Ssh – OpenVPN – port-share’ing with OpenSSH

openvpnssh

Is it possible to share the same port and ip between OpenVPN (2.2.1) and OpenSSH (5.3) daemons using OpenVPN's share-port option ?

I can't get it to work.. I have openssh listening on all interfaces to port 22 , and an openvpn daemon using TCP protocol on port 443. I've added:

port-share 127.0.0.1 22

To the conf file that starts that particular openvpn daemon, and restarted it – it starts without errors. But then when I try to ssh into that ip and port from elsewhere in the network it stops:

ssh -v -p443 user@host
OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Applying options for *
debug1: Connecting to host [123.123.123.123] port 443.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/identity type -1
debug1: identity file /root/.ssh/id_rsa type 1
debug1: identity file /root/.ssh/id_dsa type 2
debug1: loaded 3 keys

Is there something I'm missing ? Obviously the port is unblocked, and openvpn continues to work on that port.. I haven't been able to find a working example of OpenVPN + OpenSSH port sharing in my searches, can anyone help ?

Best Answer

The man page I see says that this only works with http/https. Unless you have found a patch or something I am not aware of?

Man OpenVPN

--port-share

When run in TCP server mode, share the OpenVPN port with another application, such as an HTTPS server. If OpenVPN senses a connection to its port which is using a non-OpenVPN protocol, it will proxy the connection to the server at host:port. Currently only designed to work with HTTP/HTTPS, though it would be theoretically possible to extend to other protocols such as ssh.

Not implemented on Windows.

Related Topic