OpenVPN and HTTPS on the same port.

This forum is for admins who are looking to build or expand their OpenVPN setup.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
TheMG
OpenVpn Newbie
Posts: 6
Joined: Tue Nov 30, 2010 3:19 am

OpenVPN and HTTPS on the same port.

Post by TheMG » Sun Apr 03, 2011 11:40 pm

I find myself in the situation of having to run both OpenVPN and HTTPS web server on TCP port 443.

Obviously, I have access to only one IP address, otherwise this wouldn't be an issue at all.

Also, I realize the latest community version of OpenVPN has a feature which does exactly this, but I'd prefer not to use this.

What I'd like to do is segregate OpenVPN and HTTPS traffic at the router level.

First of all, is this even possible? Is there anything distinctive about OpenVPN TCP packets that can be used to differentiate them from HTTPS?

I could go ahead and run some packet captures and come up with my own analysis, but I figure I'd wait to see if someone here already knows the answer before I spend time on this.

User avatar
krzee
Forum Team
Posts: 729
Joined: Fri Aug 29, 2008 5:42 pm

Re: OpenVPN and HTTPS on the same port.

Post by krzee » Sun Apr 03, 2011 11:50 pm

your only choice that i know of is to use openvpn's feature --port-share
then you tell it what port the REAL https server is running on, and non openvpn packets get forwarded to the real https server
if there was a better way that didnt use port-share, they would not have bothered coding port-share (same reason they didnt bother coding NAT into openvpn)

Post Reply