On Wed, Jul 18, 2007 at 10:15:32AM -0700, PETER EASTHOPE wrote:
> Folk,
>
> I've installed openvpn on two systems and tried some
> configurations including Example 2 from the man page.
For those without access to the man page: Uses an UDP tunnel with static
key security.
> Seems that firewalls block successfully (sarcasm).
> Nevertheless, http, ssh, ftp and a few other protocols
> work.
I presume that you do not have control over the firewall? If not then
you'll have to make use of the existing holes.
The protocols you mentioned all use TCP - any holes in the firewalls for
UDP? That's openvpn's preferred mode of operation, although a TCP hole
can be used too...
> Is there any chance of using one of the open ports for
> the tunnel between the two machines?
Yes :-)
> For example,
> can the tunnel between 10.4.0.1 and 10.4.0.2 use port
> 22 while ssh uses it for other connections?
>
> Can a proxy server solve this?
If you run openvpn in tcp mode, then you can use a proxy server at the
receiving end. I've written some software that just might fit the bill
here: It allows the same port to be used for two different protocols:
http://sourceforge.net/projects/ssh-ssl-proxy/
It should be possible to use this to switch between SSH and openvpn:
http://ssh-ssl-proxy.svn.sourceforge.net/viewvc/ssh-ssl-proxy/tags/0.3/FAQ?view=markup
> Is there any other way to connect the tunnel in spite
> of the firewalls?
Since the firewalls allow SSH through, you can always run a PPP link
over ssh...
Hope this helps
--
Karl E. Jorgensen
karl@jorgensen.org.uk http://www.jorgensen.org.uk/
karl@jorgensen.com http://karl.jorgensen.com
==== Today's fortune:
A girl's conscience doesn't really keep her from doing anything wrong--
it merely keeps her from enjoying it.
Attachment:
signature.asc
Description: Digital signature