> On Aug 15, 2017, at 12:44 PM, Michael Torrie <[email protected]> wrote: > > I just discovered a neat little project that may be of interest to some > of you. It's called sslh[1] and it's a smart SSL port multiplexer that > allows you to run SSH, HTTPS, OpenVPN, and other protocols (can be > expanded using regex rules to custom protocols) all on the same port, > for example port 443. Why would you want to do this? Well in some public > networks port 22 or the OpenVPN ports are blocked, but port 443 is > rarely blocked. So you can run your web server, vpn server and sshd all > on port 443 as it were and sslh will forward the packets to the right > local server based on what kind of protocol it detects. As well, it can > differentiate between protocols wrapped inside SSL by inspecting the > unencrypted bytes as they come in. This of course means that the sslh > daemon has to have the necessary certificate to offer SSL connections, > and that cert would have to have the right Common Name aliases to handle > all the different host names (virtual hosts) that might be using that port. > > sslh is in most distros standard repository. It's a neat little gem > that for me has been lying there undiscovered for some time. Here's a > basic howto article: > > https://www.ostechnix.com/sslh-share-port-https-ssh/ > > And of course the projects website has more information, such as how to > multiplex openvpn as well, and use transparent IP proxying in > conjunction with it to preserve the source IP addresses for logging, and > make things like fail2ban work: > > [1] http://www.rutschle.net/sslh > > Pretty neat. I'm going to set this up on my VPS when I get some time. > Would be interested to know if anyone else has used this or would like > to set it up.
Thanks for sharing! I'm going to give this a try and see if I can stop paying for a 2nd IP on my VPS just to run a firewall-friendly OpenVPN server. /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
