SSL port multiplexer (SSH, OpenVPN, HTTPS on one port)

Michael Torrie torriem at gmail.com
Tue Aug 15 12:44:19 MDT 2017


I just discovered a neat little project that may be of interest to some
of you. It's called sslh[1] and it's a smart SSL port multiplexer that
allows you to run SSH, HTTPS, OpenVPN, and other protocols (can be
expanded using regex rules to custom protocols) all on the same port,
for example port 443. Why would you want to do this? Well in some public
networks port 22 or the OpenVPN ports are blocked, but port 443 is
rarely blocked.  So you can run your web server, vpn server and sshd all
on port 443 as it were and sslh will forward the packets to the right
local server based on what kind of protocol it detects.  As well, it can
differentiate between protocols wrapped inside SSL by inspecting the
unencrypted bytes as they come in. This of course means that the sslh
daemon has to have the necessary certificate to offer SSL connections,
and that cert would have to have the right Common Name aliases to handle
all the different host names (virtual hosts) that might be using that port.

sslh is in most distros standard repository.  It's a neat little gem
that for me has been lying there undiscovered for some time.  Here's a
basic howto article:

https://www.ostechnix.com/sslh-share-port-https-ssh/

And of course the projects website has more information, such as how to
multiplex openvpn as well, and use transparent IP proxying in
conjunction with it to preserve the source IP addresses for logging, and
make things like fail2ban work:

[1] http://www.rutschle.net/sslh

Pretty neat. I'm going to set this up on my VPS when I get some time.
Would be interested to know if anyone else has used this or would like
to set it up.


More information about the PLUG mailing list