diff --git a/README.md b/README.md
index ef1cba074185cdb6ccefacd06a22494eeca9d5d3..7bbd52dcdcab4f9a1a8d8bbf97eb1d58300ee2d5 100644
--- a/README.md
+++ b/README.md
@@ -142,7 +142,7 @@ sign cert against CA
 make sure the x509 v3 extensions exist: x509.ExtKeyUsageClientAuth x509.KeyUsageDigitalSignature
 
 ```shell
-/usr/sbin/openvpn --client --remote-cert-tls server --tls-client --remote 37.218.241.84 1194 --proto tcp --verb 3 --auth SHA1 --keepalive 10 30 --tls-version-min 1.2 --dev tun --tun-ipv6 --ca ./ca.pem --cert ./testopenvpn.crt --key ./testopenvpn.key
+/usr/sbin/openvpn --client --remote-cert-tls server --tls-client --remote 37.218.241.84 80 --proto tcp --verb 3 --auth SHA1 --keepalive 10 30 --tls-version-min 1.2 --dev tun --tun-ipv6 --ca ./ca.pem --cert ./testopenvpn.crt --key ./testopenvpn.key
 ```
 
 Reference: https://0xacab.org/leap/vpnweb/blob/master/certs.go#L37
diff --git a/config/roles/openvpn/files/50shapeshifter.firewall b/config/roles/openvpn/files/50shapeshifter.firewall
index c93fe9d86771b445d792bfe97d2f1a9eb5bb3e4f..e3f3566f4605eac054762d887cf2daa60de60ad0 100644
--- a/config/roles/openvpn/files/50shapeshifter.firewall
+++ b/config/roles/openvpn/files/50shapeshifter.firewall
@@ -1,2 +1,2 @@
-allow_port tcp 23042
-allow_port udp 23042
\ No newline at end of file
+allow_port tcp 443
+allow_port udp 443
diff --git a/config/roles/openvpn/templates/50openvpn.firewall.j2 b/config/roles/openvpn/templates/50openvpn.firewall.j2
index d6179fb29d332df424a6c696322dc6a6220e82f1..c5819326b46f4a969df15e778dea768c11e5fbeb 100644
--- a/config/roles/openvpn/templates/50openvpn.firewall.j2
+++ b/config/roles/openvpn/templates/50openvpn.firewall.j2
@@ -1,11 +1,11 @@
-# Allow incoming connections to ipv4 port 1194 for both udp and tcp
-add_rule4 -A user-input -p tcp -m tcp -d {{ ip }} --dport 1194 -j ACCEPT
-add_rule4 -A user-input -p udp -m udp -d  {{ ip }} --dport 1194 -j ACCEPT
+# Allow incoming connections to ipv4 port 80 for both udp and tcp
+add_rule4 -A user-input -p tcp -m tcp -d {{ ip }} --dport 80 -j ACCEPT
+add_rule4 -A user-input -p udp -m udp -d  {{ ip }} --dport 80 -j ACCEPT
 
 {% if openvpn_network6 is defined and openvpn_network6|length -%}
-# Allow incoming connections to ipv6 port 1194 for both udp and tcp
-add_rule6 -A user-input -p tcp -m tcp -d  {{ ip6 }} --dport 1194 -j ACCEPT
-add_rule6 -A user-input -p udp -m udp -d  {{ ip6 }} --dport 1194 -j ACCEPT
+# Allow incoming connections to ipv6 port 80 for both udp and tcp
+add_rule6 -A user-input -p tcp -m tcp -d  {{ ip6 }} --dport 80 -j ACCEPT
+add_rule6 -A user-input -p udp -m udp -d  {{ ip6 }} --dport 80 -j ACCEPT
 {% endif %}
 
