after checking with ShieldsUp! the result was open port 443 which suggested a potential vulnerability and should be closed. How can I do that please? It is an AR-300M16 2.264. Please do not suggest to upgrade as this is a stable firmware for my openvpn.
That you’ve got port 443 open to the public Internet and you don’t know why is concerning. Have you installed or configured a public web server intentionally?
If you’re not intentionally serving web pages over HTTP-S to the public Internet, checking your firewall rules to make sure that 443 is blocked for input from “WAN” would be a wise idea. Checking the configuration for nginx or uhttpd, whichever you’re using for LuCI would be wise as well. In my opinion, it should only “listen” on a protected interface, either a management interface for advanced users, or “LAN” for other users.
(BTW, “Shields Up” is an interesting tool for a quick check, but many security-aware users and professionals find significant fault with its output and the interpretations if the results it provides.)
Check your OpenVPN config. I would bet that it is set to listen for clients on port 443. Port 443 is commonly used as firewalls at other locations typically do not block the port, at least for TCP.
I have the same issue. The .ovpn doesn’t openly say anything about 443 and there is no listener option in the gui mistakenly activated, and blocking it in the firewall doesn’t work.