Port-sharing with OpenVPN

Printable View

08-27-2009, 07:58 AM
WebFooL

Port-sharing with OpenVPN

I was reading the Change log for the RC19 when i came across this part:

Quote:

--port-share host port
When run in TCP server mode, share the OpenVPN port with another application,
such as an HTTPS server. If OpenVPN senses a connection to its port which is
using a non-OpenVPN protocol, it will proxy the connection to the server at
host:port. Currently only designed to work with HTTP/HTTPS, though it would
be theoretically possible to extend to other protocols such as ssh.
Not implemented on Windows.

I know that Openvpn in untangle use UDP but if the end user hade a choice to use TCP and port-share then one less port would needed to be open.

Or binding it to the remote admin port.

This is just me thinking...
08-27-2009, 08:37 AM
sky-knight

You have 65,535 ports... do you really need to add the overhead of sharing one?
08-27-2009, 09:10 AM
WebFooL

Yes i am aware that UDP and TCP have both 65,535 each.

But in some installations ppl do want to limit open port resposes to as few as possible.

I did not state that i wanted it in untangle or even that it is needed.
I only stated that i was reading the Change log and find that the "port-share" can be a nice feature.

But as you say there are a lot of ports to use.
09-09-2009, 12:51 PM
early

Why is it that by default only UDP is enabled

I am currently using OpenVPN to connect to systems that sit behind a customer's firewall and they block practically every port except for just a few. My plan was to use the Untangle box as a secondary OpenVPN server on TCP port 443 but found that it was limited to UDP ports. I guess I am just trying to understand the reason for this limitation? The fact of the matter is that it would be way too much work to get several hundred customers to create a new firewall rule for a blocked UDP port versus using TCP port 443 which is already open.
09-09-2009, 01:28 PM
sky-knight

Early your issue has nothing to do with the post here. What you're asking for is a GUI enhancement that gives you the option of choosing TCP vs UDP and a working port definition field.

Configuring OpenVPN to do what you want is trivial. Doing it within the confines of UT's GUI is not.

Incidentally, UDP 1194 wasn't arbitrarily chosen. It is the registered port defined for use with by OpenVPN services.