GL-SFT1200 how to close port 443 (ShieldsUp!)

I have noticed that after setting up OpenVPN client and connecting to a VPN service, I do a portscan with ShieldsUp over the VPN and get a warning that port 443 is open.
There is nothing I can see in any VPN settings, in the .ovpn config file, or firewall rules (not even in Luci).
How can I block this?

ShieldsUp! is scanning the IP address you’re visiting it from, that is: the outgoing IP from your VPN.

This is usually a shared IP, and if 443 is open it’s probably something at your VPN provider… though you can quickly figure it out by going to https://IPADDRESS in a browser.

If you have confirmed that TCP 443 should not be open, then you can add a WAN-to-LAN firewall rule to block (drop or reject) it via LuCI → Network → Firewall → Traffic Rules.

I do not work for and I do not have formal association with GL.iNet

Per default though all incoming ports are blocked, so if this was the case it was because OP has installed something or manually opened port 443.

The weird thing is that when I go to ShieldsUP! to test, it detects the VPN and refuses to run the test.

I think you are onto something here. I have tested Surfshark with other devices and they all respond to port 443 when running shieldsup from them. I have asked the, to explain why their vpn clients behave in this odd way.

On my GL.iNet routers, Port TCP 443 is not explicitly blocked in Traffic Rules. My network is not set up for me to test adding the WAN-to-LAN firewall rule and ShieldsUp does not detect any problem.

If Shodan can add the firewall rule as an override and something breaks, then that may show what is listening on that port.

I do not work for and I do not have formal association with GL.iNet

No absolutely not explicitly, all ports are.

How do you scan?

When vpn is connected you should see UI like this. If you do not enable “Access Local Network”, the firewall is closed on the VPN interface.

Pls note you cannot scan the VPN IP from your local machine, in my case is When you scan locally you scan from the lan side which all ports are open.

On a device connected via a VPN service to the Internet, you visit and their ShieldsUp Service. When you initiate a scan it is grc’s server that scans towards the IP where your browser is connecting from (they will indicate to you what IP you are connecting from).

Then this is a scan of the vpn server’s config, right?