Endian Knowledge Base
Search:     Advanced search
Browse by category:
Endian Knowledge Base / Tips&Tricks / Connecting to OpenVPN from behind (quite) any firewall through Port 80

Connecting to OpenVPN from behind (quite) any firewall through Port 80
Print
Email to friend
Add comment
Views: 3924
Votes: 0
Comments: 0
Posted: 12 Mar, 2007
by: Pitschl L.
Updated: 04 Dec, 2008
by: Warasin P.
This little how-to will show you, how to connect to your vpn through a firewall on port 80 (mostly not locked, as else no web access was possible)

Requirements:

  • Endian Firewall
  • Basic Configuration Knowledge

Steps before you leave home:

  1. Login to your Endian Firewall Web Interface
  2. Go to the "Firewall"-Tab and click on "Port Forwarding" in the menu, at your left
  3. Add a new Rule with following properties:
    • Port on Red: 80
    • Destination IP: <IP of your firewall> (ex. 192.168.0.15)
    • Destination Port: <Port which your openvpn server listens to>
    • Click on Add, an voila
  4. Go to the "VPN"-Tab and click on "Openvpn Server" in the menu at your left
  5. Change protocol to "TCP" (UDP might work, please report if it does)
  6. Click on the edit option of your openvpn user
  7. In the section "Client Routing" activate the "use firewall as default gateway" checkbox
  8. Save and done!

Steps when your at a club and urgently need some very private files from your local network at home:
  1. Change the Settings of your openvpn client
  1. Using Endian VPN-Client:
    • Click on "Properties"
    • Select the "Profile" you want to use
    • Click on the "Advanced" tab
    • Port: 80
    • Protocol: TCP (UDP might work as well, though haven't tried)
  2. Manual configuration of the vpn.conf file
    1. Look for the line beginning with 'remote' and change it like this:
      < remote myhost.com 119
      > remote myhost.com 80
    2. Look for the line beginning with 'proto' and change it like this (again, udp might work as well):
      < proto udp
      > proto tcp
Click connect and hope the best

For Mac Users

We're kinda used to this things, that mac os x always has to do things differently and in a "smarter" way, so of course this applies to the DNS resolution as well. In OS X each "Location" may have different dns entries which are managed by a daemon called lookupd. This daemon simply ignores any manual changes to /etc/resolv.conf, so we can't set the firewall as dns server.

To bypass this problem, execute the following steps:
  1. Open "System Preferences.app"
  2. Select the "Network" option
  3. Choose the "Location" and "Device" you're connected to the Internet with
  4. Enter the IP of your firewall as dns server entry in "DNS-Server"
  5. Click on "Apply" on you're done!
  6. Enjoy the World Wide Web with no port locks what so ever!
Also read
document The described feature is not on my Endian Firewall. Why?

Others in this Category
document How to reach Endian Firewall via SSH if a fresh installation does not boot and I would like to reach the machine when the installer finished to install all packages?
document How to generally allow traffic from BLUE or ORANGE to GREEN?
document How to fix translation errors on launchpad and install the bleeding edge language files from launchpad?
document How to add custom cron jobs
document How to resend a quarantined mail from the local quarantine?
document How to change the admin password if i have only shell access?
document How to block skype?
document My /boot partition is to small for the kernel updates, How to resize it?


RSS
Powered by KnowledgebasePublisher (Knowledgebase software)