1

I have OpenVPN configured to sent non-VPN traffic on port 443 to my nginx server on port 4433. When I go to https://domain.tld:4433 it works, although https://domain.tld (Where OpenVPN listens on port 443 TCP) results in an "Page not available" (ERR_CONNECTION_CLOSED in Chrome).

OpenVPN config:

port 443
proto tcp
port-share localhost 4433

Nginx config: (Not actually required, because I'm sure it works)

server {
    listen      1.2.3.4:4433;
    server_name domain.tld www.domain.tld;
    ssl         on;
    ssl_certificate      /home/rick/conf/web/ssl.domain.tld.pem;
    ssl_certificate_key  /home/rick/conf/web/ssl.domain.tld.key;
    error_log  /var/log/apache2/domains/domain.tld.error.log error;
    ...
}
Rick Bakker
  • 11
  • 2
  • Is OpenVPN traffic behaving as expected? – austinian Jul 17 '15 at 00:04
  • 1
    Also, have you tried using `127.0.0.1` or `1.2.3.4` instead of `localhost`? – austinian Jul 17 '15 at 00:17
  • @austinian VPN is as it has to be... localhost and 127.0.0.1 I did. Just tried public IP and it works. Thanks :) – Rick Bakker Jul 17 '15 at 00:24
  • Is this issue only affecting chrome? – austinian Jul 17 '15 at 00:28
  • @austinian, No, It didn't work on every browser. I just showed Chrome error because I didn't knew I did translate the error sentence correctly. Now it works... – Rick Bakker Jul 17 '15 at 00:28
  • Hmm... I'd reboot and see if things still work. – austinian Jul 17 '15 at 00:32
  • possible duplicate of [OpenVPN port-share with apache 443/10443 not working](http://serverfault.com/questions/314835/openvpn-port-share-with-apache-443-10443-not-working) – austinian Jul 17 '15 at 14:49
  • @austinian No it's not. I made a different mistake. Now I see it's quite clear. I forwarded to 127.0.0.1/localhost, but nginx doesn't listen on 127.0.0.1:4433, so it couldn't return an webpage. Nginx listens on the public IP, so I needed to forward in OpenVPN config to the public IP, then it works. – Rick Bakker Jul 17 '15 at 15:24
  • Right, that's the same issue that is addressed in the other question, and also in [this one](http://serverfault.com/questions/187915/openvpn-port-share-with-apache-ssl), especially given the accepted answer, although it's not the only solution. Another solution would be to have nginx listen on 127.0.0.1:4433. None of the answers, however, are very eloquent, unfortunately. Feel free to post an answer to your own question, explaining the solution better than the others, and it can get upvotes. – austinian Jul 17 '15 at 15:36

1 Answers1

0

This is how I solved it:

  1. Check whether OpenVPN is listening on Port 443 TCP. Check according to the config, as well as an port check service.
  2. Set port-share to port-share {IP} {PORT}

How to know the {IP} and {PORT}?

In nginx:

server {
    listen      {IP}:{PORT};
}

In Apache:

<VirtualHost {IP}:{PORT}>
    ServerName {IP} 
    ServerAlias {IP} 
// Could also be an hostname, hostname also work on OpenVPN port-share.
// When {IP} in the VirtualHost opening tag is "*", using localhost or 
// 127.0.0.1 or Public IP in OpenVPN, will fix the problem.
</VirtualHost>

Hope this helped you out!

Rick Bakker
  • 11
  • 2