I have a need to utilize OpenVPN in a Server/multi-Client, TCP, TUN mode on port 443. OpenVPN generally works fine but I’ve recently had a need to pass this traffic through a firewall with stateful packet inspection (that can’t be circumvented). The firewall complains that the traffic does not comply with section 7.4.1.2 of RFC-2246 (The TLS protocol) which states that a “client hello” must be sent as the client’s first message. The traffic is dropped as a result. I don’t see any obvious OpenVPN configuration changes that would affect this behavior. Is there anything I can do, from a configuration perspective, to cause the OpenVPN client to send the “client hello”? Not sure if this would be the only (or just the first) obstacle in getting through the SPI.
Thanks, Randy
