![]() Maintenant, j'obtiens l'erreur suivante : ![]() Je suis à court d'idées alors si l'un d'entre-vous en a une.Īprès quelques recherches supplémentaires, j'ai légèrement modifi é nf : Please make sure you understand them (especially the effect of chroot j ail) Some options used here may not be adequate for your particular configur ation ![]() Initialement tout fonctionnait, mais depuis une mise à jour, impossible de me connect er de l'extérieur. Je voudrais cr éer un tunnel https mon serveur web ne m'implémentant pas. Je me débats un peu avec la configuration de stunnel4. Je suis =E0 court d'id=E9es alors si l'un d'entre-vous en a une. Some debugging stuff useful for troubleshooting Some security enhancements for UNIX systems - comment them out on Win32 Protocol version (all, SSLv2, SSLv3, TLSv1) Certificate/key is needed in server mode and optional in client mode Please make sure you understand them (especially the effect of chroot jai= Some options used here may not be adequate for your particular configurat= Sample stunnel configuration file by Michal Trojnara 2002-2006 T fonctionnait, mais depuis une mise =E0 jour, impossible de me connecter d=Į l'ext=E9rieur. R un tunnel https mon serveur web ne m'impl=E9mentant pas. So in the end it depends on how your configuration is allowed to look like, and ofc performance.Je me d=E9bats un peu avec la configuration de stunnel4. I have an AsusWrt router, and there is not much choice there, just OpenVPN. This means that any attacker that actually tries to connect to the server (some advanced firewalls will try to connect via HTTPS and since Stunnel + OpenVPN alone will make that fail, the firewall will block the connection anyway), will see a normal run of the mill HTTPS server on the other end (he could test for openvpn too but that is just something you have to accept).Īnd another bummer too, since HTTPS connections are usually short, the firewall can just cut connections of xxx minutes or seconds, and that would kill large downloads and also any VPN connections that did manage to get by. ![]() To completely hide the VPN traffic to make it look like pure TLS, Stunnel is the way to go, and using something like SSLH, means that you can run both HTTPS server and OpenVPN on the Stunnel port, and SSLH will forward the traffic depending on the handshake. It will still look like OpenVPN traffic though. To get around most blocks (not Egypt cos they check packet length and other things for deep blocking, and server white lists), the best way would be to change to a common port like 443, enable tls-crypt on the server and sure use TCP, but i haven’t seen any reports of needing to change to TCP with tls-crypt enabled.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |