Hello, I recently discovered an SSL multiplexer called "sslh": """ sslh accepts connections on specified ports, and forwards them further based on tests performed on the first data packet sent by the remote client. Probes for HTTP, SSL, SSH, OpenVPN, tinc, XMPP are implemented, and any other protocol that can be tested using a regular expression, can be recognized. A typical use case is to allow serving several services on port 443 (e.g. to connect to ssh from inside a corporate firewall, which almost never block port 443) while still serving HTTPS on that port. Hence sslh acts as a protocol multiplexer, or a switchboard. Its name comes from its original function to serve SSH and HTTPS on the same port. """ Since many of my network services claims to listen on 433 (to bypass mobile network limitations), I'm thinking to configure and deploy sslh on large scale. If tor handshake can be handled by sslh, could the process (of the tor relay) be listening on 127.0.0.1:12345 and publish good relay descriptor as well ? Currently, in my relay config, I have the following: """ ORPort 26719 ORPort [{{ ansible_default_ipv6.address }}]:26719 DirPort 26720 and Address <my_public_ipv4_here> """ Tor will accept to be listening on the localhost interface only? """ ORPort 127.0.0.1:26719 Address <my_public_ipv4_here> """ Best regards, -- GnuPG: AE157E0B29F0BEF2 at keys.openpgp.org CA Cert: https://dl.casperlefantom.net/pub/ssl/root.der
Casper> sslh accepts connections on specified ports, and forwards them further
based on tests performed on the first data packet sent by the remote client.
Interesting, never heard of sslh but I've heard of people using Nginx for this [1].
If tor handshake can be handled by sslh, could the process (of the tor relay) be listening on 127.0.0.1:12345 and publish good relay descriptor as well ?
Have a look at the NoAdvertise and NoListen flags of ORPort [2]: ORPort 127.0.0.1:12345 NoAdvertise ORPort 1.1.1.1:443 NoListen [1]: https://www.nginx.com/blog/running-non-ssl-protocols-over-ssl-port-nginx-1-1... [2]: https://2019.www.torproject.org/docs/tor-manual.html.en#ORPort
Hi, if you run sslh on small vps you should use sslh-select which has less overhead when many connections are handled. see https://www.rutschle.net/tech/sslh/README.html Am 12.06.21 um 10:26 schrieb Casper:
Hello,
I recently discovered an SSL multiplexer called "sslh":
""" sslh accepts connections on specified ports, and forwards them further based on tests performed on the first data packet sent by the remote client.
Probes for HTTP, SSL, SSH, OpenVPN, tinc, XMPP are implemented, and any other protocol that can be tested using a regular expression, can be recognized. A typical use case is to allow serving several services on port 443 (e.g. to connect to ssh from inside a corporate firewall, which almost never block port 443) while still serving HTTPS on that port.
Hence sslh acts as a protocol multiplexer, or a switchboard. Its name comes from its original function to serve SSH and HTTPS on the same port. """
Since many of my network services claims to listen on 433 (to bypass mobile network limitations), I'm thinking to configure and deploy sslh on large scale.
If tor handshake can be handled by sslh, could the process (of the tor relay) be listening on 127.0.0.1:12345 and publish good relay descriptor as well ?
Currently, in my relay config, I have the following:
""" ORPort 26719 ORPort [{{ ansible_default_ipv6.address }}]:26719 DirPort 26720
and
Address <my_public_ipv4_here> """
Tor will accept to be listening on the localhost interface only?
""" ORPort 127.0.0.1:26719 Address <my_public_ipv4_here> """
Best regards,
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
participants (3)
-
Casper -
Peter Gerber -
tor-relay@b4ckbone.de