WebSocket based VPN instead of OpenVPN?

scscsc · June 26, 2024, 3:52pm

We deploy to a lot of very restrictive corporate networks where outbound traffic is inspected (even if still encrypted) and many of those outbound gateways can tell the differences between HTTP over TLS and OpenVPN using port 443.

Would be great to have support for GitHub - Doridian/wsvpn: VPN over WebSocket and WebTransport or some other VPN that uses proper HTTP WebSockets instead of OpenVPN. Has this been considered?

This thread seems similarly resolved by adding support for this:

krix · July 4, 2024, 7:33am

We have the same issue: Customers where VPN traffic is blocked due to SSL inspection.
For example with firewall product ZScaler.

scscsc · July 9, 2024, 5:17pm

I get that OpenVPN handles a bunch of funky routing on both the edge side and the balena-vpn server side, but I don’t see the edge doing anything that isn’t easily doable over a standard WebSocket, and a standard WebSocket would be fully compliant with virtually any corporate firewall or MITM requirement…

scscsc · July 10, 2024, 3:30pm