>>>> 2) configure the client and server to use an alternate port >>>> >> From http://openvpn.net/howto.html#server: >> >> proto tcp #library blocks UDP >> port 443 #library allows this port >> comp-lzo #compression on >> user nobody >> group nobody > > Actually, I'd just need to modify the forwarding rules at the > router. But since you mention it, are you sure the library blocks > UDP? How can we verify whether the library does or doesn't? I assumed it did. It would make sense but we would have to try it to make sure. netcat is good tool to have around: http://m.nu/program/util/netcat/netcat.html UDP would be better for the tunneling. There are known issues concerning TCP-over-TCP, but if that is the only option... http://sites.inka.de/sites/bigred/devel/tcp-tcp.html
> > Also, can OpenVPN listen on two different ports, e.g. 1194 and 443, > at the same time? I've looked through the options in the manpage[1], > but don't see a clear answer whether yes or no. This is more a > curiosity than anything else. I guess one could always start more > than one server, no? As of version 2, it can without starting multiple servers manually. You can also add a second /etc/openvpn/config.conf file and the startup script will pick it up. It is however a bad idea to do this with a single static key for routing reasons (there is still only one routing table and no way to differentiate the clients). However, you could use the firewall to port forward 1194->443 or vice versa. Browsing the man page, did you notice that OpenVPN support http proxy tunneling as an option. I hadn't seen that before... >> You want to do this on the eMachine, correct? > To start with, yes. But since the client (like the server) will be > with Knoppix + PDI, I don't see any reason why it cannot be ported to > any other machine with one wireless NIC and one wired NIC, for > example, a low-end laptop. > >> I recommend using a firewall rule builder under Linux and tweak the >> resulting rules as necessary. > > Any recommendations? I had a look on the Knoppix CD and didn't see > one. But maybe I overlooked it. http://www.fwbuilder.org/ is a big one. It also includes rule "cross- compilers" so that you could generate rules from your description for ipfw, iptables, ipchains, pf automatically. Debian has it in its apt repository as "fwbuilder". Cheers, M |-|-|-|-|-|-|-|-|-|-|-|-|-|-|-|-|-|-|-|-|-|-|-|-|- AgentM [EMAIL PROTECTED] |-|-|-|-|-|-|-|-|-|-|-|-|-|-|-|-|-|-|-|-|-|-|-|-|- _______________________________________________ CWE-LUG mailing list [email protected] http://www.cwelug.org/ http://www.cwelug.org/archives/ http://www.cwelug.org/mailinglist/
