13
7
I'm currently in the situation of attempting to setup OpenVPN on a personal VPS, for connection primarily through an overly restrictive firewall. All of the setups mentioned below work when used through a reasonably-firewalled connection.
I have tried:
- OpenVPN running on the standard port
- OpenVPN running on port 443 (I start OpenVPN manually from the command line on the VPS and see that the server reports the connection being closed almost immediately, I assume this is a result of DPI on the firewall)
- STunnel running on port 443 to access OpenVPN and evade DPI. This is the most successful and allows a connection and internet access through the VPN for ~10-20 seconds, before the connection is forcibly closed.
Is there anything else I can attempt?
1Dear lord, what "personal VPS" provider do you have that goes to such lengths to prevent you from running a VPN?! Also, it isn't clear if you are trying to use the VPS as an OpenVPN server, or if you want to make it the client? – allquixotic – 2012-09-25T20:42:43.803
Woops! I should have been more clear. The VPS provider is Linode, and they definitely aren't blocking anything. ;) The problem is that I'm connecting to the VPN from a client (my laptop) whose internet access is severely firewalled. – R.L. Stine – 2012-09-25T20:52:35.047
1A VPN solution in general is going to be fairly easily detected by anything that does stateful packet inspection, as you hinted. The forceful disconnection could be due to traffic analysis methods looking at the https connection of stunnel and going "wait a minute, standard HTTP request/response connections aren't nearly that chatty!" -- in essence you are stuck. You could try an HTTPS proxy though; maybe something where you pass the request as an HTTP body (over SSL) to a servlet and it forwards your request... o_O – allquixotic – 2012-09-25T21:07:17.317
3You may want to keep in mind that bypassing restrictions implemented by a company firewall are likely a violation of company policy. I suggest you talk to the firewall admin about the issue. – Ansgar Wiechers – 2012-09-25T22:57:20.333