{"id":255499,"date":"2016-04-20T14:31:01","date_gmt":"2016-04-20T06:31:01","guid":{"rendered":"http:\/\/blog.zhenglei.net\/?p=255499"},"modified":"2016-04-20T14:35:43","modified_gmt":"2016-04-20T06:35:43","slug":"road-warrior-ssh-share-port-443","status":"publish","type":"post","link":"https:\/\/blog.zhenglei.net\/?p=255499","title":{"rendered":"road warrior &amp; ssh share port 443"},"content":{"rendered":"<p>With help of SNI in stunnel,\u00a0 we can\u00a0 support both\u00a0 road warrior and ssh function on the same TCP\/443 port.<\/p>\n<p>&nbsp;<\/p>\n<p><span style=\"color: #3366ff\"><strong>VPS Server:<\/strong><\/span><\/p>\n<p>Install\u00a0 stunnel v5.31 with\u00a0 openssl\u00a0 v1.0.2, and listen on port 443<\/p>\n<p>Install dante v1.4.1,\u00a0 and listen on port 1080<\/p>\n<p>Install openssh, and listen on port 22<\/p>\n<p>&nbsp;<\/p>\n<p><span style=\"color: #ff0000\"><strong>Stunnel config for VPS server<\/strong><\/span><\/p>\n<p><em>chroot = \/var\/lib\/stunnel\/<br \/>\npid=\/stunnel.pid<br \/>\nsetuid = stunnel<br \/>\nsetgid = stunnel<\/em><\/p>\n<p>;debug =debug<br \/>\ndebug = err<br \/>\n;foreground = yes<\/p>\n<p>log = append<br \/>\n;log = overwrite<br \/>\noutput = \/stunnel.log<\/p>\n<p>cert = \/etc\/stunnel\/stunnel.pem<br \/>\n;key = \/etc\/stunnel\/stunnel.pem<\/p>\n<p>verify = 3<br \/>\nCApath = \/certs<\/p>\n<p>; performance<br \/>\nsocket = l:TCP_NODELAY=1<\/p>\n<p>;compression = deflate<br \/>\ncompression = zlib<\/p>\n<p>[tls]<br \/>\naccept = 0.0.0.0:443<br \/>\nconnect = 127.0.0.1:1080<\/p>\n<p>[ssh]<br \/>\nsni = tls:22.vps.server.net<br \/>\nconnect = 127.0.0.1:22<\/p>\n<p>[socks]<br \/>\nsni = tls:vps.server.net<br \/>\nconnect = 127.0.0.1:1080<\/p>\n<p>&nbsp;<\/p>\n<p>stunnel listen on 22 for ssh connection<\/p>\n<p>stunnel listen on 1080 for socks connection<\/p>\n<p>&nbsp;<\/p>\n<p><span style=\"color: #ff0000\"><strong>Stunnel config for client within Corp&#8217;s network:<\/strong><\/span><\/p>\n<p><em>chroot = \/var\/lib\/stunnel\/<\/em><br \/>\n<em> pid=\/stunnel.pid<\/em><br \/>\n<em> setuid = stunnel<\/em><br \/>\n<em> setgid = stunnel<\/em><\/p>\n<p><em>;debug = alert\/crit\/err\/warning\/notice\/info\/debug<\/em><br \/>\n<em> debug = err<\/em><\/p>\n<p><em>;foreground = yes<\/em><\/p>\n<p><em>cert = \/etc\/stunnel\/stunnel.pem<\/em><\/p>\n<p><em>;compression = deflate | zlib<\/em><br \/>\n<em> compression = zlib<\/em><\/p>\n<p><em>client = yes<\/em><\/p>\n<p><em>; performance<\/em><br \/>\n<em> socket = l:TCP_NODELAY=1<\/em><\/p>\n<p><em>[socks-http-proxy]<\/em><br \/>\n<em> accept = 127.0.0.1:1080<\/em><br \/>\n<em> connect = http_proxy_ip:http_proxy_port<\/em><\/p>\n<p><em>protocol = connect<\/em><br \/>\n<em> protocolHost = vps.server.net:443<\/em><\/p>\n<p><em>[ssh-http-proxy]<\/em><br \/>\n<em> accept = 0.0.0.0:22<\/em><br \/>\n<em> connect = http_proxy_ip:http_proxy_port<\/em><br \/>\n<em> protocol = connect<\/em><br \/>\n<em> protocolHost = vps.server.net:443<\/em><br \/>\n<em> sni = 22.vps.server.net<\/em><\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p><strong>How to<\/strong><\/p>\n<p><strong><span style=\"color: #0000ff\">Road Warrier:\u00a0<\/span> <\/strong><\/p>\n<p>set socks proxy of browser to 127.0.0.1:1080<\/p>\n<p>&nbsp;<\/p>\n<p><strong><span style=\"color: #0000ff\">SSH to vps.server.net<\/span><\/strong><\/p>\n<p>ssh -p 22\u00a0 user@localhost<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>With help of SNI in stunnel,\u00a0 we can\u00a0 su &hellip; <a href=\"https:\/\/blog.zhenglei.net\/?p=255499\">\u7ee7\u7eed\u9605\u8bfb <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6,9],"tags":[287,288,283,279],"class_list":["post-255499","post","type-post","status-publish","format-standard","hentry","category-internet","category-vps","tag-dante","tag-road-warrier","tag-sni","tag-stunnel"],"_links":{"self":[{"href":"https:\/\/blog.zhenglei.net\/index.php?rest_route=\/wp\/v2\/posts\/255499","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.zhenglei.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.zhenglei.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.zhenglei.net\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.zhenglei.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=255499"}],"version-history":[{"count":3,"href":"https:\/\/blog.zhenglei.net\/index.php?rest_route=\/wp\/v2\/posts\/255499\/revisions"}],"predecessor-version":[{"id":255502,"href":"https:\/\/blog.zhenglei.net\/index.php?rest_route=\/wp\/v2\/posts\/255499\/revisions\/255502"}],"wp:attachment":[{"href":"https:\/\/blog.zhenglei.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=255499"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.zhenglei.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=255499"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.zhenglei.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=255499"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}