[OpenVPN home]	[Date Prev]	[Date Index]	[Date Next]
[OpenVPN mailing lists]	[Thread Prev]	[Thread Index]	[Thread Next]

Re: [Openvpn-users] Can OpenVPN be used as "pure" SSL VPN?

Subject: Re: [Openvpn-users] Can OpenVPN be used as "pure" SSL VPN?
From: "Erik Anderson" <erikba@xxxxxxxxxxxxxxxxx>
Date: Thu, 3 Jun 2004 14:32:25 -0700

Quick answer: yes, OpenVPN can be configured to use 443/tcp.

Slightly longer answers:

(1) If you specify OpenVPN to be running over 443/tcp, it won't be running
SSL web server protocol (i.e. https:// ).  If your vendor is using a proxy
firewall then it's gonna get really confused trying to proxy the OpenVPN
protocol, which is a complete VPN tunneling protocol rathar than a simple
web protocol.

(2) TCP does have some documented issues that UDP does not have, performance
wise, especially over not-so-perfect links.  This is not a design problem
inside OpenVPN, it is inherent in the differences between TCP and UDP.  You
may want to keep this in mind.  Many people on this list have successfully
gotten TCP-based VPN's running with no problems.

(3) OpenVPN can be used to allow the host/hosts at one end to act as if they
were physically within your network i.e. they are completely bypassing all
the firewall security.  Considering the strength of the firewall you are
trying to break through, you may want to make sure nobody gets miffed when
they find this out.

----- Original Message ----- 
From: "Small, Jim" <jim.small@xxxxxxx>
To: <openvpn-users@xxxxxxxxxxxxxxxxxxxxx>
Sent: Thursday, June 03, 2004 2:06 PM
Subject: [Openvpn-users] Can OpenVPN be used as "pure" SSL VPN?


> I am looking for an Open Source "pure" SSL VPN.  By "pure", I mean that
> everything/all negotiation occurs over port 443/TCP.  When I looked
through
> the documentation, it looked like OpenVPN requires an open UDP port.  This
> is not possible for my situation.  I have a vendor that only allows ports
> 80/TCP and 443/TCP, no exceptions.  Is it possible to use OpenVPN as an
SSL
> VPN with only port 443/TCP open?
>
> Thanks,
>    <> Jim
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by the new InstallShield X.
> From Windows to Linux, servers to mobile, InstallShield X is the one
> installation-authoring solution that does it all. Learn more and
> evaluate today! http://www.installshield.com/Dev2Dev/0504
> _______________________________________________
> Openvpn-users mailing list
> Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
> https://lists.sourceforge.net/lists/listinfo/openvpn-users
>


____________________________________________
Openvpn-users mailing list
Openvpn-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Follow-Ups:
- Re: [Openvpn-users] Can OpenVPN be used as "pure" SSL VPN?
  - From: Dick St.Peters

References:
- [Openvpn-users] Can OpenVPN be used as "pure" SSL VPN?
  - From: Small, Jim

Prev by Date: Re: [Openvpn-users] Can OpenVPN be used as "pure" SSL VPN?
Next by Date: Re: [Openvpn-users] Can OpenVPN be used as "pure" SSL VPN?
Previous by thread: Re: [Openvpn-users] Can OpenVPN be used as "pure" SSL VPN?
Next by thread: Re: [Openvpn-users] Can OpenVPN be used as "pure" SSL VPN?
Index(es):
- Date
- Thread