don't allow openvpn port 443 when node is also a webapp

If a node is also a webapp, then openvpn shouldn't be configured to listen on port 443, because the webserver will need to be listening there.

On a vpn node, incoming connections on port 443 are redirected to the openvpn service with:

DNAT net $FW:202.85.227.201:1194 tcp 443 - - - -

in /etc/shorewall/puppet/rules... If the node is also a webapp, then the webserver isn't going to work right with that DNAT rule in place.

Elijah, is there a way we can have leap compile error out with useful information if you have configured things in the json this way?

(from redmine: created on 2014-11-19, closed on 2014-11-20, relates #6135 (closed))