OpenVPN Ports and protocols

Hi,

Not done much with OpenVPN previously. Default following the wizard it uses UDP/1194, which I expect would be block potentially on some “guest” networks etc. Off to Cape Verde on holiday later this year, so would be nice to use the hotel wifi for Plex and connecting to home stuff when required.

I also read that UDP is faster, TCP is more stable. So what is the consensus, setup up two VPN points, UDP/1194 and TCP/443 for example? I’m not hosting anything else on the 443 externally.

I’ve moved pfsense management port off 443.

Not looked at Wireguard yet and would install that on pfsense or setup a VM running it. Clients in use, Apple IOS devices and Windows clients.

CPU is pretty decent for home use - E3-1240L. I noticed RDRAND available in the drop down for OpenVPN, which the CPU supports, so I’ve enabled that.

With opening ports on the firewall, looking at snort too for IDS/IPS.

Apologies, Sophos XG user and wanted to explore pfsense again.

I don’t bother changing the port and keep it set you UDP. The challenge if you add in IDS is you risk locking yourself out unless you have it tuned.

Ok makes sense ports. Left it on UDP/1194 default for now.

I agree re IDS/IPS potential nightmare, so it’ll be in reporting only mode.

I do have a port forward exposed, but it’s fully isolated from other network devices and patched regularly. Torrents.

There’s nothing stopping you from using more than one OpenVPN RAS ! I’ve only noticed that I was blocked from accessing my OpenVPN servers from a free wifi once, I suspect that they blocked TUN traffic which all my servers use. If I had setup one which used TAP it might have worked.