<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Tue, Aug 12, 2014 at 4:15 PM, Guus Sliepen <span dir="ltr"><<a href="mailto:guus@tinc-vpn.org" target="_blank">guus@tinc-vpn.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div>On Tue, Aug 12, 2014 at 08:58:14AM -0400, Sandy McArthur Jr wrote:<br>
<br>
> Personally, I would like to see more fallback methods such as listening on<br>
> multiple ports with protocol encapsulation (HTTP Proxy Connect tunneling) .<br>
<br>
</div>Would it make sense for tinc to support HTTP Proxy Connect for incoming<br>
connections? Normally it's something you use for outgoing connections,<br>
and that is already implemented (Proxy = http ...). But for outgoing<br>
connections there is no way tinc could autodetect which proxy to use.<br></blockquote><div><br></div><div>Sorry, I didn't know/check that Tinc already can be configured to use HTTP's CONNECT. Maybe not the best example. There is WPAD but I've only ever seen it in use in once place.</div>
<div><a href="http://en.wikipedia.org/wiki/Web_Proxy_Autodiscovery_Protocol">http://en.wikipedia.org/wiki/Web_Proxy_Autodiscovery_Protocol</a><br></div>
<div> <br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
If you want to support incoming connections on port 80 or 443 for<br>
example, you can add multiple ListenAddress statements with different<br>
port numbers to tinc.conf. Or run a multiplexing frontend like sslh[1].<br>
<br>
If, for some reason, you are forced to only use proper HTTP requests,<br>
then maybe you mean something like BOSH[2]?<br>
<br>
[1] <a href="http://www.rutschle.net/tech/sslh.shtml" target="_blank">http://www.rutschle.net/tech/sslh.shtml</a><br>
[2] <a href="https://en.wikipedia.org/wiki/BOSH" target="_blank">https://en.wikipedia.org/wiki/BOSH</a></blockquote><div><br></div><div>I have had an intent to setup sslh but haven't as my home Tinc server (my gateway) isn't also my home webserver.</div>
<div><br></div><div><div>Reading the manual, I see tincd.conf can have multiple BindToAddress entries, can a host's config have multiple Port entries? The manual doesn't read as such: <a href="http://www.tinc-vpn.org/documentation-1.1/Host-configuration-variables.html#index-Port" target="_blank">http://www.tinc-vpn.org/documentation-1.1/Host-configuration-variables.html#index-Port</a></div>
<div><br></div></div><div><div>I'm speaking from a time where I was in a hospital visiting in-laws and unable to connect with the provided wifi to my home via Tinc or ssh because of their firewall. It's not really Tinc's fault I didn't anticipate the limits of my connectivity <br>
</div></div><div><br></div></div>-- <br>Sandy McArthur, Jr.<br><br><div>"No nation could preserve its freedom in the midst of continual warfare."</div><div>- Letters and Other Writings of James Madison (1865), Vol. IV, p. 491</div>
</div></div>