Hey,
I think you all have noticed that the TLS handshake procedure of openvpn
client with server is different with the standard OpenSSL TLSv1 handshake
procedure that with normal SSL/TLS browser with server.
Since I'm using open in a HTTP Proxy + NetApp NetCache network. The
NetCache act as a transparent proxy, If I set my Openvpn server's listen
port to TCP 443 or port 80, then the client cannot connect to the server ,
after the first packet sent to server, the NetCache disconnect the TCP
connection. This problem will not appear when I set the server listen on
other ports like 1194.
This shouldn't be a big problem while I can connect to Internet, but
when I work in a Private network that only can go out though a HTTP Proxy,
then there are problems: the 80/443 port are the only two ports that allowed
to pass the filter of the proxy, while the NetCache will interrupt me from
connect to the server.
Can we make the TLSv1 connection initialization process the same as the
OpenSSL library do, I mean there should be a Client Hello first ,then the
server reply with its certificate until it's encrypted on both direction.
Then we can send what ever data we want, right?
