Flint AX1800 how to change port on openvpn server to 443?

pavelgruz · January 14, 2022, 5:20am

alzhao · January 14, 2022, 10:22am

Can you just change it?

pavelgruz · January 14, 2022, 11:04am

If i do this, i get error

pavelgruz · January 14, 2022, 11:10am

then i have question, how i can deoccupide this port 443. i understand what i must change https port. i find config lighthttpd and change this port, that viewing in netstat. But the error is still here

pavelgruz · January 15, 2022, 2:52pm

Cant change on 443. get error

wcs2228 · January 15, 2022, 4:04pm

Just as a test, are you able to change it to another unused port (e.g. 446)?

pavelgruz · January 15, 2022, 4:18pm

another port work correctly. but i need to use exactly 443. this is all about secure of network on my work

wcs2228 · January 15, 2022, 4:37pm

It was only intended as a test to make sure that the router is at least working properly.

You have run “netstat -plnt” and confirmed no processes are on both Port 443 TCP and UDP?

pavelgruz · January 15, 2022, 4:51pm

lighthttpd use this port in stock.
but if change config lighthttpd port on 444. then netstat doesnt see occupied port 443, openvpn server get error (occupied port) on this config

pavelgruz · January 15, 2022, 4:55pm

where else can this port be binded? and yet, I understand correctly that the openwrt config is not the gl-inet config? and that these two web ui work in parallel?

wcs2228 · January 15, 2022, 5:03pm

Try changing /etc/config/uhttpd that has 443 for https.

pavelgruz · January 15, 2022, 5:18pm

uhttpd is disable. this shows in System > startup and in log of netstat. lighthttpd is only worked.

wcs2228 · January 15, 2022, 7:25pm

You can go through a process of elimination, by stopping startup processes 1-by-1 from when the router first boots.

eric · January 15, 2022, 8:27pm

You can try to ssh into the router and run:

netstat -pan

My AR750s shows

netstat -pan | grep 443
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      3290/lighttpd

wcs2228 · January 15, 2022, 10:00pm

Try running your OpenVpn server on 443 TCP instead of UDP…

K3rn3l_Ku5h · January 15, 2022, 10:02pm

CHECK YOUR SUBNET NETMASK

The local IP address (the IP address that OpenVPN optionally listens on) is the network IP address. So if your office network is 192.168.1.0/24, then you would replace a.b.c.d with an IP address within that subnet range.

The subnet for VPN clients is different. It’s a private IP address (range) that ONLY OpenVPN and its clients have access to.

So if you set the server (OpenVPN server) to 10.8.0.0 with a netmask of 255.255.255.0, then you’re essentially saying that OpenVPN will hand out IP addresses to its clients within a 10.8.0.0/24 range (255 possible IP addresses after the server gets 10.8.0.1).

pavelgruz · January 16, 2022, 2:55am

And only openwrt be work?

pavelgruz · January 16, 2022, 2:57am

I think I wrote that in the netstat command code it is visible to o occupies the port. why are you writing to me how to do it?

pavelgruz · January 16, 2022, 2:58am

what does netmask have to do with it at all, if when the server starts it sends an error that the port is busy?

wcs2228 · January 16, 2022, 4:20pm

The /etc/init.d/vpn-service script has the function openvpn_server for starting a OpenVpn server:

openvpn_server() {
local enable=uci get vpn_service.global.enable
local vpn_port=$(uci get vpn_service.vpn.port)

if [ “$vpn_port” = “80” -o “$vpn_port” = “83” -o “$vpn_port” = “443” ];then
logger -st $NAME “port is occupied, please use another port.”
return 0
fi

if [ “$enable” != “1” ];then
return 0
fi

local cfg=uci get vpn_service.global.ovpn
if [ ! -e “$cfg” ];then
logger -st $NAME -p3 “Openvpn server config no found.”
return 0
fi

start_server “$cfg”
}