Yes I defaulted to UDP as it ought to be a bit faster, but yes I see in this case TCP would be better. However, I think the way forward is to have an SSL wrapper around the openvpn traffic … next little project.
It’s a lot easier for the cafe firewall to block all UDP except DNS and a few select services rather than deep packet inspection to figure out that you’re running openvpn over http or https port. Only problem is that pfsense already has its main web server bound to those ports. Perhaps a user http port like TCP 8080 or 8443.
Good luck with the wrapper. Please post a walkthrough if it works.
Yeah I was just caught out, I have several OpenVPN servers running so that I have redundancy but now I see places are tightening some of their traffic.
Might be a while until I get that walkthrough up !
For those in the UK I found this in the Morrisons supermarket cafe, while I was waiting for my MOT, will have a chance to test it out in a year.