[sslh] Fw: Converting sslh in a http/s - OpenVPN Multiplexer

Arnaud Gendre nono303 at nono303.net
Tue May 31 11:14:37 CEST 2011 

Hi,



I had the same  
problem with port-share unavailable forWindows  version ofOpenVPN.

I have modified sslh v1.8-rc3 in fork mode only (select mode always  
disconnect after few second, but I didn’t have enought C skills and 
time to see  why…) for using with OpenVPN 2.x (adding –o 
option), ssl and  ssh.

Compiled with Cygwin , it’s work fine for me on Windows XP, since  
several month.

The modifications had not been tested for all kind of situations, but you  
may test it and give me a return.

See modified sources attached.



Regards,  



Arnaud

-----Original  
Message-----

From: Yves Rutschle <yves at naryves.com>

To: oruff at swoopin.com

Cc: sslh at rutschle.net

Date: Tue, 31 May 2011 10:18:48 +0200

Subject: Re: [sslh] Fw: Converting sslh in a http/s - OpenVPN Multiplexer




Hi,



There is something wrong with your e-mail software, I get a

glob of html and so do the mailing list archives (see below

and http://rutschle.net/pipermail/sslh/2011-May/000066.html 
[http://rutschle.net/pipermail/sslh/2011-May/000066.html]
).



I should have time to add this feature on thursday, I'll

keep you posted.



Cheers,

Y.



On Tue, May 31, 2011 at 12:39:05AM +0200, oruff at swoopin.com wrote:

> <FONT face="Default Sans  
Serif,Verdana,Arial,Helvetica,sans-serif"  
size=2><div><br></div><div><blockquote  
style="padding-right: 0px; padding-left: 5px; margin-left: 5px;  
border-left: 2px solid #000000; margin-right: 0px;"><font  
face="Default Sans Serif,Verdana,Arial,Helvetica,sans-serif"  
size="2"><font  
size="2"></font></font>Hello All,<br><font 
 face="Default Sans Serif,Verdana,Arial,Helvetica,sans-serif"  
size="2"><div>I'm facing an issue ... I can't fix  
alone.<br>I'm forced to use a proprietary version of OpenVPN which  
doesn't handle the --port-share.<br>I went trough the source code of  
both sslh and OpenVPN but ... I'm definitely not a C developer (shame on  
me).<br><br>OpenVPN uses the following logic to identify if the  
connexion is OpenVPN or http/s :<br>/*<br> * Given  
either the first 2 or 3 bytes of an initial client ->  
server<br> * data payload, return true if the protocol is  
that of an OpenVPN<br> * client attempting to connect with an 
 OpenVPN  
server.<br> */<br>bool<br>is_openvpn_protocol  
(const struct buffer *buf)<br>{<br>  const unsigned  
char *p = (const unsigned char *) BSTR (buf);<br>  const int  
len = BLEN (buf);<br>  if (len >=  
3)<br>     
{<br>      return p[0] == 
 0<br>    && p[1] >= 
 14<br>    && p[2] ==  
(P_CONTROL_HARD_RESET_CLIENT_V2<<P_OPCODE_SHIFT);<br>    

 }<br>  else if (len >=  
2)<br>     
{<br>      return p[0] == 
 0 && p[1] >=  
14;<br>    }<br>   
else<br>    return  
true;<br>}<br><br><br>where as, you are using to  
identify if the connexion is ssh or ssl:<br>int  
client_sent_ssh_banner(struct connection *cnx)  
{<br>    char  
buffer[BUFSIZ];<br>    int  
n;<br> <br>    n =  
read(cnx->q[0].fd, buffer,  
sizeof(buffer));<br>     
defer_write(&cnx->q[1], buffer,  
n);<br>    if (!strncmp(buffer,  
"SSH-", 4))  
{<br>        
 return 1;<br>     
}<br>    return  
0;<br>}<br><br>can you help me adapt sslh so that it can  
sit in front of both my http/s revese proxy (100% closed source) and my  
OpenVPN  (100% closed source) ?<br><br>Thanks in  
advance for your help<br></div><div><font  
face="Default Sans Serif,Verdana,Arial,Helvetica,sans-serif"  
size="2"><font  
size="2">-------------------------------<br>Olivier  
RUFF<br>Swoop IN - Conseil en Informatique<br>58, rue  
Serpentine<br>78960 VOISINS LE BRETONNEUX<br>S.A. au Capital de  
42000 EUR - RCS Versailles B 421 738 923<br>TVA : FR 94 421 738  
923<br><br>Mobile :<br>Tel : +33 (0) 680 651  
813<br><br>Office : <br>Fax : +33 (0) 130 482  
138<br><br>e-mail : 

> </font><a target="_blank"  
href="mailto:oruff at swoopin.com"><u><font  
color="#0000ff"  
size="2"><br>oruff at swoopin.com

>  
</font></u></a></font><br></div></font>

> </blockquote><br><br></div></FONT>



> _______________________________________________

> sslh mailing list

> sslh at rutschle.net

> http://rutschle.net/cgi-bin/mailman/listinfo/sslh 
[http://rutschle.net/cgi-bin/mailman/listinfo/sslh]





_______________________________________________

sslh mailing list

sslh at rutschle.net

http://rutschle.net/cgi-bin/mailman/listinfo/sslh 
[http://rutschle.net/cgi-bin/mailman/listinfo/sslh]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://rutschle.net/pipermail/sslh/attachments/20110531/17816d11/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: sslh-1.8-rc3_patch_vpn.zip
Type: application/zip
Size: 6319 bytes
Desc: not available
URL: <http://rutschle.net/pipermail/sslh/attachments/20110531/17816d11/attachment-0001.zip>

More information about the sslh mailing list