~fkooman/vpn-documentation

7e17476c252fcc5a53aeb78a0a144f8f9a56411a — Fran├žois Kooman 26 days ago 25dd773
recommend against port sharing
1 files changed, 7 insertions(+), 0 deletions(-)

M port-sharing.md
M port-sharing.md => port-sharing.md +7 -0
@@ 1,5 1,10 @@
# Port Sharing

**NOTE**: it is NOT recommended to use this in production! For production it
is recommended to deploy OpenVPN on port `tcp/443` on a separate node, or wait 
for [WireGuard over TCP](wireguard.md#wireguard-over-tcp) support in the VPN 
clients.

This document describes how to configure your VPN server in such a way as to
make it most likely people can connect to it. This is done by making it 
possible to connect to the VPN service using both `udp/443` and `tcp/443`. A 


@@ 11,6 16,8 @@ In larger deployments you'll want to use multiple machines where the portal
and API run on a different machine from the OpenVPN backend server(s) so port
sharing is not needed, i.e. OpenVPN can claim `tcp/443` directly.

**NOTE**: only one profile can use `tcp/443` (and `udp/443`).

## VPN

We need to edit `/etc/vpn-user-portal/config.php` and modify `oUdpPortList`,