I had an issue with running Openvpn over UDP in my college network. The firewall was dropping UDP connections. As http and https were working fine and assuming that the firewall was inspecting packet header, I tried to run Openvpn over a https tunnel using stunnel. I was not successful because Openvpn was using UDP. So, I got openvpn to use TCP and it worked. But, later I found that the firewall was allowing all TCP connections (and was not insepcting packet headers) and I was able to run Openvpn without the https tunnel.
My question is: Why Openvpn did not work over https tunnel while it was using UDP protocol? and Why did it work with TCP over the same https tunnel? Is it not the TCP packets that carry https traffic and not https carrying TCP or UDP packets? To put my question in a different way: by default https is run over TCP, so why should https make a fuss (as it just creates a transit tunnel) when it is made to carry UDP packets and not TCP?
Best Answer
From the stunnel FAQ :
Can I forward UDP services over stunnel?
As described thus far, no. Stunnel works with SSL, which runs only on TCP. There are ways to forward UDP packets over TCP, and in principle these should be able to work over stunnel.
SSL is a connection oriented protocol, while UDP is connection-less. Therefor you can not forward udp over TCP.