[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] Re: Re: openvpn-2 tap and nat - understanding problem [solved]

  • Subject: Re: [Openvpn-users] Re: Re: openvpn-2 tap and nat - understanding problem [solved]
  • From: Konrad Karl <kk_konrad@xxxxxx>
  • Date: Sat, 15 Jan 2005 03:08:02 +0100


On Fri, Jan 14, 2005 at 04:33:11PM -0600, Charles Duffy wrote:
> On Fri, 2005-01-14 at 21:31 +0100, Konrad Karl wrote:
> > PS: is there any thinkable way to share tcp port 443
> > (apache, openvpn) ? 
> > there is some shortage of ip addresses....
> Use HTTP CONNECT method proxying to let Apache forward connections to
> OpenVPN.

I think, there is some misunderstanding here:

unfortunately  clients exist who can only connect via http(s) proxy on port 443.
(usually ports other than 443 the proxy requires to speak http - GET, POST etc)
I want to share this one port om the server between apache and openvpn but I am
afraid that it is not going to be simple - a second ip address is being
needed on the server which is difficult to get nowadays.

Since the TLS handshake is initiated by the client and 
special certificates can be provided it must be possible to decide at
the very early stage of the connection that the intended target is
not the https web service but openvpn and then hand over the
connection to the openvpn server. (it might be necessary to have
some code in between wich is able to buffer the first client parts of
the SSL handshake and supply it to openvpn's ssl engine after the
decision has been made.

Has anybody perhaps already done this?


The SF.Net email is sponsored by: Beat the post-holiday blues
Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt
Openvpn-users mailing list