               --config "$conf" \
>               --port-share "192.168.xxx.xx" "443"

Glad you got it working!

Two quick things:

  1. For the benefit of others who might later view this post, please include the details of your solution.
  2. please consider marking this thread as solved (again, helps others viewing this later).