[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

Re: [Openvpn-users] port-share with 2.6.21.5


  • Subject: Re: [Openvpn-users] port-share with 2.6.21.5
  • From: christian <openvpn-users@xxxxxxxxxxx>
  • Date: Sat, 27 Oct 2007 19:04:58 +0200

On Sat, Oct 27, 2007 at 12:23:05PM -0400, Colin Ryan wrote:
> [...] one might suggest to the powers that be that the description 
> be clarified, i.e. that this allows port sharing from an inbound 
> communications perspective etc.

if you were to submit a rewording of this manpage paragraph, i'm sure 
the p-t-b would consider its inclusion. ;-)
as i'm not a native english speaker & having never spent more than a 
fortnight or so in an english speaking country, i for one wouldn't 
dare. :-)

> Anyhow taking this I've got it working with:
> 
> port 443
> port-share other.server.com 444
> 
> however to my surprise OpenVPN is accepting communications on 443 and 
> the issuing [port-share-redirect] to the client and my web browser then 
> goes to port 444 (which is the target port of my port-share ) directive. 
> Is this how this is suppose to work? 

this is how you wanted it to work, given the above config lines, if i 
understand you correctly.

> If so I don't see the value then, I 
> still need to have firewall/port access to both my OpenVPN (443)  and 
> 444. Maybe I'm missing something but other than allow one to communicate 
> only a single port configuration to users of various sorts, it's not 
> doing anything for me in terms of actual network configuration 
> complexity. 

port 443
port-share other.server.com 443 # !

would work though, if the other server is an other server (or, i guess, 
another interface on the same sever where your application doesn't 
listen already [address binding...]).
that's the way i'm using it here - it helps me to alleviate the 
scarcity of ip4 addresses; i accept an openvpn connection on my 
(externally visible) frontend (443) or pass it on to a backend 
(privateaddress:443).

> In the spirit of your letter of the word interpretation of 
> the man page "proxy" to me means more that a redirect but.....

i think you are right - it's no more than a passing on to the right 
target (and remembering both connections), and passing the target's 
responses to the right outbound connection.

at least that's the way i imagine it to work, more or less; having 
not read the code, i could be totally wrong, of course with my 
speculations.


are you trying to accomodate both an openvpn server and an application 
on the same machine, with one interface address only, 'sharing' 443?

i would not expect this to work.
______________________
OpenVPN mailing lists
https://lists.sourceforge.net/lists/listinfo/openvpn-users