Hence it’s often insufficient to configure OpenVPN to listen on port 443. Even though OpenVPN is actually SSL/TLS-based, its traffic can easily distinguished from true SSL/TLS as used by a webserver, for example. In this setup it’s only used to hide the distinctive OpenVPN-handshake from the restrictive firewall. Both server and clients are available for almost any OS and platform. Most often it’s used to add an encryption layer to non-encrypted server applications. Stunnel is a very useful piece of software: it allows to set up an encrypted SSL/TLS tunnel between two arbitrary endpoints. Technically this is not an optimal VPN configuration, but it’s a requirement for our intended setup. Note however that the VPN must be using TCP for its connections (instead of the default UDP). Sometimes it’s as easy as clicking a few buttons (NAS, routers, etc.) For the remainder of this post, I’ll suppose the openvpn-server is listening on an internal server reachable as “ vpnserver:1194”. The web is full of excellent HOWTOs explaining how to set up OpenVPN on almost any platform. All of this on the standard SSL-port 443 and a single IP. A total of three subdomains are supposed to point to the public IP of the server: one for the VPN service (“”) and two for various other self-hosted web services (“ ” and “ ”). The example setup is for a registered domain called “ ”. You may use your own domain or open an account at one of the numerous “dynamic DNS” providers. I’m simply documenting my own setup, feel free to run the openvpn-server on the Pi too.)Īn obvious prerequisite is to have a public IP address for your server (i.e. All of this is implemented on a Raspberry Pi! (Except for the actual VPN-server, but that’s the least interesting part of the whole setup anyway.This is achieved through port-sharing implemented by sniproxy. Port 443 is still available for regular https-hosting. This “stunneled” VPN-connection is exposed to the outside world on port 443 (which is often the only non-blocked port available).OpenVPN-traffic is encapsulated in regular SSL/TLS in order to hide it from intrusive firewalls (doing Deep Packet Inspection).a hotel wifi or some free municipal wifis but think twice before messing with your employer’s corporate network or even the Great Firewall of China.) A server at home (on an unrestricted line) acts as an OpenVPN-server, while the client is connected to a very restrictive network (e.g.In this blog post I’ll show you how to get a VPN-connection up and running through (almost) any firewall:
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |