[sslh] Fw: Converting sslh in a http/s - OpenVPN Multiplexer
oruff at swoopin.com
oruff at swoopin.com
Tue May 31 20:44:09 CEST 2011
Bonsoir Arnaud,
Tu es mon sauveur / génie : ton patch marche formidablement bien, c'est
super. Merci Beaucoup.
Il me semble que la méthode du code source d'OpenVPN est plus "précise" ...
mais puisque ça fonctionne ... je ne vais pas être plus royaliste que le
roi.
A Anaud & Yves: Puis-je me servir de votre solution "magique" pour publier
une "Cool Solution" en citant vos illustres noms bien-sur ?
Encore Mille Merci.
-------------------------------
Olivier RUFF
Swoop IN - Conseil en Informatique
58, rue Serpentine
78960 VOISINS LE BRETONNEUX
S.A. au Capital de 42000 EUR - RCS Versailles B 421 738 923
TVA : FR 94 421 738 923
Mobile :
Tel : +33 (0) 680 651 813
Office :
Fax : +33 (0) 130 482 138
e-mail :
oruff at swoopin.com
-----"Arnaud Gendre" <nono303 at nono303.net> wrote: -----
To: "Yves Rutschle" <yves at naryves.com>, oruff at swoopin.com
From: "Arnaud Gendre" <nono303 at nono303.net>
Date: 05/31/2011 11:14AM
Cc: sslh at rutschle.net
Subject: Re: [sslh] Fw: Converting sslh in a http/s - OpenVPN Multiplexer
Hi,
I had the same
problem with port-share unavailable for
Windows version of
OpenVPN.
I have modified sslh v1.8-rc3 in fork mode only (select mode always
disconnect after few second, but I didn’t have enought C skills and
time to see why…) for using with OpenVPN 2.x (adding –o
option), ssl and ssh.
Compiled with Cygwin , it’s work fine for me on Windows XP, since
several month.
The modifications had not been tested for all kind of situations, but you
may test it and give me a return.
See modified sources attached.
Regards,
Arnaud
On Tue, May 31, 2011 at 12:39:05AM +0200, oruff at swoopin.com wrote:
Hello,
I'm facing an issue ... I can't fix alone.
I'm forced to use a proprietary version of OpenVPN which doesn't handle the
--port-share.
I went trough the source code of both sslh and OpenVPN but ... I'm
definitely not a C developer (shame on me).
OpenVPN uses the following logic to identify if the connexion is OpenVPN or
http/s :
/*
* Given either the first 2 or 3 bytes of an initial client -> server
* data payload, return true if the protocol is that of an OpenVPN
* client attempting to connect with an OpenVPN server.
*/
bool
is_openvpn_protocol (const struct buffer *buf)
{
const unsigned char *p = (const unsigned char *) BSTR (buf);
const int len = BLEN (buf);
if (len >= 3)
{
return p[0] == 0
&& p[1] >= 14
&& p[2] == (P_CONTROL_HARD_RESET_CLIENT_V2<<P_OPCODE_SHIFT);
}
else if (len >= 2)
{
return p[0] == 0 && p[1] >= 14;
}
else
return true;
}
where as, you are using to identify if the connexion is ssh or ssl:
int client_sent_ssh_banner(struct connection *cnx) {
char buffer[BUFSIZ];
int n;
n = read(cnx->q[0].fd, buffer, sizeof(buffer));
defer_write(&cnx->q[1], buffer, n);
if (!strncmp(buffer, "SSH-", 4)) {
return 1;
}
return 0;
}
can you help me adapt sslh so that it can sit in front of both my http/s
revese proxy (100% closed source) and my OpenVPN (100% closed source) ?
Thanks in advance for your help
> _______________________________________________
> sslh mailing list
> sslh at rutschle.net
>
http://rutschle.net/cgi-bin/mailman/listinfo/sslh
_______________________________________________
sslh mailing list
sslh at rutschle.net
http://rutschle.net/cgi-bin/mailman/listinfo/sslh
[attachment "sslh-1.8-rc3_patch_vpn.zip" removed by Olivier RUFF/Swoop_IN]
More information about the sslh
mailing list