On 08/16/2017 11:49 AM, John Nielsen wrote: > Thanks for sharing! I'm going to give this a try and see if I can > stop paying for a 2nd IP on my VPS just to run a firewall-friendly > OpenVPN server.
Yes my thoughts exactly! One of the interesting things is that if big brother saw traffic to this IP address at this port, if they hit it with a web request they'd get a page. So it be helpful if you were traveling in China. Though packet inspection could easily differentiate between ssh and ssl, but you can tunnel ssh over ssl, and the docs for sslh describe how to do that. But for most purposes, it should work fine without. If you need to have more than one name (hostname) on a certificate, the mechanism is the "subject alternate name" field. This is supported by most browsers, most ssl clients, and you can sign such certs using Let's Encrypt, which supports SAN. Not all registrars let you sign a cert with SANs. /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
