{"id":3383,"date":"2015-12-11T01:49:12","date_gmt":"2015-12-11T00:49:12","guid":{"rendered":"http:\/\/michlstechblog.info\/blog\/?p=3383"},"modified":"2022-01-20T21:19:47","modified_gmt":"2022-01-20T20:19:47","slug":"openvpn-running-openvpn-and-a-webserver-at-same-tcp-port","status":"publish","type":"post","link":"https:\/\/michlstechblog.info\/blog\/openvpn-running-openvpn-and-a-webserver-at-same-tcp-port\/","title":{"rendered":"OpenVPN: Running OpenVPN and a Webserver at same TCP Port"},"content":{"rendered":"<div class=\"twoclick_social_bookmarks_post_3383 social_share_privacy clearfix 1.6.4 locale-en_US sprite-en_US\"><\/div><div class=\"twoclick-js\"><script type=\"text\/javascript\">\/* <![CDATA[ *\/\njQuery(document).ready(function($){if($('.twoclick_social_bookmarks_post_3383')){$('.twoclick_social_bookmarks_post_3383').socialSharePrivacy({\"services\":{\"flattr\":{\"uid\":\"Michl\",\"status\":\"on\",\"the_title\":\"OpenVPN%3A%20Running%20OpenVPN%20and%20a%20Webserver%20at%20same%20TCP%20Port\",\"the_excerpt\":\"Hi%2C%0D%0A%0D%0AOpenVPN%20has%20the%20ability%20to%20act%20like%20a%20HTTP%20Reverse%20Proxy%20Server.%20This%20feature%20is%20called%20port%20sharing.%20Means%20if%20OpenVPN%20detects%20non%20VPN%20traffic%20it%20proxy%20the%20connection%20to%20an%20specific%20host%20and%20port.%0D%0A%20%28more%26hellip%3B%29\",\"txt_info\":\"2 clicks for more data protection:\\r\\n\\r\\nOnly when you click here, the button will be come active and you can send your recommendation to Flattr. When activating, data are transmitted to third parties. \",\"perma_option\":\"off\"}},\"txt_help\":\"When you activate these fields by clicking, information to Flattr may be transferred abroad, and probably may also stored there.\",\"settings_perma\":\"Enable permanently and accept data transmission. \",\"info_link\":\"http:\\\/\\\/www.heise.de\\\/ct\\\/artikel\\\/2-Klicks-fuer-mehr-Datenschutz-1333879.html\",\"uri\":\"https:\\\/\\\/michlstechblog.info\\\/blog\\\/openvpn-running-openvpn-and-a-webserver-at-same-tcp-port\\\/\",\"post_id\":3383,\"post_title_referrer_track\":\"OpenVPN%3A+Running+OpenVPN+and+a+Webserver+at+same+TCP+Port\",\"display_infobox\":\"on\"});}});\n\/* ]]> *\/<\/script><\/div><p>Hi,<\/p>\n<p>OpenVPN has the ability to act like a HTTP Reverse Proxy Server. This feature is called port sharing. Means if OpenVPN detects non VPN traffic it proxy the connection to an specific host and port.<br \/>\n<!--more--><\/p>\n<p>First of all setup OpenVPN as descripted in my previous <a href=\"http:\/\/michlstechblog.info\/blog\/openvpn-a-default-config-template-for-server-and-client\/\" title=\"OpenVPN: A default config template for server and client\">post<\/a>.<\/p>\n<p>Let us assume both OpenVPN and a Webserver should reachable at TCP 443, also both running on the same machine. <\/p>\n<p>Configure the Webserver to bind network only to 127.0.0.1 and port 9443. For example lighttpd<br \/>\n<code><br \/>\n$SERVER[\"socket\"] == \"127.0.0.1:9443\" {<br \/>\n...<br \/>\n}<br \/>\n<\/code><\/p>\n<p>Then configure OpenVPN (<strong>\/etc\/openvpn\/vpnsrv.conf<\/strong>) to run as TCP Server at TCP Port 443. Replace the following directives<br \/>\n<code><br \/>\n# vpn server dns name<br \/>\nremote openvpn.yourdomain.org 1194<br \/>\n# Fallback in case of name cannot resolve<br \/>\nremote 192.168.100.1 1194<br \/>\nproto udp<br \/>\n<\/code><br \/>\nwith<br \/>\n<code><br \/>\n# vpn server dns name<br \/>\nremote openvpn.yourdomain.org<br \/>\n# Fallback in case of name cannot resolve<br \/>\nremote 192.168.100.1<br \/>\nproto tcp-server<br \/>\nport 443<br \/>\n# Dynamic Source Port<br \/>\nnobind<br \/>\n<\/code><br \/>\nand add the port sharing option. To Monitor proxy activity a folder is specified. OpenVPN will then create for each Proxy session a file in the folder \/var\/run\/openvpn\/proxy<br \/>\n<code><br \/>\nport-share localhost 9443 \/var\/run\/openvpn\/proxy<br \/>\n<\/code><br \/>\nThis folder must created each time Linux starts because \/run\/ respectively \/var\/run is volatile (mounted as tmpfs). To create the folder at startup create a new file <strong>\/etc\/tmpfiles.d\/openvpn-proxy.conf<\/strong><br \/>\n<code><br \/>\nD \/var\/run\/openvpn\/proxy 0755 root root<br \/>\n<\/code><\/p>\n<p>Change your client config so it also points to TCP\/443.<\/p>\n<p>Thats its<\/p>\n<p>Michael<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Hi, OpenVPN has the ability to act like a HTTP Reverse Proxy Server. This feature is called port sharing. Means if OpenVPN detects non VPN traffic it proxy the connection to an specific host and port.<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6,466],"tags":[628,857,777,141,142],"class_list":["post-3383","post","type-post","status-publish","format-standard","hentry","category-openvpn","category-security","tag-https","tag-openvpn","tag-port-sharing","tag-proxy","tag-reverse"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/posts\/3383","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/comments?post=3383"}],"version-history":[{"count":10,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/posts\/3383\/revisions"}],"predecessor-version":[{"id":3388,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/posts\/3383\/revisions\/3388"}],"wp:attachment":[{"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/media?parent=3383"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/categories?post=3383"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/tags?post=3383"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}