How to recognize tinc TCP connection with iptables
Guus Sliepen
guus at tinc-vpn.org
Sat Aug 31 20:44:25 CEST 2013
On Sat, Aug 31, 2013 at 10:27:55AM -0700, Nikolaus Rath wrote:
> What I want to do is be able to talk to a tinc server on port 443
> (https) using just TCP, so that the client has the best possible chance
> of making it through any overly restrictive firewalls imposed by some
> WiFi hotspots.
>
> However, I still want to be able to serve regular https on the same
> server. Thus the idea of adding some iptables rule on the server that
> identify tinc packets and locally redirect those to the regular tinc
> port (while everything else reaches the webserver as usual).
>
> So I think as long as my rule is specific enough to distinguish tinc and
> TLS, I should be good.
In that case, you can just match the "0 " at the start of the connection, you
don't have to look further. Instead of using iptables, you could also have a
look at sslh:
http://www.rutschle.net/tech/sslh.shtml
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20130831/39034d4a/attachment.sig>
More information about the tinc
mailing list