DrayTek

The SSL VPN facility on DrayTek routers that support SSL VPN uses TCP port 443 by default. With current firmware, if the router's SSL VPN service is enabled or if the router's is configured for remote management, the router may give this error message when configuring an Open Ports or Port Redirection entry using TCP port 443:

The SSL VPN and HTTPS router management settings take priority over any NAT port forwards configured under:

[NAT] > [Port Redirection]
[NAT] > [DMZ Host]
[NAT] > [Open Ports]

To forward traffic on TCP 443 (HTTPS) to an internal server, it will be necessary to change the router's SSL VPN port so that the port forwarding can operate. If remote management is enabled on the router, it will also be necessary to change the router's HTTPS management port.


SSL VPN Port

Go to [SSL VPN] > [General Setup], set the Port setting from its default of 443 to another port, in this example, the port has been changed to 444. Changing this setting does not require restarting the router and will take effect after clicking OK on this page.

SSL VPN Troubleshooting image


 

HTTPS Management Port

If the router has remote management enabled, forwarding TCP port 443 (HTTPS) will require changing the router's HTTPS Management port, go to [System Maintenance] > [Management] and change the HTTPS Port under the Management Port Setup section.

Click OK to continue and the router will display a summary of the settings and prompt to restart. Click OK on this page to reboot the router with the new settings.


Port Forwarding HTTPS - TCP Port 443

To port forward TCP port 443, go to [NAT] > [Open Ports] and click on the first un-used index entry to go into the settings for that Open Ports entry.

  • Enter a name for the port forward entry to identify it in the Comment setting
  • Tick "Enable Open Ports" to enable this open ports entry
  • Select the WAN Interface to use with this port forward
  • Enter the local IP address of the server that the HTTPS TCP port 443 requests will be forwarded to in the Local Computer field
  • Set the Protocol for number 1. as TCP
  • Set the Start Port and End Port to 443
  • Click OK to apply the port forward

With that open ports entry configured, any HTTPS / TCP port 443 traffic that the router receives on the specified WAN interface will be forwarded to the server specified in the Open Ports entry.