|
|
Stefan `Sec` Zehl <sec+ovpn@xxxxxx> said: > OpenVPN-client connects server on Well Known port (e.g. 5000). > A 'broker'-type daemon listens on 5000 and forks off a new OpenVPN server > , whichlistens on a new (unused,random-numbered) udp socket (e.g. > 42192) and replies to client to use that port instead. > > All further communication with this single client goes via that port > now, and the broker daemon can still listen on port 5000. The problem with this is that the port change semantics will surprise the firewall, and therefore require static rules to allow the range of UDP ports on the server side to be used as dynamic ports. James |