Amos Shapira wrote: > > Here is a more direct answer than my previous one - OpenVPN can use > SSL over HTTP: No, it cannot.
OpenVPN is an SSL based solution. It usually work over UDP (makes much more sense for a VPN), but can be configured to work with TCP. When working with TCP, it is impossible for firewalls and proxies to know whether it's SSL communication that wraps HTTP communication, or whether it's SSL communication that wraps something else (like, for example, a VPN). As such, when working in TCP mode, you can route OpenVPN traffic over a HTTP proxy (which, essentially, translates to sending a "connect" command to the proxy, and the entire rest of the conversation is performed with the end machine). Of course, in order to complete the illusion that this is just HTTP over SSL (which it isn't), it's best to run OpenVPN on port 443 when running it in TCP mode (which, as I said, is neither the default, nor even recommended if the usual UDP mode works). In this case, the communication is not encrypted. As such, it is no longer possible to pretend this is HTTP. Many firewalls will allow TCP connections to port 80 through. Many others won't. Check Point, for example, has a HTTP mini-proxy inside the kernel. Shachar ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
