Port 943 sits in the well-known range (0-1023)—the ports IANA officially assigns to standardized services. But IANA never assigned port 943 to anything. It's officially unassigned.
In practice, that doesn't mean it sits empty.
What Actually Uses Port 943
OpenVPN Access Server claims port 943 by default for its web services.1 When you install OpenVPN Access Server, it listens on TCP port 943 for:
- The Admin Web UI at
https://your-server:943/admin - The Client Web UI where users download VPN profiles and connection software
- Web-based configuration and management interfaces
This isn't a standard. OpenVPN didn't file for IANA assignment. They just picked an unassigned port in the well-known range and started using it. Thousands of deployments later, port 943 effectively belongs to OpenVPN Access Server—at least in practice.
The Port Sharing Trick
OpenVPN Access Server does something clever: it runs the actual VPN daemon on port 443 (standard HTTPS) and uses a feature called port sharing to forward web browser requests to port 943.2
When you connect to https://your-server:443/admin, the OpenVPN daemon detects it's an HTTPS request (not a VPN connection) and automatically forwards it to the web service listening on port 943. From the user's perspective, everything happens on port 443. Behind the scenes, port 943 is doing the work.
This means you can run both the VPN service and the web interface on the same IP address without conflicts.
Why This Port Matters
Port 943 shows the gap between official assignment and real-world use. IANA maintains the registry. But applications don't always wait for permission. They find an unassigned port, use it, and if the software gets popular enough, that port becomes de facto claimed.
For well-known ports (0-1023), this is unusual—most modern applications use registered ports (1024-49151) or dynamic ports (49152-65535) instead. But OpenVPN Access Server picked a well-known port anyway, presumably because:
- It reinforces that this is a core service, not a temporary connection
- It avoids conflicts with other registered services
- Firewall rules often trust well-known ports more than high-numbered ports
Checking What's Listening
To see if port 943 is listening on your system:
If you see something listening on port 943 and you haven't installed OpenVPN Access Server, investigate. Unassigned ports can be used by anything—including things you didn't expect.
Security Considerations
Because port 943 has no official assignment, there's no standard for what should be running on it. If you're running OpenVPN Access Server, port 943 should serve HTTPS traffic with a valid certificate. If you're not running OpenVPN, port 943 should be closed.
Firewall rules:
- If running OpenVPN Access Server: Allow incoming TCP 943, but only from networks that need administrative access
- If not running OpenVPN: Block incoming TCP 943 entirely
The lack of official assignment means there's no "correct" use for this port. Whatever you find listening here is application-specific.
Related Ports
- Port 443: Standard HTTPS—OpenVPN Access Server uses port sharing to forward web requests from 443 to 943
- Port 1194: OpenVPN's standard UDP port for VPN connections
- Port 945: Used by OpenVPN Access Server for clustering (also unassigned by IANA)
The Unassigned Port Philosophy
The well-known port range exists to prevent chaos. IANA assigns ports to standardized protocols so everyone knows what to expect. Port 25 is SMTP. Port 80 is HTTP. Port 443 is HTTPS.
But not every port got assigned. Some remain unassigned—gaps in the registry, reserved for future use or simply never claimed by a standard protocol.
Applications like OpenVPN Access Server use these gaps. It's not wrong, exactly. But it creates a kind of informal ownership: the port isn't officially assigned, but if you deploy the software, you're using that port whether IANA approves or not.
Port 943 is what happens when software moves faster than standards bodies.
A fost utilă această pagină?