Use port 443 for OpenVPN when it is used for other services

ipavlik · February 7, 2025, 7:18am

Hello,

I’m trying to use port 443 for OpenVPN, which is also provided for other SSL communication, but on other IP adresses.
Problem is, that OpenVPN server listens on all interfaces and all IPs (at least I didn’t find a way how to set specific interface/IP address for OpenVPN on Mikrotik).
There is strange behavior of the router - port is open from beginning, but doesn’t respond after some time.
VPN connections are timed-out or it takes long time to be established.

I tried to set OpenVPN port to 1194 and create dst-nat rule, which provides OpenVPN on port 443:

/ip firewall nat
add action=dst-nat chain=dstnat dst-address=<public_address> dst-port=443 protocol=tcp to-addresses=<router_address> to-ports=1194

…and create appropriate firewall rules, but it has the same effect.

Is it possible to use port for OpenVPN server which is used for other services in other ports?

Thanks.

anav · February 7, 2025, 2:53pm

You have to make up your mind,
a. either use MT for openvpn
OR
b. your own server running it.

sindy · February 7, 2025, 4:35pm

What you describe (attaching the openvpn server to some non-conflicting TCP port and using a dst-nat rule that matches on a particular local dst-address and dst-port=443 to redirect traffic to that non-conflicting port) should work normally. I am afraid that the unavailability after some time is caused by something else.