Pages

Tuesday, 27 December 2011

OpenVPN ALS

Hi all, I know OpenVPN-ALS is now discontinued, but it works very well and I needed a way to put an OpenVPN-ALS behind a reverse proxy to allow multiple HTTPS/SSL access with a single IP address. The main OpenVPN-ALS part works without problem behind a reverse proxy (Apache). The real challenge was to get the agent running. I got it running by sending an "HTTP CONNECT" to the reverse proxy to allow the agent to communicate directly with the server. I wrote a patch (a lot of files to modify) to allow the configuration of the reverse proxy in the user profile (like the forward proxy). Everything is working perfectly (with or without forward proxy). When you work with a forward proxy, the agent will send 2 "HTTP CONNECT", one to the forward proxy and a second one to the reverse proxy, to open a tunnel to the server. To get everything running, you need a recent version of Apache (with SNI support), openssl with SNI support and a patch to Apache to allow "HTTP CONNECT" through a SSL virtual host. If somebody is interested in such a solution, drop a line on the forum or the mailinglist and I'll try to build a clean patch and write some generic instructions.

from http://sourceforge.net/projects/openvpn-als/forums/forum/824508/topic/3864727
http://sourceforge.net/projects/openvpn-als,
http://sourceforge.net/projects/openvpn-als/files/
---------------------------------------------
Consider setting up Adito - now, it's been three years since the last update (and also three years since they've intended to start renaming it "OpenVPN ALS") but still works great.
Adito is a web-based SSL VPN; it works through the browser and uses browser Java applets to create port-by-port tunnels. Traffic looks like SSL HTTP. It has a lot of other features too, like comprehensive access control and a file manager.
I successfully used this to RDP into my home computer from my restricted school environment. I continue to use it a lot to RDP into my home computer from work