[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] Re: Anyone know how to detect OpenVPN traffic?

  • Subject: Re: [Openvpn-users] Re: Anyone know how to detect OpenVPN traffic?
  • From: Michel Arboi <mikhail@xxxxxxxxxx>
  • Date: Sat, 20 Nov 2004 14:05:48 +0100

On Fri Nov 19 2004 at 17:17, James Yonan wrote:

> While OpenVPN can use TCP port 443 or tunnel over a proxy using the HTTP 
> CONNECT method, it makes no effort to impersonate the HTTP or HTTPS 
> protocols.

AFAIK, it can use SSL, just like any HTTPS server.

> So any proxy that sanity-checks the HTTP CONNECT clients to make sure they 
> are talking real HTTPS would be able to block OpenVPN.

Most proxies only check the destination port. Some proxies decipher
the SSL session and inspect the HTTP content, but they have to
encipher the session back to the client, with their own fix certificate
(=> warning on the browser) or with a on-the-fly generated
certificate. This is an expensive process.