SSL port multiplexer (SSH, OpenVPN, HTTPS on one port)

Michael Torrie torriem at gmail.com
Wed Aug 16 13:28:30 MDT 2017


On 08/16/2017 11:49 AM, John Nielsen wrote:
> Thanks for sharing! I'm going to give this a try and see if I can
> stop paying for a 2nd IP on my VPS just to run a firewall-friendly
> OpenVPN server.

Yes my thoughts exactly!  One of the interesting things is that if big
brother saw traffic to this IP address at this port, if they hit it with
a web request they'd get a page.  So it be helpful if you were traveling
in China.  Though packet inspection could easily differentiate between
ssh and ssl, but you can tunnel ssh over ssl, and the docs for sslh
describe how to do that.  But for most purposes, it should work fine
without.

If you need to have more than one name (hostname) on a certificate, the
mechanism is the "subject alternate name" field.  This is supported by
most browsers, most ssl clients, and you can sign such certs using Let's
Encrypt, which supports SAN. Not all registrars let you sign a cert with
SANs.



More information about the PLUG mailing list