search for: sslh

Hello Guus. I've reading mailing list archives threads about it at http://www.tinc-vpn.org/pipermail/tinc/2011-July/thread.html#2757 and http://rutschle.net/pipermail/sslh/2011-July/thread.html and now trying to hide tinc server behind sslh multiplexer but without luck. First of all directly it works fine. Initiator (instance of tincd with ConnectTo statement) successfully establishes connection and run tunnel with server (instance of tincd witch is listening for in...

Hi all! I'm using sslh. It's a multiplexer, used to let you have ssh, https, stunnel, etc on one port. In 6.2 there is a change in default behaviour: * ssh(1): When SSH protocol 2 only is selected (the default), ssh(1) now immediately sends its SSH protocol banner to the server without waiting to receive the...

Hi all, few days ago I have installed sslh on my server and I discover that recently OpenVPN support was added. Reading the code I found that sslh use the first few bytes of the new connection to decide what kind of connection it is, than it muxes the connection on the appropriate deamon. There is a "sign" for the tinc connection...

I know that this has been discussed before and I know that you should avoid it, and use a real VPN solution. I would like to move from port-forwarding via ssh to VPN and I have only the ssh port open. What is the current state of the art if you want to create VPN over ssh? Regards, Thomas -- Thomas Guettler http://www.thomas-guettler.de/ I am looking for feedback:

Any tips or guidance on improving the probability of being able to connect to a Tinc daemon. I am currently on a guest wifi at a hospital for my in-laws family. Wanting to pass time and be semi productive, I tried to VPN back to my private networks but it appears the default port Tinc users is blocked. Here is what I know about their firewall:

With pleasure we announce the release of tinc version 1.0.23. Here is a summary of the changes: * Start authentication immediately on outgoing connections (useful for sslh). * Fixed segfault when Name = $HOST but $HOST is not set. * Updated the build system and the documentation. * Clean up child processes left over from Proxy = exec. This version of tinc is compatible with 1.0pre8, 1.0 and later, but not with earlier version of tinc. Note that this will be o...

With pleasure we announce the release of tinc version 1.0.23. Here is a summary of the changes: * Start authentication immediately on outgoing connections (useful for sslh). * Fixed segfault when Name = $HOST but $HOST is not set. * Updated the build system and the documentation. * Clean up child processes left over from Proxy = exec. This version of tinc is compatible with 1.0pre8, 1.0 and later, but not with earlier version of tinc. Note that this will be o...

Hi all, I am behind a firewall which only let UDP 80 go through. In order to connect to an outside public node by UDP, I can set ... Port = 80 ... However, an httpd is running on the public node, occupying TCP 80. How can I configure tinc to bind on TCP 8080 but listen to UDP 80? Redirecting UDP 80 to UDP 8080 on the public node is one method. Is there a more elegant way to

.../man.openbsd.org/ssh_config.5 It looks like that the OpenSSH community don't like to implement such a feature, from my point of vies. Maybe there is a possibility to use the ProxyCommand for a solution? https://man.openbsd.org/ssh_config.5#ProxyCommand The Server http://www.rutschle.net/tech/sslh/README.html offers the possibility to handle HTTPS & SSH on the same port therefore it would be nice to have a client witch helps HTTPS front doors to select the right backend based on SNI Header. Any suggestions for a possible solution? Best regards Alex

...o new hostkey prompts, ignore whitespace surrounding the fingerprint itself. * All: wait for file descriptors to be readable or writeable during non-blocking connect, not just readable. Prevents a timeout when the server doesn't immediately send a banner (e.g. multiplexers like sslh) * sshd_config(5): document the sntrup4591761x25519-sha512 at tinyssh.org key exchange algorithm. PR#151 Portability ----------- * sshd(8): multiple adjustments to the Linux seccomp sandbox: - Non-fatally deny IPC syscalls in sandbox - Allow clock_gettime64() in sandbox (MIPS / glibc...

...o new hostkey prompts, ignore whitespace surrounding the fingerprint itself. * All: wait for file descriptors to be readable or writeable during non-blocking connect, not just readable. Prevents a timeout when the server doesn't immediately send a banner (e.g. multiplexers like sslh) * sshd_config(5): document the sntrup4591761x25519-sha512 at tinyssh.org key exchange algorithm. PR#151 Portability ----------- * sshd(8): multiple adjustments to the Linux seccomp sandbox: - Non-fatally deny IPC syscalls in sandbox - Allow clock_gettime64() in sandbox (MIPS / glibc...

...o new hostkey prompts, ignore whitespace surrounding the fingerprint itself. * All: wait for file descriptors to be readable or writeable during non-blocking connect, not just readable. Prevents a timeout when the server doesn't immediately send a banner (e.g. multiplexers like sslh) * sshd_config(5): document the sntrup4591761x25519-sha512 at tinyssh.org key exchange algorithm. PR#151 Portability ----------- * sshd(8): multiple adjustments to the Linux seccomp sandbox: - Non-fatally deny IPC syscalls in sandbox - Allow clock_gettime64() in sandbox (MIPS / glibc...

...o new hostkey prompts, ignore whitespace surrounding the fingerprint itself. * All: wait for file descriptors to be readable or writeable during non-blocking connect, not just readable. Prevents a timeout when the server doesn't immediately send a banner (e.g. multiplexers like sslh) * sshd_config(5): document the sntrup4591761x25519-sha512 at tinyssh.org key exchange algorithm. PR#151 Portability ----------- * sshd(8): multiple adjustments to the Linux seccomp sandbox: - Non-fatally deny IPC syscalls in sandbox - Allow clock_gettime64() in sandbox (MIPS / glibc...