[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Google
 
Web openvpn.net

[Openvpn-users] Re: how to share tcp port 443 between OpenVpn and Apache?


  • Subject: [Openvpn-users] Re: how to share tcp port 443 between OpenVpn and Apache?
  • From: larsbj@xxxxxxxxxx (Lars Gullik Bjønnes)
  • Date: Mon, 24 Jan 2005 15:55:33 +0100
  • Cancel-lock: sha1:tbs0aglSg95hClf1mJ8r0DGNUFY=

Konrad Karl <kk_konrad@xxxxxx> writes:

| On Mon, Jan 24, 2005 at 01:48:55PM +0100, Richard Atterer wrote:
>> On Mon, Jan 24, 2005 at 12:53:33PM +0100, Konrad Karl wrote:
>> > PPS: does anybody here if the muxing could be done on Linux using a
>> > special netfilter module?
>> 
>> If this VPN setup is for your personal use only, a simple solution would be
>> to set up a web page which, when executed, sets up a source-IP-based port
>> redirection (only redirect to OpenVPN if source IP matches). Maybe you
>> could even watch Apache's log for an error message which indicates an
>> OpenVPN connection attempt, and react to that - obviously, OpenVPN will
>> only succeed in connecting the second time it tries.
>
| this will cause normal web access failing at times.
>
>> 
>> Another interesting thought: OpenVPN could use a specific _source_ port
>> number (--lport ?), so you could use iptables to look for destination port
>> 443 and e.g. source port 1194. Untested:
>
| choosing source port is not an option when going thru a proxy, unfortunately.
>
>> 
>> iptables -t nat -A PREROUTING -i eth0 -p tcp --sport 1194 --dport 443 \
>>  -j DNAT --to 127.0.0.1:1194

I don't think you can use 127.0.0.1 here.

>> Yet another possibility: Play around with --http-proxy and Apache's proxy
>> module. I'm not sure whether that will work, i.e. whether Apache's proxy
>> implementation supports CONNECT.
>
| this is not very well documented, I will have a look into the source
| code if time permits.

would string-match be an option?

(pseudo command)
iptables -t nat -I PREROUTING -m string-match --string-match \
<something openvpn specific> -j REDIRECT --to-port 5000

-- 
	Lgb


____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users