sslh mangle table messes regular ovpn
sslh firewall.j2 ( config/roles/openvpn/templates/sslh.firewall.j2 ) adds a mangle rule:
add_rule -A OUTPUT -o {{ intf }} -p tcp -m tcp --sport 1194 -j sslh
Chain OUTPUT (policy ACCEPT) │·······························································································
target prot opt source destination │·······························································································
sslh tcp -- anywhere anywhere tcp spt:8443
This seems to send traffic originating from openvpn into the void of sslh. When tcpdumping on the server, I see the clients packets arriving fine, but nothing returned. Because the 443 port for openvpn and api simultaneous is an extra not advertised in eip.json, I propose to simply remove that line.