[sslh] Fw: Converting sslh in a http/s - OpenVPN Multiplexer
Arnaud Gendre
nono303 at nono303.net
Tue May 31 11:14:37 CEST 2011
Hi,
I had the same
problem with port-share unavailable forWindows version ofOpenVPN.
I have modified sslh v1.8-rc3 in fork mode only (select mode always
disconnect after few second, but I didn’t have enought C skills and
time to see why…) for using with OpenVPN 2.x (adding –o
option), ssl and ssh.
Compiled with Cygwin , it’s work fine for me on Windows XP, since
several month.
The modifications had not been tested for all kind of situations, but you
may test it and give me a return.
See modified sources attached.
Regards,
Arnaud
-----Original
Message-----
From: Yves Rutschle <yves at naryves.com>
To: oruff at swoopin.com
Cc: sslh at rutschle.net
Date: Tue, 31 May 2011 10:18:48 +0200
Subject: Re: [sslh] Fw: Converting sslh in a http/s - OpenVPN Multiplexer
Hi,
There is something wrong with your e-mail software, I get a
glob of html and so do the mailing list archives (see below
and http://rutschle.net/pipermail/sslh/2011-May/000066.html
[http://rutschle.net/pipermail/sslh/2011-May/000066.html]
).
I should have time to add this feature on thursday, I'll
keep you posted.
Cheers,
Y.
On Tue, May 31, 2011 at 12:39:05AM +0200, oruff at swoopin.com wrote:
> <FONT face="Default Sans
Serif,Verdana,Arial,Helvetica,sans-serif"
size=2><div><br></div><div><blockquote
style="padding-right: 0px; padding-left: 5px; margin-left: 5px;
border-left: 2px solid #000000; margin-right: 0px;"><font
face="Default Sans Serif,Verdana,Arial,Helvetica,sans-serif"
size="2"><font
size="2"></font></font>Hello All,<br><font
face="Default Sans Serif,Verdana,Arial,Helvetica,sans-serif"
size="2"><div>I'm facing an issue ... I can't fix
alone.<br>I'm forced to use a proprietary version of OpenVPN which
doesn't handle the --port-share.<br>I went trough the source code of
both sslh and OpenVPN but ... I'm definitely not a C developer (shame on
me).<br><br>OpenVPN uses the following logic to identify if the
connexion is OpenVPN or http/s :<br>/*<br> * Given
either the first 2 or 3 bytes of an initial client ->
server<br> * data payload, return true if the protocol is
that of an OpenVPN<br> * client attempting to connect with an
OpenVPN
server.<br> */<br>bool<br>is_openvpn_protocol
(const struct buffer *buf)<br>{<br> const unsigned
char *p = (const unsigned char *) BSTR (buf);<br> const int
len = BLEN (buf);<br> if (len >=
3)<br>
{<br> return p[0] ==
0<br> && p[1] >=
14<br> && p[2] ==
(P_CONTROL_HARD_RESET_CLIENT_V2<<P_OPCODE_SHIFT);<br>
}<br> else if (len >=
2)<br>
{<br> return p[0] ==
0 && p[1] >=
14;<br> }<br>
else<br> return
true;<br>}<br><br><br>where as, you are using to
identify if the connexion is ssh or ssl:<br>int
client_sent_ssh_banner(struct connection *cnx)
{<br> char
buffer[BUFSIZ];<br> int
n;<br> <br> n =
read(cnx->q[0].fd, buffer,
sizeof(buffer));<br>
defer_write(&cnx->q[1], buffer,
n);<br> if (!strncmp(buffer,
"SSH-", 4))
{<br>
return 1;<br>
}<br> return
0;<br>}<br><br>can you help me adapt sslh so that it can
sit in front of both my http/s revese proxy (100% closed source) and my
OpenVPN (100% closed source) ?<br><br>Thanks in
advance for your help<br></div><div><font
face="Default Sans Serif,Verdana,Arial,Helvetica,sans-serif"
size="2"><font
size="2">-------------------------------<br>Olivier
RUFF<br>Swoop IN - Conseil en Informatique<br>58, rue
Serpentine<br>78960 VOISINS LE BRETONNEUX<br>S.A. au Capital de
42000 EUR - RCS Versailles B 421 738 923<br>TVA : FR 94 421 738
923<br><br>Mobile :<br>Tel : +33 (0) 680 651
813<br><br>Office : <br>Fax : +33 (0) 130 482
138<br><br>e-mail :
> </font><a target="_blank"
href="mailto:oruff at swoopin.com"><u><font
color="#0000ff"
size="2"><br>oruff at swoopin.com
>
</font></u></a></font><br></div></font>
> </blockquote><br><br></div></FONT>
> _______________________________________________
> sslh mailing list
> sslh at rutschle.net
> http://rutschle.net/cgi-bin/mailman/listinfo/sslh
[http://rutschle.net/cgi-bin/mailman/listinfo/sslh]
_______________________________________________
sslh mailing list
sslh at rutschle.net
http://rutschle.net/cgi-bin/mailman/listinfo/sslh
[http://rutschle.net/cgi-bin/mailman/listinfo/sslh]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://rutschle.net/pipermail/sslh/attachments/20110531/17816d11/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: sslh-1.8-rc3_patch_vpn.zip
Type: application/zip
Size: 6319 bytes
Desc: not available
URL: <http://rutschle.net/pipermail/sslh/attachments/20110531/17816d11/attachment-0001.zip>
More information about the sslh
mailing list