[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] Re: how to share tcp port 443 between OpenVpn and Apache?

  • Subject: Re: [Openvpn-users] Re: how to share tcp port 443 between OpenVpn and Apache?
  • From: Richard Atterer <richard@xxxxxxxxxxxxxxxx>
  • Date: Mon, 24 Jan 2005 13:48:55 +0100
  • Mail-copies-to: nobody

On Mon, Jan 24, 2005 at 12:53:33PM +0100, Konrad Karl wrote:
> PPS: does anybody here if the muxing could be done on Linux using a
> special netfilter module?

If this VPN setup is for your personal use only, a simple solution would be
to set up a web page which, when executed, sets up a source-IP-based port
redirection (only redirect to OpenVPN if source IP matches). Maybe you
could even watch Apache's log for an error message which indicates an
OpenVPN connection attempt, and react to that - obviously, OpenVPN will
only succeed in connecting the second time it tries.

Another interesting thought: OpenVPN could use a specific _source_ port
number (--lport ?), so you could use iptables to look for destination port
443 and e.g. source port 1194. Untested:

iptables -t nat -A PREROUTING -i eth0 -p tcp --sport 1194 --dport 443 \
 -j DNAT --to

Yet another possibility: Play around with --http-proxy and Apache's proxy
module. I'm not sure whether that will work, i.e. whether Apache's proxy
implementation supports CONNECT.



  __   _
  |_) /|  Richard Atterer     |  GnuPG key:
  | \/¯|  http://atterer.net  |  0x888354F7
  ¯ '` ¯

Openvpn-users mailing list