[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] Can OpenVPN be used as "pure" SSL VPN?

  • Subject: Re: [Openvpn-users] Can OpenVPN be used as "pure" SSL VPN?
  • From: Jon Bendtsen <jon.bendtsen@xxxxxxxxxx>
  • Date: Thu, 3 Jun 2004 23:23:05 +0200
Den 3. jun 2004, kl. 23:06, skrev Small, Jim:

I am looking for an Open Source "pure" SSL VPN. By "pure", I mean that
everything/all negotiation occurs over port 443/TCP. When I looked through
the documentation, it looked like OpenVPN requires an open UDP port. This
is not possible for my situation. I have a vendor that only allows ports
80/TCP and 443/TCP, no exceptions. Is it possible to use OpenVPN as an SSL
VPN with only port 443/TCP open? 

yes

http://openvpn.sourceforge.net/man.html


--proto p
Use protocol p for communicating with remote host. p can be udp, tcp-client, or tcp-server.

    The default protocol is udp when --proto is not specified.

    For UDP operation, --proto udp should be specified on both peers.

For TCP operation, one peer must use --proto tcp-server and the other must use --proto tcp-client. A peer started with tcp-server will wait indefinitely for an incoming connection. A peer started with tcp-client will attempt to connect, and if that fails, will sleep for 5 seconds (adjustable via the --connect-retry option) and try again. Both TCP client and server will simulate a SIGUSR1 restart signal if either side resets the connection.

OpenVPN is designed to operate optimally over UDP, but TCP capability is provided for situations where UDP cannot be used. In comparison with UDP, TCP will usually be somewhat less efficient and less robust when used over unreliable or congested networks.

    This article outlines some of problems with tunneling IP over TCP:

    http://sites.inka.de/sites/bigred/devel/tcp-tcp.html

There are certain cases, however, where using TCP may be advantageous from a security and robustness perspective, such as tunneling non-IP or application-level UDP protocols, or tunneling protocols which don't possess a built-in reliability layer.



--port port
    TCP/UDP port number for both local and remote.
--lport port
    TCP/UDP port number for local (default=5000).
--rport port
    TCP/UDP port number for remote (default=5000).


____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users


Warning: require_once(../../../archive_common.php) [function.require-once]: failed to open stream: No such file or directory in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2004-06/msg00094.html on line 218

Fatal error: require_once() [function.require]: Failed opening required '../../../archive_common.php' (include_path='/usr/local/lib/php') in /home/openvpn/domains/openvpn.net/public_html/archive/openvpn-users/2004-06/msg00094.html on line 218