On Dec 17, 2007 1:53 AM, dingchengyin 45702 <dingcheng...@huawei.com> wrote:
> Hey,
> I think you all have noticed that the TLS handshake procedure of openvpn
> client with server is different with the standard OpenSSL TLSv1 handshake
> procedure that with normal SSL/TLS browser with server.
> Since I'm using open in a HTTP Proxy + NetApp NetCache network. The
> NetCache act as a transparent proxy, If I set my Openvpn server's listen
> port to TCP 443 or port 80, then the client cannot connect to the server ,
> after the first packet sent to server, the NetCache disconnect the TCP
> connection. This problem will not appear when I set the server listen on
> other ports like 1194.
> This shouldn't be a big problem while I can connect to Internet, but
> when I work in a Private network that only can go out though a HTTP Proxy,
> then there are problems: the 80/443 port are the only two ports that allowed
> to pass the filter of the proxy, while the NetCache will interrupt me from
> connect to the server.
> Can we make the TLSv1 connection initialization process the same as the
> OpenSSL library do, I mean there should be a Client Hello first ,then the
> server reply with its certificate until it's encrypted on both direction.
> Then we can send what ever data we want, right?
Have you configured OpenVPN's client side to be aware of the proxy
server or not?
I've had a similar issue when I forgot to configure the clients to
I stand corrected but I think OpenVPN changes its handshaking slightly
when its configured to be used as a client /BEHIND/ a proxy server.
Assuming that it would pass through just any http(s) proxy when
the server side port is 443/80 is flawed logic.
Yes OpenVPN is a TLS/SSL VPN but this does not justify assuming that
it works the same way as https.
Try re-configuring you're client side to be aware of the proxying
host, I'm sure that you will probably have a vastly improved
experience.
