port-share Open VPN Access Server and Exchange - no Connect

Business solution to host your own OpenVPN server with web management interface and bundled clients.
Post Reply
tb79
OpenVpn Newbie
Posts: 1
Joined: Sun Apr 15, 2012 12:55 pm

port-share Open VPN Access Server and Exchange - no Connect

Post by tb79 » Sun Apr 15, 2012 1:02 pm

Hello.

Access Server Version 1.8.3

Everything is fine if port-share on port 443 is not active.

But if i activated the share

Server Config Directives
port-share x.x.x.x 443

the SSL Certificate of the Exchange Server is shown - so "OpenVPN Connect" disconnected immediately.

Please help - thanks.

ddog800
OpenVpn Newbie
Posts: 14
Joined: Sun Apr 15, 2012 6:01 pm

Re: port-share Open VPN Access Server and Exchange - no Conn

Post by ddog800 » Wed Apr 18, 2012 4:22 pm

There are a few things to take into consideration:

1) I know that previously port-share was not implemented for Windows. You didn't specify the platform you're using OpenVPN on, but since you mentioned Exchange then I'm going to assume you're using Windows. I'm not sure if port-share has been implemented in Windows at this point (or if it will be or if it's even possible).

2) The way port-share works (I believe) is OpenVPN takes control of port 443 and then monitors the traffic for non-OpenVPN traffic on that port. If it detects non OpenVPN traffic then it simply proxies the connection forward to the specified destination (such as an https server). To me, the fact that you're receiving the Exchange Server certificate indicates to me that the connection is instead being picked up by first the Exchange server and is never hitting the OpenVPN service. The only other alternative would be that OpenVPN IS picking up the traffic first, but failing to detect the traffic as OpenVPN-related and is forwarding it on. I find the latter scenario to be extremely unlikely, it's far more likely that Exchange has usurped the listener for 443 and cut OpenVPN out of the loop.

I would say that either this is simply not going to work with port-share *if* port share has not yet been implemented in OpenVPN for Windows (a quick Google search didn't show me otherwise) or, alternately, you will have to figure out a way to hack the Windows configuration to ensure that traffic is routed to the OpenVPN service first (not sure if this is possible nor do I know how to make such a change without further research).

Hope this helps! Does anyone else have any further insight regarding Windows support for the port-share directive?

Post Reply