OpenVPN Listen on Port 443 (HTTPS)

The default port and protocol for OpenVPN is UDP/1194.
Some server admins may block port 1194 so to get around this we can set OpenVPN to listen on port 443 instead. Port 443 is the default for HTTPS traffic so there is little chance it will be blocked.

To install OpenVPN on CentOS I recommend using this guide:

If you are running a web server, the chances are nginx/apache is already listening on port 443 and we can’t have more than one application binding to the same port. Once solution is to get nginx/apache to listen for HTTPS traffic on another port (e.g 22443) and get OpenVPN to listen on port 443 (forwarding all traffic to the port 22443).

First change the listen port for your web server (apache):

sudo vi /etc/httpd/conf/httpd.conf

Modify mod_ssl (you can choose any un-used port number):

</IfModule mod_ssl.c>
Listen 22443

Check if port 443 is used in other config files and replace accordingly:

sudo grep '443' -r /etc/httpd/*

Modify OpenVPN server.conf:

sudo vi /etc/openvpn/server.conf

Change protocol to tcp, port 1194 to 443 and add a port-share for 22443 (your new web server port for HTTPS)

proto tcp
port 443
port-share 10443

You will also have to change your ovpn config file to use the new settings:

dev tun
proto tcp
remote your_server_ip 443
resolv-retry infinite
verb 3
ca /path/to/ca.crt
cert /path/to/client.crt
key /path/to/client.key

Finally restart your web server and OpenVPN services:

sudo systemctl restart openvpn@server.service
sudo systemctl restart httpd

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.