Wireless Access

Reply
Occasional Contributor II

Block OpenVPN Outbound on Port 443

I'm trying to understand deep packet inspection more.  let's say you have a wifi client on your network and you only allow 80 and 443 out to the internet.  Let's say that a wifi client has Openvpn installed on their device and it is configured to connect to 443 at the remote site.  Just curious if the Aruba controller is smart enough to say, "aha, that is openvpn-type traffic even though it just looks like TCP 443 traffic"  ...hope that makes sense.

Guru Elite

Re: Block OpenVPN Outbound on Port 443

It is supposed to detect the OpenVPN handshake.  It is possible that other VPNs with the same handshakes will be blocked as well.

 

I personally have not tested the different flavors of OpenVPN with Apprf.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II

Re: Block OpenVPN Outbound on Port 443

Thanks.  It's supposed to block the handshake regardless of the destination port and tcp/udp?  If I get around to testing it I'll post my results back on this post, thanks.

Occasional Contributor II

Re: Block OpenVPN Outbound on Port 443

Ok, FWIW I got around to testing this and it appears that if you use an application firewall rule and specify block "openvpn" it will NOT block my android phone running OpenVPN connect app which connects outbound on port TCP443 (so it slips past most firewalls).  I was hoping this next-gen Aruba firewall would be smart enough to sniff out OpenVPN traffic over TCP 443 outbound but apparently not unless somebody knows some other trick/setting I'm issing?  Thanks.

Guru Elite

Re: Block OpenVPN Outbound on Port 443

Can you open a TAC case so we can  take a look at your setup?



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II

Re: Block OpenVPN Outbound on Port 443

Before calling TAC, I tinkered some more and after tinkering some more I got it working so I apologize: the next-gen firewall IS smart enough to block OpenVPN on TCP 443 outbound, cool.

Guru Elite

Re: Block OpenVPN Outbound on Port 443

Can you please detail your policy and client setup, so others can benefit?

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP

Re: Block OpenVPN Outbound on Port 443

Great!  That make you the expert, so please share what you did.

--Matthew

if I've helped, please give kudos
if I've provided a solution, please mark the solution so others can find it
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: