On Wed, Jul 18, 2007 at 10:15:32AM -0700, PETER EASTHOPE wrote: > Folk, > > I've installed openvpn on two systems and tried some > configurations including Example 2 from the man page. For those without access to the man page: Uses an UDP tunnel with static key security. > Seems that firewalls block successfully (sarcasm). > Nevertheless, http, ssh, ftp and a few other protocols > work. I presume that you do not have control over the firewall? If not then you'll have to make use of the existing holes. The protocols you mentioned all use TCP - any holes in the firewalls for UDP? That's openvpn's preferred mode of operation, although a TCP hole can be used too... > Is there any chance of using one of the open ports for > the tunnel between the two machines? Yes :-) > For example, > can the tunnel between 10.4.0.1 and 10.4.0.2 use port > 22 while ssh uses it for other connections? > > Can a proxy server solve this? If you run openvpn in tcp mode, then you can use a proxy server at the receiving end. I've written some software that just might fit the bill here: It allows the same port to be used for two different protocols: http://sourceforge.net/projects/ssh-ssl-proxy/ It should be possible to use this to switch between SSH and openvpn: http://ssh-ssl-proxy.svn.sourceforge.net/viewvc/ssh-ssl-proxy/tags/0.3/FAQ?view=markup > Is there any other way to connect the tunnel in spite > of the firewalls? Since the firewalls allow SSH through, you can always run a PPP link over ssh... Hope this helps -- Karl E. Jorgensen karl@jorgensen.org.uk http://www.jorgensen.org.uk/ karl@jorgensen.com http://karl.jorgensen.com ==== Today's fortune: A girl's conscience doesn't really keep her from doing anything wrong-- it merely keeps her from enjoying it.
Attachment:
signature.asc
Description: Digital signature