Tips punching through tight firewalls
Cobin Bluth
cbluth at gmail.com
Mon Jun 2 00:00:33 CEST 2014
I run a few public-facing tinc nodes, on one of which I use sslh/nginx/tinc
on port 443.
Sslh is a demultiplexing daemon that interprets the network traffic and
determines if it's HTTPS/ssl or ssh/openvpn/tinc. Bind sslh to port 443 and
if it sees HTTPS traffic, then it forwards to nginx. If it sees tinc
traffic, it forwards to tinc.
Essentially it hides tinc behind an https server, and as long as you can
access https websites on foreign networks, then you can probably access
your vpn. Works for me very well!
-Sent Mobile
On Jun 1, 2014 2:39 PM, "Sandy McArthur Jr" <sandy at mcarthur.org> wrote:
> Any tips or guidance on improving the probability of being able to connect
> to a Tinc daemon.
>
> I am currently on a guest wifi at a hospital for my in-laws family.
> Wanting to pass time and be semi productive, I tried to VPN back to my
> private networks but it appears the default port Tinc users is blocked.
>
> Here is what I know about their firewall:
>
> http://n3.netalyzr.icsi.berkeley.edu/summary/id=36ea240d-27416-f857b222-4083-4af8-abdd
>
> I wasn't able to find anything on this searching the Web. My initial
> thoughts are to take a location that doesn't need an https service and run
> a tinc node just for relaying on port 443. Can I just port forward from 443
> to 655 or should I create a new second host on the same machine.
>
> Any guidance is appreciated.
>
> Sandy McArthur, Jr.
>
> _______________________________________________
> tinc mailing list
> tinc at tinc-vpn.org
> http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20140601/d3f0c2bf/attachment.html>
More information about the tinc
mailing list