 # let ipv4 vpn hosts reach the internet
diff --git a/config/roles/openvpn/templates/50openvpn_nat.firewall.j2 b/config/roles/openvpn/templates/50openvpn_nat.firewall.j2
index dbbc2fa5025514db19d65560f7d7efae1ba7f2e7..9917da142e231c04af7ee5a3c931cef3b290e47f 100644
--- a/config/roles/openvpn/templates/50openvpn_nat.firewall.j2
+++ b/config/roles/openvpn/templates/50openvpn_nat.firewall.j2
@@ -1 +1,17 @@
+# Set egress IP
 add_rule4 -A POSTROUTING -s {{ openvpn_network | ipaddr('network/prefix') }} -o {{ ansible_default_ipv4.interface }} -j SNAT --to-source {{ egress_ip }}
+# Accept connections on ipv4 port 1194, redirecting them to openvpn
+add_rule4 -A PREROUTING -p tcp -d {{ ip }} --dport 1194 -j DNAT --to-destination {{ ip }}:80
+add_rule4 -A PREROUTING -p udp -d {{ ip }} --dport 1194 -j DNAT --to-destination {{ ip }}:80
+# Accept connections on ipv4 port 53, redirecting them to openvpn
+add_rule4 -A PREROUTING -p tcp -d {{ ip }} --dport 53 -j DNAT --to-destination {{ ip }}:80
+add_rule4 -A PREROUTING -p udp -d {{ ip }} --dport 53 -j DNAT --to-destination {{ ip }}:80
+
+{% if openvpn_network6 is defined and openvpn_network6|length -%}
+# Accept connections on ipv6 port 1194, redirecting them to openvpn
+add_rule6 -A PREROUTING -p tcp -d 2620:13:4000:4000:8080::252 --dport 1194 -j DNAT --to-destination [2620:13:4000:4000:8080::252:]80
+add_rule6 -A PREROUTING -p udp -d 2620:13:4000:4000:8080::252 --dport 1194 -j DNAT --to-destination [2620:13:4000:4000:8080::252:]80
+# Accept connections on ipv6 port 53, redirecting them to openvpn
+add_rule6 -A PREROUTING -p tcp -d 2620:13:4000:4000:8080::252 --dport 53 -j DNAT --to-destination [2620:13:4000:4000:8080::252]:80
+add_rule6 -A PREROUTING -p udp -d 2620:13:4000:4000:8080::252 --dport 53 -j DNAT --to-destination [2620:13:4000:4000:8080::252]:80
+{% endif %}
diff --git a/config/roles/openvpn/templates/tcp.conf.j2 b/config/roles/openvpn/templates/tcp.conf.j2
index 363bd3e9a1b16f6a09a892252273815e513018a4..5ead4b2666cbf2dbdeeb301612c173b9ca9f7769 100644
--- a/config/roles/openvpn/templates/tcp.conf.j2
+++ b/config/roles/openvpn/templates/tcp.conf.j2
@@ -1,6 +1,6 @@
 mode server
 tls-server
-port 1194
+port 80
 ca /etc/leap/ca/leap_ca_bundle.crt
 cert /etc/credentials/sspki/openvpn/cert.pem
 key /etc/credentials/sspki/openvpn/private.key
diff --git a/config/roles/openvpn/templates/udp.conf.j2 b/config/roles/openvpn/templates/udp.conf.j2
index 334a7c3fa070d7eed7b1a76c51613ac04d805a0a..523478b5dc236a4fc62c45be1e44ede2ec156646 100644
--- a/config/roles/openvpn/templates/udp.conf.j2
+++ b/config/roles/openvpn/templates/udp.conf.j2
@@ -1,6 +1,6 @@
 mode server
 tls-server
-port 1194
+port 80
 ca /etc/leap/ca/leap_ca_bundle.crt
 cert /etc/credentials/sspki/openvpn/cert.pem
 key /etc/credentials/sspki/openvpn/private.key
diff --git a/config/services.openvpn.yml b/config/services.openvpn.yml
index aaf5864b24999bb768459428becccbb5732b15fa..18e93f724ed3534cbf5d98f53cf0afae6838b272 100644
--- a/config/services.openvpn.yml
+++ b/config/services.openvpn.yml
@@ -31,7 +31,7 @@ openvpn:
   containers:
     - name: openvpn
       image: registry.0xacab.org/leap/container-platform/openvpn:latest
-      ports: [1194, 23042, 53]
+      ports: [80, 443, 53]
       drop_capabilities: false
       docker_options: '--cap-add=NET_ADMIN --cap-add=CAP_NET_BIND_SERVICE'
       volumes:
@@ -47,8 +47,8 @@ openvpn:
         # Shapeshifter specific environment variables
         LHOST: "::1"
         RHOST: "{{ ip }}"
-        RPORT: '1194'
-        OBFSPORT: '23042'
+        RPORT: '80'
+        OBFSPORT: '443'
         EXTORPORT: '3334'
         _CHAP_OPTIONS: --no-syslog
         LOGLEVEL: DEBUG
