[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-devel] OpenVPN RFC-2246 Compliance Question


  • Subject: [Openvpn-devel] OpenVPN RFC-2246 Compliance Question
  • From: "Randolph A. Krenz" <randy.krenz@xxxxxxxxxxx>
  • Date: Thu, 19 Jul 2007 09:16:17 -0400

I have a need to utilize OpenVPN in a Server/multi-Client, TCP, TUN mode
on port 443.  OpenVPN generally works fine but I’ve recently had a need
to pass this traffic through a firewall with stateful packet inspection
(that can’t be circumvented).  The firewall complains that the traffic
does not comply with section 7.4.1.2 of RFC-2246 (The TLS protocol)
which states that a “client hello” must be sent as the client’s first
message.  The traffic is dropped as a result.  I don’t see any obvious
OpenVPN configuration changes that would affect this behavior.  Is there
anything I can do, from a configuration perspective, to cause the
OpenVPN client to send the “client hello”?  Not sure if this would be
the only (or just the first) obstacle in getting through the SPI.

Thanks,
Randy


____________________________________________
Openvpn-devel mailing list
Openvpn-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-devel