Thanks for all of the informative info. Yes, this is correct. Caddy does not (as far as I’m aware, out of the box) proxy the VPN connection itself. That should be the job of the OpenVPN software itself on your server. Caddy is reverse proxying the web gui, not the actual VPN connection itself. You can run Caddy and the VPN itself on port 443. My first original post shows that it is possible. However, Caddy is running on TCP and WireGuard on UDP. If I were to enable experimental HTTP/3 support, Caddy would fail to start (or WireGuard would, whichever first) because the protocol is taken). You’re right that each internal IP can listen on the same port, I didn’t know that’s what you meant.
If Caddy were routing the traffic, then it would sort of be in the middle. The point of a VPN is encrypted traffic only between the software itself and the client itself. Does that make sense? It looks like you have everything setup correctly, but no, Caddy will not be able to route that actual VPN traffic itself. If it can, then someone else will have to correct me on that.