Is it possible to restrict VPN's security group to just https

harsha · March 8, 2025, 1:30am

How can I restrict access to only HTTPS (port 443) in a Pritunl VPN setup while still allowing users to connect using WireGuard or OpenVPN protocols?

Currently, we’re using both WireGuard and OpenVPN with Pritunl, and the security group is set to allow connections from 0.0.0.0/0. However, we want to limit the open ports to just HTTPS (443) for added security, without affecting the ability to connect via WireGuard or OpenVPN. Is it possible to restrict access to HTTPS while still enabling VPN connections over these protocols? What is the best practice for achieving this?

zach · March 9, 2025, 1:00am

The dynamic firewall will restrict access to the VPN ports. The security group will still need to have the VPN ports open and port 443 open for web traffic but the VPN ports will be closed with a system firewall by Pritunl. When the client connects it will authenticate through web requests and send the public IP address of the client. Once the server verifies the user it will open the VPN ports to that users public IP address and keep them open until the VPN connection is closed.