Can you run a VPN connection over HTTP?
Solution 1
Let's start. I preferOpenVPN
solutions
OpenVPN Access Server supports a wide range of configurations, including secure remote access to internal network and/or private cloud network resources and applications with fine-grained access control. It has a mobile app for Android and iOS, so that you can access the VPN server from your smartphones too.
Install OpenVPN AS on Ubuntu/Debian
OpenVPN AS is quite easy to install and configure compared to other VPN servers.
Download the latest version of OpenVPN AS with the following commands.
wget http://swupdate.openvpn.org/as/openvpn-as-1.8.5-Ubuntu12.amd_64.deb
Install it with the following command:
xx@server1:~$ sudo dpkg -i openvpn-as-1.8.5-Ubuntu12.i386.deb
[sudo] password for xx:
Selecting previously unselected package openvpn-as.
(Reading database ... 53813 files and directories currently installed.)
Unpacking openvpn-as (from openvpn-as-1.8.5-Ubuntu12.i386.deb) ...
Setting up openvpn-as (1.8.5-Ubuntu12) ...
The Access Server has been successfully installed in /usr/local/openvpn_as
Configuration log file has been written to /usr/local/openvpn_as/init.log
Please enter "passwd openvpn" to set the initial
administrative password, then login as "openvpn" to continue
configuration here: https://ip-address:943/admin
To reconfigure manually, use the /usr/local/openvpn_as/bin/ovpn-init tool.
Access Server web UIs are available here:
Admin UI: https://ip-address:943/admin
Client UI: https://ip-address:943/
Now OpenVPN AS has been installed.
Setup OpenVPN Admin User and Password
During installation, a default Admin user called openvpn will be created by OpenVPN AS. Set the password for the user openvpn with the following command:
xx@server1:~$ sudo passwd openvpn
Accessing Admin Web UI
You can access the OpenVPN Access Server Admin UI with the URL https://ip-address:943/admin/
from your browser. If you want to access it from your remote systems, allow the port 943
through your router/firewall.
A SSL warning message will appear, ignore the warning by click On the Proceed anyway button. You will be prompted to enter username and password. Enter openvpn as your username with password that you have created earlier.
After login click on Agree
to accept the License Agreement.
Now you will able to access the OpenVPN
Administration Console. In this Admin Console, you can do various VPN administration things. Go through every menu/tab and change the required values as per your liking, although default settings will work fine.
On the left panel on the page go to Server Network Settings
.
Change TCP Port number
to 80
Change UDP Port number
to 80
Click save settings and on Update Running Server
This is it, our server running only on port 80
but use tcp
and udp
protocols.
Client setting
Create new user on sistem
sudo useradd vpnvpn
do not use adduser
because you not need /home/vpnvpn
folder ...
Set passwd for user
sudo passwd vpnvpn
Navigate to https://ip-address:943/
from your browser and login with OpenVPN with u: vpnvpn
and p: vpnvpn
On new page go to link on it Yourself (user-locked profile)
. You will download client.ovpn
Install openvpn
package in your client system:
yy@yy:~$ sudo apt-get install openvpn
Now connect to VPN server with following command:
yy@yy:~$ sudo openvpn --config Downloads/client.ovpn
Thu Jun 27 11:36:43 2013 OpenVPN 2.2.1 x86_64-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Feb 13 2013
Enter Auth Username:vpnvpn
Enter Auth Password:
Thu Jun 27 11:36:50 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
Thu Jun 27 11:36:50 2013 Control Channel Authentication: tls-auth using INLINE static key file
-- omitted the rest --
End. You have vpn
server on port 80
On admin
you can change a lot of parameters aka network range, routing, etc.
Solution 2
SoftEther VPN runs its VPN protocol over HTTP/HTTPS, specifically so you can tunnel through proxy firewalls that only pass well-formed HTTP traffic. I think that this is what you want.
OpenVPN can be configured to camaflogue its traffic over HTTP, but in practice this can be hard to do. (I do not think that @2707974's answer will get you there; you need to add the http-proxy configuration as documented on the OpenVPN site.)
Related videos on Youtube
Roland Kofler
Software architect, startup founder, data scientist, Ethereum developer
Updated on September 18, 2022Comments
-
Roland Kofler over 1 year
Is it possible to connect to a VPN Server having a tunnel over port 80, thus eliminating all the port blockings of a firewall?
-
Roland Kofler about 8 yearsPick your poison, just want an explanation how it is done
-
Thomas Ward about 8 yearsCan you? Possibly with OpenVPN. Should you? Absolutely not - port 80 is a target for HTTP traffic on the universe and you may get some nasty evils that may break OpenVPN. You really should not run VPNs on HTTP ports.
-
neutrinus over 7 yearsIf your firewall uses DeepPacketInspection, you may want something that uses http like in question: serverfault.com/questions/163768/vpn-through-only-http/…
-
hraban about 5 yearsTo counter @ThomasWard's point; You absolutely can run openvpn on port 80, without any trouble. Your server won't be able to serve HTTP traffic, but it's a great (and totally legit) way to get around draconian firewalls. Standard ports are just defaults, but there's nothing magic about them. Feel free to mix and match! OpenVPN can handle it.
-