Hi!

Our corporate network does have a non-transparent proxy which we need to incorporate on our browser, IM or any other application which supports it to access the web. Now, I do have a remote VPN server which also redirects gateway. Since OpenVPN supports tunneling using a http proxy, I thought of using it. At first, the default OpenVPN port 1194 did not work. I then configured the VPN server to listen to port 443 instead. It worked and I was able to use the proxy of the remote server. I believe this is an encrypted traffic but what I want to know is that how about the DNS queries that I used? Is it possible that it can be logged in squid that I am accessing this sites using the https? But I remember that when I am not connected to the vpn server, when I ping www.yahoo.com, it gets no response since the default DNS server is located on the local network which doesn't even know the IP address of yahoo. I'm just wondering what DNS server is being used when I'm connected to the VPN server. Is it the DNS server of the remote VPN server or passes the squid in resolving address?

Another thing, is there a security issue using port 443 for the OpenVPN server? Thanks.

well whatever is going through the ssl tunnel is encrypted, whatever it is. so if your dns queries are heading down that tunnel then yes it's totally secure. if your dns settings are unchanged and your default route is unchanged (which is what i'd expect) then chances are the queries are still going the same way they did before, which the vpn would know nothing about at all. if you check /etc/resolv.conf you'll see your current dns servers, which you can traceroute to if you aren't sure which network route is taken to them. if the vpn tagged additional name servers to the end of your list, then your queries may still hti the first local servers, fail and go via the vpn dns servers as it reaches them. also though, are you local dns servers actually not resolving things, or is it simply that the firewalls there block the ping requests? very big difference albeit with the same apparent end result to the user.

443 is fine really, obviosuly you're more liekly to get port scanned on that port i guess, but openvpn as a product shoudl be capable of dealing with that. you may wish to only permit certain source addresses to access that port on your firewall / rotuer / server?

acid_kewpie,

Thanks. You've always been helpful. Here's what I notice, when I use Linux the /etc/resolv.conf doesn't change but the routing does. But it still queries the DNS on the local router. But when I use Windows, it forces to query all DNS on the VPN tunnel. I run a snipper on this one and I have confirmed that it is talking to the tunnel. And since the our local network doesn't even have a DNS server so it cannot resolve the a name. Well, OpenVPN is really cool. My other plan is that I wanted to maintain the VPN tunnel in UDP port because its much more in real mode especially if I'm using VOIP or video conference I can say UDP is much faster than TCP. My idea is to just port forward port 443 to a DMZ box which will serve us the gateway for me to access the internet. I can push routes on this machine so that I will be able to use it as a gateway and DNS at the same time. I hope that is possible.

Anyway, thanks a lot.