OpenVPN: Running OpenVPN and a Webserver at same TCP Port

Hi,

OpenVPN has the ability to act like a HTTP Reverse Proxy Server. This feature is called port sharing. Means if OpenVPN detects non VPN traffic it proxy the connection to an specific host and port.

First of all setup OpenVPN as descripted in my previous post.

Let us assume both OpenVPN and a Webserver should reachable at TCP 443, also both running on the same machine.

Configure the Webserver to bind network only to 127.0.0.1 and port 9443. For example lighttpd

$SERVER["socket"] == "127.0.0.1:9443" {
...
}

Then configure OpenVPN (/etc/openvpn/vpnsrv.conf) to run as TCP Server at TCP Port 443. Replace the following directives

# vpn server dns name
remote openvpn.yourdomain.org 1194
# Fallback in case of name cannot resolve
remote 192.168.100.1 1194
proto udp

with

# vpn server dns name
remote openvpn.yourdomain.org
# Fallback in case of name cannot resolve
remote 192.168.100.1
proto tcp-server
port 443
# Dynamic Source Port
nobind

and add the port sharing option. To Monitor proxy activity a folder is specified. OpenVPN will then create for each Proxy session a file in the folder /var/run/openvpn/proxy

port-share localhost 9443 /var/run/openvpn/proxy

This folder must created each time Linux starts because /run/ respectively /var/run is volatile (mounted as tmpfs). To create the folder at startup create a new file /etc/tmpfiles.d/openvpn-proxy.conf

D /var/run/openvpn/proxy 0755 root root

Change your client config so it also points to TCP/443.

Thats its

Michael

Advertisment to support michlstechblog.info

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.