Whenever I try to establish an OpenVPN connection on port 443, it is intercepted by the https-proxy. This is to be expected. However the ssl handshake fails if the remote openvpn-server uses a self-signed certificate, I can see this in the https-proxy live-log:

httpproxy[3830]: [0xad331a10] ssl_log_errors (ssl.c:41) C: 3830:error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol:s23_srvr.c:562:.
httpproxy[3830]: [0xb360c9c8] ssl_log_errors (ssl.c:41) C: 3830:error:140ED0E5:SSL routines:SSL23_PEEK:ssl handshake failure:s23_lib.c:165:

The OpenVPN-log shows:
Thu Feb 05 19:49:26 2009 Connection reset, restarting [-1]
Thu Feb 05 19:49:26 2009 TCP/UDP: Closing socket

For all I can see this is the expected behaviour as astaro can't authenticate the remote side.

I belive I could import all CA-certificates of the remote OpenVPN servers to solve this. This would mean a lot of work plus it can't be done be "ordinary" users.
I suppose that AFTER the OpenVPN-connection has been established, there is nothing being transferred that could be scanned by the webfilter anyway.
So, is there a way to exclude OpenVPN connections from being scanned? Or to put it in other words, is there a way for astaro to tell that this isn't a connection to a "real webserver"?

Thanks a lot for any clarification / hints!!