diff --git a/group_vars/all/gateway_locations.yml b/group_vars/all/gateway_locations.yml
index dfeb2696a081487dc81366d4682098211704bc1a..1f75391f36a82fab5f3b98f397ed3afe50e26f82 100644
--- a/group_vars/all/gateway_locations.yml
+++ b/group_vars/all/gateway_locations.yml
@@ -1,10 +1,12 @@
 ---
 locations:
   'Seattle':
+    'name': 'Seattle'
     'country_code': 'US'
     'hemisphere': 'N'
     'timezone': '-7'
   'Amsterdam':
+    'name': 'Amsterdam'
     'country_code': 'NL'
     'hemisphere': 'N'
     'timezone': '+2'
diff --git a/hosts.yml b/hosts.yml
index 6b6f70db764c2c4569eca2b613ff4376aa7b09bc..304579f095daa7731c1e0f5087e8871868491c27 100644
--- a/hosts.yml
+++ b/hosts.yml
@@ -16,13 +16,13 @@ hosts:
   gateway1:
     ansible_host: 37.218.242.191
     groups: [openvpn]
-    ip: 37.218.242.216
+    ip: 37.218.242.191
     # The 'ip_vpn0' is for the internal network overlay only. Assign an unique
     # value for each host
     ip_vpn0: 172.16.1.3
     # Set the egress source address for ipv4. This address should be distinct
     # from the 'ip' value above to prevent traffic leaks.
-    egress_ip: 37.218.242.191
+    egress_ip: 37.218.242.216
     location: Amsterdam
   gateway2:
     ansible_host: 204.13.164.252
@@ -34,7 +34,7 @@ hosts:
     ip6: 2620:13:4000:4000:8080::252
     # Set the egress source address for ipv4. This address should be distinct
     # from the 'ip' value above to prevent traffic leaks.
-    egress_ip: 204.13.164.252
+    egress_ip: 204.13.164.84
     # For each gateway that has ipv6, you should allocate an ipv6 netblock
     # (probably a /64) for each gateway. This ipv6 netblock should be in a
     # different network than the ip6 address that you configured above.
diff --git a/plugins/action/simplevpn.py b/plugins/action/simplevpn.py
index 1395af422675c4760c6e7697f3e0c6c7b79fbccd..1bdd50384c06ed6e7348cd5b52e96e439413b109 100644
--- a/plugins/action/simplevpn.py
+++ b/plugins/action/simplevpn.py
@@ -128,8 +128,8 @@ class ActionModule(ActionBase):
         public_domain = self._task.args['domain']
         provider_description = self._task.args['provider_description']
         transports = self._task.args.get('transports', [
-            dict(type="openvpn", protocols=["tcp"], ports=["1194"]),
-            dict(type="obfs4", protocols=["tcp"], ports=["23042"]),
+            dict(type="openvpn", protocols=["tcp"], ports=["53","80","1194"]),
+            dict(type="obfs4", protocols=["tcp"], ports=["443"]),
         ])
         gateways = self._task.args['gateways']
         openvpn = self._task.args['openvpn']
diff --git a/test/openvpn/connect.sh b/test/openvpn/connect.sh
index b8168738c4857e176eb9c8a028b69c2d169a3083..e741080fb09e35c76102e0bbdfcd4d69d26a126d 100755
--- a/test/openvpn/connect.sh
+++ b/test/openvpn/connect.sh
@@ -4,7 +4,7 @@ PATH=$PATH:/usr/sbin
 api_server=${API_SERVER:-api.float.bitmask.net}
 
 ip=${1}
-port=${2:-1194}
+port=${2:-80}
 api_ip=${3:-${ip}}
 
 # Create a temporary directory with certificates.
diff --git a/test/openvpn/ovpnprobe.go b/test/openvpn/ovpnprobe.go
index 9aadf5e315c5aeb36e6acd81e8ace2e8a06965de..04b8b26b2204d03728a0e002ac04f8128eb37a90 100644
--- a/test/openvpn/ovpnprobe.go
+++ b/test/openvpn/ovpnprobe.go
@@ -22,7 +22,7 @@ import (
 
 var (
 	targetHost     = flag.String("host", "", "openvpn server host")
-	targetPort     = flag.Int("port", 1194, "openvpn server port")
+	targetPort     = flag.Int("port", 80, "openvpn server port")
 	certPath       = flag.String("cert", "", "path to client certificate and key (PEM)")
 	caPath         = flag.String("ca", "", "path to server CA")
 	connectTimeout = flag.Duration("timeout", 60*time.Second, "openvpn connection timeout")