{"id":255690,"date":"2016-11-18T18:21:18","date_gmt":"2016-11-18T10:21:18","guid":{"rendered":"http:\/\/blog.zhenglei.net\/?p=255690"},"modified":"2016-11-18T18:21:18","modified_gmt":"2016-11-18T10:21:18","slug":"setup-reverse-tunnel-with-stunnel","status":"publish","type":"post","link":"https:\/\/blog.zhenglei.net\/?p=255690","title":{"rendered":"setup reverse tunnel with stunnel"},"content":{"rendered":"<p>Unlike ssh,\u00a0 stunnel dosen&#8217;t support the reverse tunnel by it&#8217;s self.<\/p>\n<p>With the help of tgcd ( <a href=\"http:\/\/www.baidu.com\/link?url=_UJGFONfVVOylsAg3ZNAMaQA8FqBZR_12Yegsnwb1E36oADku6_zfZ51RxPWI98U&amp;wd=&amp;eqid=b9adf8be0001b42900000004582ecd3f\" target=\"_blank\">TCP\/IP Gender Changer Daemon <\/a>), we are able to setup a reverse tunnel by chain the tgcd and stunnel:<\/p>\n<p>For example:<\/p>\n<p>We try to access the corp server from home,\u00a0 but due to the NAT firewall of the corp, only out going 80\/443 port are opened:<\/p>\n<p>client\u00a0 ==&gt; tgcd LL node (home server)\u00a0 ==&gt; tgcd CC node (corp agent) ==&gt; corp server:<\/p>\n<p><span style=\"color: #ff0000\"><strong>Home Server:<\/strong><\/span><\/p>\n<p><span style=\"color: #0000ff\">Launching tgcd daemon in LL mode:<br \/>\n<\/span><\/p>\n<p><em>\u00a0\u00a0 tgcd -L -q 2222 -p 22222<\/em><\/p>\n<p>Listen on port 2222 for client access<\/p>\n<p>Listen on port 22222 for tgcd CC access<\/p>\n<p>&nbsp;<\/p>\n<p><strong><span style=\"color: #0000ff\">Launching stunnel in server mode:<\/span><\/strong><\/p>\n<p><em>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 \/usr\/local\/bin\/stunnel \/etc\/stunnel\/stunnel_server.conf<\/em><\/p>\n<p>Listen on port 443 for incoming ssl connection<\/p>\n<p>Forward link with sni=tgcd to port 2222<\/p>\n<p>cat <em>\/etc\/stunnel\/stunnel_server.conf<\/em><\/p>\n<p><span style=\"color: #808080\">[tls]<\/span><br \/>\n<span style=\"color: #808080\">accept = 0.0.0.0:443<\/span><br \/>\n<span style=\"color: #808080\">connect = 127.0.0.1:1080<\/span><\/p>\n<p><span style=\"color: #808080\">[tgcd]<\/span><br \/>\n<span style=\"color: #808080\">sni = tls:tgcd<\/span><br \/>\n<span style=\"color: #808080\">connect = 127.0.0.1:2222<\/span><\/p>\n<p>&nbsp;<\/p>\n<p><span style=\"color: #ff0000\"><strong>Corp Agent Server:<\/strong><\/span><\/p>\n<p><span style=\"color: #0000ff\">Launching tgcd daemon in CC mode: <\/span><\/p>\n<p><em>tgcd -C -s 127.0.0.1:222 -c 127.0.0.227:2222<\/em><\/p>\n<p>Connect to tgcd LL node at: \u00a0 <em>127.0.0.227:2222<\/em><\/p>\n<p>Connect to sshd server at: \u00a0 \u00a0 <em>127.0.0.1:222<\/em><\/p>\n<p><span style=\"color: #0000ff\"><strong>Launching stunnel in client mode:<\/strong><\/span><\/p>\n<p>\/usr\/local\/bin\/stunnel \/etc\/stunnel\/stunnel_client.conf<\/p>\n<p>Listen on port <em>127.0.0.227:2222<\/em> from tgcd CC, and<\/p>\n<p>Access Home server via port 443 behind NAT and http proxy<\/p>\n<p>cat \/etc\/stunnel\/stunnel_client.conf<\/p>\n<p>&nbsp;<\/p>\n<p><span style=\"color: #808080\">[ssh-tgcd-home]<\/span><br \/>\n<span style=\"color: #808080\">accept = 127.0.0.227:2222<\/span><br \/>\n<span style=\"color: #808080\">protocolHost = home.serverip:443<\/span><\/p>\n<p><span style=\"color: #808080\">connect = http_proxy_ip:http_proxy_port<\/span><br \/>\n<span style=\"color: #808080\">protocol = connect<\/span><br \/>\n<span style=\"color: #808080\">sni = tgcd<\/span><\/p>\n<p>&nbsp;<\/p>\n<p>******************************************<\/p>\n<p>With such configuration, we can login into the corp server by means of:<\/p>\n<p>ssh -p 22222 \u00a0 home.server.ip<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Unlike ssh,\u00a0 stunnel dosen&#8217;t suppo &hellip; <a href=\"https:\/\/blog.zhenglei.net\/?p=255690\">\u7ee7\u7eed\u9605\u8bfb <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6,4,18,226,9],"tags":[279,340,253],"class_list":["post-255690","post","type-post","status-publish","format-standard","hentry","category-internet","category-lfs","category-software-download","category-vpn","category-vps","tag-stunnel","tag-tgcd","tag-tunnel"],"_links":{"self":[{"href":"https:\/\/blog.zhenglei.net\/index.php?rest_route=\/wp\/v2\/posts\/255690","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.zhenglei.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.zhenglei.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.zhenglei.net\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.zhenglei.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=255690"}],"version-history":[{"count":1,"href":"https:\/\/blog.zhenglei.net\/index.php?rest_route=\/wp\/v2\/posts\/255690\/revisions"}],"predecessor-version":[{"id":255691,"href":"https:\/\/blog.zhenglei.net\/index.php?rest_route=\/wp\/v2\/posts\/255690\/revisions\/255691"}],"wp:attachment":[{"href":"https:\/\/blog.zhenglei.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=255690"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.zhenglei.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=255690"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.zhenglei.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=255690"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}