[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Multiple users on a single port - It works :)


  • Subject: Re: [Openvpn-users] Multiple users on a single port - It works :)
  • From: "James Yonan" <jim@xxxxxxxxx>
  • Date: Mon, 26 Jan 2004 17:12:02 -0000

Stefan `Sec` Zehl <sec+ovpn@xxxxxx> said:

> OpenVPN-client connects server on Well Known port (e.g. 5000).
> A 'broker'-type daemon listens on 5000 and forks off a new OpenVPN server
> , whichlistens on a new (unused,random-numbered) udp socket (e.g.
> 42192) and replies to client to use that port instead.
> 
> All further communication with this single client goes via that port
> now, and the broker daemon can still listen on port 5000.

The problem with this is that the port change semantics will surprise the
firewall, and therefore require static rules to allow the range of UDP ports
on the server side to be used as dynamic ports.

James