One of the reasons I wanna setup OpenVPN and ocserv
OpenConnect under port 443 is because my university start to blocking ports. Usually port 443 is use as HTTPS protocol, in general firewall dont block it by default.
Solution
Updated April 29 2019
// Openvpn conf
nano /etc/openvpn/server.conf
tcp
port 993
// Openconnect ocserv
nano /etc/ocserv/ocserv.conf
tcp port 4443
listen-proxy-proto = true
// Haproxy conf
nano /etc/haproxy/haproxy.cfg
frontend www-https
bind :::443
mode tcp
tcp-request inspect-delay 5s
tcp-request content accept if { req.ssl_hello_type 1 }
use_backend openvpn if !{ req.ssl_hello_type 1 } !{ req.len 0 }
acl vpn-app req_ssl_sni -i vpn.xx.com
option ssl-hello-chk
use_backend ocserv
backend ocserv
mode tcp
option ssl-hello-chk
server ocserv 127.0.0.1:4443 send-proxy-v2
backend openvpn
mode tcp
server openvpn-vpn 127.0.0.1:993
// End HAProxy conf
References:
- https://github.com/openconnect/recipes/blob/master/ocserv-multihost.md
- https://314es.pl/https-openvpn-and-ssh-on-one-port-thanks-to-haproxy
- https://huataihuang.gitbooks.io/cloud-atlas/service/ssh/sslh_multi_service_in_one_port.html
- https://ocserv.gitlab.io/www/recipes-ocserv-multihost.html
- https://github.com/dlundquist/sniproxy
- https://www.linuxbabe.com/ubuntu/openconnect-vpn-server-ocserv-ubuntu-16-04-17-10-lets-encrypt