[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] Multiple users on a single port - It works :)

  • Subject: Re: [Openvpn-users] Multiple users on a single port - It works :)
  • From: Stefan `Sec` Zehl <sec+ovpn@xxxxxx>
  • Date: Mon, 26 Jan 2004 10:13:39 +0100
  • Accept-languages: de, en
  • I-love-doing-this: really

On Sat, Jan 24, 2004 at 22:46 -0000, James Yonan wrote:
> I think the goal right now is to support multiple clients on the same UDP port
> without forking.  Ultimately, this is the most scalable solution but also the
> most involved patch.

I agree with you, that vpn via UDP is far more sensible that vpn via
TCP, and thus it should get more attention. But the problem i am facing
(and why I chose TCP for our setup) is, that it is needed to get
trough some of the most rigid firewalls, where the only way to get out
is via the https proxy. This also means all users absolutely _must_ use
port 443, which is why there was a need for this patch in the first

I am sure others, too have this problem, and this is why I hope that
this patch can be included in one of the next releases.

I know that this produces differences between the tcp and udp handling.
But in the long run, whese will be needed anyway, as you noted in your
nice explanation about the UDP problem.

On a side note: 
One thing which might help with the UDP problem in the short run might
be a protocol extension with a 'broker'-like functionality.

OpenVPN-client connects server on Well Known port (e.g. 5000).
A 'broker'-type daemon listens on 5000 and forks off a new OpenVPN server
, whichlistens on a new (unused,random-numbered) udp socket (e.g.
42192) and replies to client to use that port instead.

All further communication with this single client goes via that port
now, and the broker daemon can still listen on port 5000.

The attached bug will fix that. 
		-- Byrial Jensen <byrial@xxxxxxxxxxxxx> on mutt-dev/21.7.98