How to recognize tinc TCP connection with iptables

Guus Sliepen guus at tinc-vpn.org
Sat Aug 31 20:44:25 CEST 2013


On Sat, Aug 31, 2013 at 10:27:55AM -0700, Nikolaus Rath wrote:

> What I want to do is be able to talk to a tinc server on port 443
> (https) using just TCP, so that the client has the best possible chance
> of making it through any overly restrictive firewalls imposed by some
> WiFi hotspots.
> 
> However, I still want to be able to serve regular https on the same
> server. Thus the idea of adding some iptables rule on the server that
> identify tinc packets and locally redirect those to the regular tinc
> port (while everything else reaches the webserver as usual).
> 
> So I think as long as my rule is specific enough to distinguish tinc and
> TLS, I should be good.

In that case, you can just match the "0 " at the start of the connection, you
don't have to look further. Instead of using iptables, you could also have a
look at sslh:

http://www.rutschle.net/tech/sslh.shtml

-- 
Met vriendelijke groet / with kind regards,
     Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20130831/39034d4a/attachment.sig>


More information about the tinc mailing list