Can you run a VPN connection over HTTP?
Is it possible to connect to a VPN Server having a tunnel over port 80, thus eliminating all the port blockings of a firewall?
52 Answers
Let's start. I preferOpenVPN solutions
OpenVPN Access Server supports a wide range of configurations, including secure remote access to internal network and/or private cloud network resources and applications with fine-grained access control. It has a mobile app for Android and iOS, so that you can access the VPN server from your smartphones too.
Install OpenVPN AS on Ubuntu/Debian
OpenVPN AS is quite easy to install and configure compared to other VPN servers.
Download the latest version of OpenVPN AS with the following commands.
wget Install it with the following command:
xx@server1:~$ sudo dpkg -i openvpn-as-1.8.5-Ubuntu12.i386.deb
[sudo] password for xx: Selecting previously unselected package openvpn-as. (Reading database ... 53813 files and directories currently installed.) Unpacking openvpn-as (from openvpn-as-1.8.5-Ubuntu12.i386.deb) ... Setting up openvpn-as (1.8.5-Ubuntu12) ... The Access Server has been successfully installed in /usr/local/openvpn_as Configuration log file has been written to /usr/local/openvpn_as/init.log Please enter "passwd openvpn" to set the initial administrative password, then login as "openvpn" to continue configuration here: To reconfigure manually, use the /usr/local/openvpn_as/bin/ovpn-init tool.
Access Server web UIs are available here:
Admin UI:
Client UI: Now OpenVPN AS has been installed.
Setup OpenVPN Admin User and Password
During installation, a default Admin user called openvpn will be created by OpenVPN AS. Set the password for the user openvpn with the following command:
xx@server1:~$ sudo passwd openvpnAccessing Admin Web UI
You can access the OpenVPN Access Server Admin UI with the URL from your browser. If you want to access it from your remote systems, allow the port 943 through your router/firewall.
A SSL warning message will appear, ignore the warning by click On the Proceed anyway button. You will be prompted to enter username and password. Enter openvpn as your username with password that you have created earlier.
After login click on Agree to accept the License Agreement.
Now you will able to access the OpenVPN Administration Console. In this Admin Console, you can do various VPN administration things. Go through every menu/tab and change the required values as per your liking, although default settings will work fine.
On the left panel on the page go to Server Network Settings.
Change TCP Port number to 80Change UDP Port number to 80
Click save settings and on Update Running Server
This is it, our server running only on port 80 but use tcp and udp protocols.
Client setting
Create new user on sistem
sudo useradd vpnvpndo not use adduser because you not need /home/vpnvpn folder ...
Set passwd for user
sudo passwd vpnvpnNavigate to from your browser and login with OpenVPN with u: vpnvpn and p: vpnvpn
On new page go to link on it Yourself (user-locked profile). You will download client.ovpn
Install openvpn package in your client system:
yy@yy:~$ sudo apt-get install openvpnNow connect to VPN server with following command:
yy@yy:~$ sudo openvpn --config Downloads/client.ovpn Thu Jun 27 11:36:43 2013 OpenVPN 2.2.1 x86_64-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20110424-2 (2.2RC2)] built on Feb 13 2013
Enter Auth Username:vpnvpn
Enter Auth Password: Thu Jun 27 11:36:50 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables Thu Jun 27 11:36:50 2013 Control Channel Authentication: tls-auth using INLINE static key file -- omitted the rest --End. You have vpn server on port 80
On admin you can change a lot of parameters aka network range, routing, etc.
SoftEther VPN runs its VPN protocol over HTTP/HTTPS, specifically so you can tunnel through proxy firewalls that only pass well-formed HTTP traffic. I think that this is what you want.
OpenVPN can be configured to camaflogue its traffic over HTTP, but in practice this can be hard to do. (I do not think that @2707974's answer will get you there; you need to add the http-proxy configuration as documented on the OpenVPN site.)
