However, for this particular service, I think that you could get away with much less by leveraging existing work: modify an OpenVPN client so that it has an additional listen socket; then, use a websockets-based relay to link the OpenVPN client's listen socket and your OpenVPN servers.
A nice thing about this setup is that the webpage with the websockets relay can be dynamically generated and point to any server of your choice for quick load-balancing; it would also make it difficult for carriers to block any single server. The biggest problem would be scaling, since OpenVPN might load a server with just hundreds of active clients (http://forums.openvpn.net/topic9148.html), in which case a custom solution might be better...
Regardless of how they did it, very clever workaround!
However, for this particular service, I think that you could get away with much less by leveraging existing work: modify an OpenVPN client so that it has an additional listen socket; then, use a websockets-based relay to link the OpenVPN client's listen socket and your OpenVPN servers.
A nice thing about this setup is that the webpage with the websockets relay can be dynamically generated and point to any server of your choice for quick load-balancing; it would also make it difficult for carriers to block any single server. The biggest problem would be scaling, since OpenVPN might load a server with just hundreds of active clients (http://forums.openvpn.net/topic9148.html), in which case a custom solution might be better...
Regardless of how they did it, very clever workaround!