WebSocket based VPN instead of OpenVPN?

scscsc · June 26, 2024, 3:52pm

We deploy to a lot of very restrictive corporate networks where outbound traffic is inspected (even if still encrypted) and many of those outbound gateways can tell the differences between HTTP over TLS and OpenVPN using port 443.

Would be great to have support for GitHub - Doridian/wsvpn: VPN over WebSocket and WebTransport or some other VPN that uses proper HTTP WebSockets instead of OpenVPN. Has this been considered?

This thread seems similarly resolved by adding support for this:

krix · July 4, 2024, 7:33am

We have the same issue: Customers where VPN traffic is blocked due to SSL inspection.
For example with firewall product ZScaler.

scscsc · July 9, 2024, 5:17pm

I get that OpenVPN handles a bunch of funky routing on both the edge side and the balena-vpn server side, but I don’t see the edge doing anything that isn’t easily doable over a standard WebSocket, and a standard WebSocket would be fully compliant with virtually any corporate firewall or MITM requirement…

scscsc · July 10, 2024, 3:30pm

Topic		Replies	Views
Access to Balena cloud on networks with VPN blocking Product support	8	950	February 22, 2021
Routing all TCP traffic via proxy balenaOS network	2	651	September 26, 2023
Firewalled Endpoints IP Source Product support network	1	154	April 16, 2024
balenaCloud outages: their causes and what we’re doing to resolve them Discussions	5	682	February 1, 2022
Question on connection security balenaOS	3	487	October 14, 2019

WebSocket based VPN instead of OpenVPN?

Related topics