Hi, On Thu, Mar 19, 2026 at 06:30:53PM +0100, Jochen Bern wrote: > I'd like to disagree with Gert and Jans "nobody's done it yet" statements > for the TCP variant, too: > > https://www.nocrew.org/software/httptunnel.html
I wasn't saying "nobody has done tunneling of things over http or ssl or
https yet". Or DNS, for that matter.
I was saying "nobody has implement https proxy support *in OpenVPN* yet"
("openvpn --https-proxy myhomeserver:443 --remote myhomeserver:1194").
This is not "technologically hard" ("nobody could ever do this"), but
it might not be fully trivial to get done in OpenVPN. Much of the code
expects a client socket to be "a socket", not "an openssl interface"
(so maybe another way could be to approach this by having an external
program deal with the https proxying, and interface to it using a
socketpair). Someone who wants this needs to look into the sources and
see how complicated it is, and then discuss implementation strategies
with the dev team.
I won't invest time into this - if I want an OpenVPN server run on port
443, I run an OpenVPN server on Port 443 :-) (next to the OpenSSH server
on port 443). IPv6 gives me sufficient IP addresses to sidestep the need
to run multiple services on the same IP+443. (If it turns out I'm stuck
in an IPv4 environment and my LTE hotspot isn't working either, I have
OpenVPN on udp/53 and SSH on tcp/443, which usually is good enough to
get me out)
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany [email protected]
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Openvpn-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-users
