aflyingcougar

Hi. I'm having some issues with openVPNas, and I want to understand them. I'm going to describe a few scenarios and follow up with some questions. I have installed and configured OpenVPNas on my unraid server (6.8.3) following the latest spaceinvaderone guide here. Note: I additionally forwarded port 943 TCP, so that I could access admin/client gui from outside of my home network. Scenario #1 For the initial setup, I used my WAN IP in the openVPN Server Network Settings. From here, I am able to connect to the admin gui and client gui from inside my network without issue. Next, I tested connecting to the admin/client gui from my iphone on cellular data. If I enter the address "mywanip:943" into a browser, it does not connect. However, if I try "https://mywanip:943", then it connects. Scenario #2 For the initial setup, I used my DOMAIN NAME in the openVPN Server Network Settings. I have a domain registered through namecheap, which I have set up with cloudflare DNS (proxy enabled). I use the "CloudflareDDNS" CA on my unraid server to keep the IP up-to-date. Similar to scenario #1, i can access the admin/client gui internally. However, when i test connection tot he client/admin gui from my iphone, it is failing. Trying address "mydomain.com:943" and "https://mydomain.com:943" fail to connect. However, if i try "https://mywanip:943", then it connects. Questions: 1. In scenario #1, why does the outside connection to the gui only work when manually adding the https:// prefix? It was my understanding that modern browsers (i was using safari) would automatically add the https:// prefix when typing in any address. 2. In scenario #2, why can't I connect using the domain name? 3. In the spaceinvaderone video, he does not forward port 943. I believe this implies that the only way to get access to the vpn would be for an admin to locally create your user and provide you with the credentials/config file. If i followed this scheme, and set up a subdomain (vpn.mydomain.com) for the openvpn server, what would the purpose of the subdomain be? 3a. This is what I was thinking: to grant someone access to the vpn, i'd locally create their account, then instruct them to connect to the vpn.mydomain.com client gui, where they'd log in and be able to (1) download the proper vpn client software and (2) download the config file. Is there an issue with this kind of configuration? 4. Ideally i wouldn't like to have to add the port numbers at the end of the web addresses (in the case that i forward 943 to allow users to connect to client gui). How can i modify my setup so that to connect to the client gui on port 943 from outside the network, they only have to type my subdomain vpn.mydomain.com? I am really trying to understand how this all works, so that I can use that knowledge to help set up other dockers/services on my unraid server. I appreciate any and all help. Thanks,