You bring up a really good point. I considered sslh and I haven't ruled it out yet, but I want to use haproxy also for it's HTTPS and raw TLS vhosting capabilities via SNI. One of the blogs noted that OpenVPN also had SNI.
This means that I could also use haproxy as part of a Reverse VPN in cases where the home cloud is behind an apartment firewall and is connected to a box out in the cloud to allow its https and vpn capabilities to be accessed. I realize that SSH doesn't support SNI, so it still wouldn't solve that use case, but if I could solve several use cases with just one tool, that's more attractive than learning more tools and layering them. AJ ONeal (317) 426-6525 On Wed, Jul 1, 2015 at 6:13 PM, Jima <[email protected]> wrote: > AJ, > > Not to go too far off on a tangent, but is there a particular reason to > not use sslh itself? Having not had the occasion to use it, I had thought > it was the go-to solution for this scenario, and am curious what it can't > accomplish. > > Jima > > > On 2015-07-01 17:33, AJ ONeal (Home) wrote: > >> I'm trying to replicate the scenario of overloading port 443 for ssh, >> https, and openvpn, which covered in these blogs: >> >> https://314es.pl/https-openvpn-and-ssh-on-one-port-thanks-to-haproxy >> http://blog.manty.net/2014/12/haproxy-as-very-very-overloaded-sslh.html >> https://dgl.cx/2010/01/haproxy-ssh-and-ssl-on-same-port >> >> They each do things a different way and even when I've gotten things to >> work, they only work sometimes (as it one connection may work as expected, >> disconnecting and reconnecting may or may not). >> >> Right now I'm just toying around with the idea, but I'd like to have the >> various services of the home cloud server I'm working on be accessible >> even >> in unfavorable conditions. >> >> I'm also interested in websocket tunneling, which may turn out to be a >> better solution: >> https://www.npmjs.com/package/wstunnel >> >> AJ ONeal >> >> /* >> PLUG: http://plug.org, #utah on irc.freenode.net >> Unsubscribe: http://plug.org/mailman/options/plug >> Don't fear the penguin. >> */ >> >> > > /* > PLUG: http://plug.org, #utah on irc.freenode.net > Unsubscribe: http://plug.org/mailman/options/plug > Don't fear the penguin. > */ > /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
