Required open ports for Access Server

Business solution to host your own OpenVPN server with web management interface and bundled clients.
Post Reply
melkamar
OpenVpn Newbie
Posts: 3
Joined: Mon Mar 01, 2021 10:45 am

Required open ports for Access Server

Post by melkamar » Mon Mar 01, 2021 10:52 am

Hi, I'm in the process of evaluating OpenVPN for use as our company VPN. I'm deploying it on a Ubuntu 20.04 server. Most stuff works fine and the setup has been painless, with the exception of restricting non-needed ports.

From what I understand, it should be enough for the server firewall to allow the following:
  • TCP 80, 443
  • UDP 1194
When I do that on the firewall of my cloud provider, I can then connect to the server with the OpenVPN client, but all DNS resolution fails. Curl-ing a specific IP address works fine.

Through some trial and error I found out that when I also open up UDP ports 32768-65535, everything starts to work fine. So it seems that the server needs these ephemeral ports open for some reason? I didn't find anything about that in the documentation though, so I'm wondering if this is just a symptom of some other issue?

Thank you!

User avatar
openvpn_inc
OpenVPN Inc.
Posts: 117
Joined: Tue Feb 16, 2021 10:41 am

Re: Required open ports for Access Server

Post by openvpn_inc » Mon Mar 01, 2021 12:18 pm

Hello,

With OpenVPN Access Server, you will want to have incoming ports TCP 22 (optional - for maintenance purposes), TCP 443, TCP 943, TCP 945 (optional - for clustering purposes), and UDP 1194 open assuming default settings. As far as outgoing ports concern, we recommend those are left open so that the Access Server is able to initiate outgoing connections in response to incoming connections on the aforementioned ports. If you wish to restrict outgoing that's up to you, but you may encounter some expected issues there of course.

Kind regards,
Johan
Image OpenVPN Inc.
Answers provided by OpenVPN Inc. staff members here are provided on a voluntary best-effort basis, and no rights can be claimed on the basis of answers posted in this public forum. If you wish to get official support from OpenVPN Inc. please use the official support ticket system: https://openvpn.net/support

Post Reply