Hi,
OpenVPN has the ability to act like a HTTP Reverse Proxy Server. This feature is called port sharing. Means if OpenVPN detects non VPN traffic it proxy the connection to an specific host and port.
First of all setup OpenVPN as descripted in my previous post.
Let us assume both OpenVPN and a Webserver should reachable at TCP 443, also both running on the same machine.
Configure the Webserver to bind network only to 127.0.0.1 and port 9443. For example lighttpd
$SERVER["socket"] == "127.0.0.1:9443" {
...
}
Then configure OpenVPN (/etc/openvpn/vpnsrv.conf) to run as TCP Server at TCP Port 443. Replace the following directives
# vpn server dns name
remote openvpn.yourdomain.org 1194
# Fallback in case of name cannot resolve
remote 192.168.100.1 1194
proto udp
with
# vpn server dns name
remote openvpn.yourdomain.org
# Fallback in case of name cannot resolve
remote 192.168.100.1
proto tcp-server
port 443
# Dynamic Source Port
nobind
and add the port sharing option. To Monitor proxy activity a folder is specified. OpenVPN will then create for each Proxy session a file in the folder /var/run/openvpn/proxy
port-share localhost 9443 /var/run/openvpn/proxy
This folder must created each time Linux starts because /run/ respectively /var/run is volatile (mounted as tmpfs). To create the folder at startup create a new file /etc/tmpfiles.d/openvpn-proxy.conf
D /var/run/openvpn/proxy 0755 root root
Change your client config so it also points to TCP/443.
Thats its
Michael