Most often it’s used to add an encryption layer to non-encrypted server applications. Stunnel is a very useful piece of software: it allows to set up an encrypted SSL/TLS tunnel between two arbitrary endpoints. ![]() Technically this is not an optimal VPN configuration, but it’s a requirement for our intended setup. Note however that the VPN must be using TCP for its connections (instead of the default UDP). Sometimes it’s as easy as clicking a few buttons (NAS, routers, etc.) For the remainder of this post, I’ll suppose the openvpn-server is listening on an internal server reachable as “ vpnserver:1194”. ![]() The web is full of excellent HOWTOs explaining how to set up OpenVPN on almost any platform. All of this on the standard SSL-port 443 and a single IP. A total of three subdomains are supposed to point to the public IP of the server: one for the VPN service (“”) and two for various other self-hosted web services (“ ” and “ ”). The example setup is for a registered domain called “ ”. You may use your own domain or open an account at one of the numerous “dynamic DNS” providers. ![]() I’m simply documenting my own setup, feel free to run the openvpn-server on the Pi too.)Īn obvious prerequisite is to have a public IP address for your server (i.e. All of this is implemented on a Raspberry Pi! (Except for the actual VPN-server, but that’s the least interesting part of the whole setup anyway.This is achieved through port-sharing implemented by sniproxy. Port 443 is still available for regular https-hosting.This “stunneled” VPN-connection is exposed to the outside world on port 443 (which is often the only non-blocked port available).OpenVPN-traffic is encapsulated in regular SSL/TLS in order to hide it from intrusive firewalls (doing Deep Packet Inspection).a hotel wifi or some free municipal wifis but think twice before messing with your employer’s corporate network or even the Great Firewall of China.) A server at home (on an unrestricted line) acts as an OpenVPN-server, while the client is connected to a very restrictive network (e.g.I get connected, but then it instantly drops. ![]() I tried setting the 'redirect-gateway' and pushing DNS servers to the client, but when I do that I am not able to get a session open. I tried setting the wireless adapter to use Google's DNS servers, but when I do that I just get timeouts on lookups. I noticed he started pushing DNS servers through DHCP and my adapter was configured to use auto configured DNS servers. I assumed all traffic would go through the VPN but apparently that is not the case. It has been working great until recently when he started proxying DNS requests. To get around this I have been using stunnel to encapsulate the OpenVPN connection. He claims it is for security reasons, despite my protest that I need to be able to use a VPN for my own security. That wasn't enough though, because the school's sysadmin has decided to block OpenVPN connections. My school insists on using an open network for the campus's wireless, so I've been forced to use a VPN while at school to protect my privacy.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |