Can you run a VPN connection over HTTP?

vpn firewall

12,713

Solution 1

Let's start. I preferOpenVPN solutions

OpenVPN Access Server supports a wide range of configurations, including secure remote access to internal network and/or private cloud network resources and applications with fine-grained access control. It has a mobile app for Android and iOS, so that you can access the VPN server from your smartphones too.

Install OpenVPN AS on Ubuntu/Debian

OpenVPN AS is quite easy to install and configure compared to other VPN servers.

Download the latest version of OpenVPN AS with the following commands.

wget http://swupdate.openvpn.org/as/openvpn-as-1.8.5-Ubuntu12.amd_64.deb

Install it with the following command:

xx@server1:~$ sudo dpkg -i openvpn-as-1.8.5-Ubuntu12.i386.deb
[sudo] password for xx: 
 Selecting previously unselected package openvpn-as.
 (Reading database ... 53813 files and directories currently installed.)
 Unpacking openvpn-as (from openvpn-as-1.8.5-Ubuntu12.i386.deb) ...
 Setting up openvpn-as (1.8.5-Ubuntu12) ...
 The Access Server has been successfully installed in /usr/local/openvpn_as
 Configuration log file has been written to /usr/local/openvpn_as/init.log
 Please enter "passwd openvpn" to set the initial
 administrative password, then login as "openvpn" to continue
 configuration here: https://ip-address:943/admin
 To reconfigure manually, use the /usr/local/openvpn_as/bin/ovpn-init tool.

Access Server web UIs are available here:

Admin UI: https://ip-address:943/admin

Client UI: https://ip-address:943/

Now OpenVPN AS has been installed.

Setup OpenVPN Admin User and Password

During installation, a default Admin user called openvpn will be created by OpenVPN AS. Set the password for the user openvpn with the following command:

 xx@server1:~$ sudo passwd openvpn

Accessing Admin Web UI

You can access the OpenVPN Access Server Admin UI with the URL https://ip-address:943/admin/ from your browser. If you want to access it from your remote systems, allow the port 943 through your router/firewall.

A SSL warning message will appear, ignore the warning by click On the Proceed anyway button. You will be prompted to enter username and password. Enter openvpn as your username with password that you have created earlier.

After login click on Agree to accept the License Agreement.

Now you will able to access the OpenVPN Administration Console. In this Admin Console, you can do various VPN administration things. Go through every menu/tab and change the required values as per your liking, although default settings will work fine.

On the left panel on the page go to Server Network Settings. Change TCP Port number to 80 Change UDP Port number to 80

Click save settings and on Update Running Server

This is it, our server running only on port 80 but use tcp and udp protocols.

Client setting

Create new user on sistem

 sudo useradd vpnvpn

do not use adduser because you not need /home/vpnvpn folder ... Set passwd for user

 sudo passwd vpnvpn

Navigate to https://ip-address:943/ from your browser and login with OpenVPN with u: vpnvpn and p: vpnvpn

On new page go to link on it Yourself (user-locked profile). You will download client.ovpn

Install openvpn package in your client system:

yy@yy:~$ sudo apt-get install openvpn

Now connect to VPN server with following command:

yy@yy:~$ sudo openvpn --config Downloads/client.ovpn 
 Thu Jun 27 11:36:43 2013 OpenVPN 2.2.1 x86_64-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Feb 13 2013
Enter Auth Username:vpnvpn
Enter Auth Password:
 Thu Jun 27 11:36:50 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables
 Thu Jun 27 11:36:50 2013 Control Channel Authentication: tls-auth using INLINE static key file
  -- omitted the rest --

End. You have vpn server on port 80

On admin you can change a lot of parameters aka network range, routing, etc.

Solution 2

SoftEther VPN runs its VPN protocol over HTTP/HTTPS, specifically so you can tunnel through proxy firewalls that only pass well-formed HTTP traffic. I think that this is what you want.

OpenVPN can be configured to camaflogue its traffic over HTTP, but in practice this can be hard to do. (I do not think that @2707974's answer will get you there; you need to add the http-proxy configuration as documented on the OpenVPN site.)

12,713

Roland Kofler

Software architect, startup founder, data scientist, Ethereum developer

Updated on September 18, 2022

Comments

Roland Kofler over 1 year

Is it possible to connect to a VPN Server having a tunnel over port 80, thus eliminating all the port blockings of a firewall?
- Roland Kofler about 8 years
  
  Pick your poison, just want an explanation how it is done
- Thomas Ward about 8 years
  
  Can you? Possibly with OpenVPN. Should you? Absolutely not - port 80 is a target for HTTP traffic on the universe and you may get some nasty evils that may break OpenVPN. You really should not run VPNs on HTTP ports.
- neutrinus over 7 years
  
  If your firewall uses DeepPacketInspection, you may want something that uses http like in question: serverfault.com/questions/163768/vpn-through-only-http/…
- hraban about 5 years
  
  To counter @ThomasWard's point; You absolutely can run openvpn on port 80, without any trouble. Your server won't be able to serve HTTP traffic, but it's a great (and totally legit) way to get around draconian firewalls. Standard ports are just defaults, but there's nothing magic about them. Feel free to mix and match! OpenVPN can handle it.