I am trying to create a single TLS connection from a client to a server. Inside this tunnel, I would like to have two different types of streams: HTTPS traffic that I want the server to forward to a specific API server, and OpenVPN traffic(which is a combination of TLS and a TCP data stream). I am looking into WebSocket to do so, but can't find information on how to forward the stream to the correct destination (OpenVPN vs HTTPS API server) once it reaches my server. Is WebSocket a good solution for this? Is stunnel a better option? Are there existing solutions that offer this functionality?
I've ended up solving this using SSLH and ghostunnel: on the client, I have started a ghostunnel listening on 127.0.0.1:8443 and forwarding the TLS-wrapped traffic towards a ghostunnel server I have in the cloud (listening on 443). I have directed my OpenVPN client to connect to 127.0.0.1:8443. I have also directed my HTTPS client to connect to 127.0.0.1:8443. On the server side, the traffic coming out of the ghostunnel server is funnelled into an SSLH server which in turn has two rules: forward TLS traffic to my webserver, and OpenVPN towards my OpenVPN server. The solution works great!