sslh version 1.8+

Questions to IPFire Addons.
ummeegge
Community Developer
Community Developer
Posts: 5001
Joined: October 9th, 2010, 10:00 am

Re: sslh version 1.8+

Post by ummeegge » April 28th, 2019, 5:56 pm

Hi digger,
have delivered now a patch to the mailinglist --> https://lists.ipfire.org/pipermail/deve ... 05792.html where changes are discussed. If this is done i can setup a sslh wiki and a description for your both use case might be great then. You both can write in here a step-by-step howto and i can write it into the Wiki ? As a first idea.

Best,

UE
Image
Image

digger
Posts: 18
Joined: August 13th, 2017, 10:32 am

Re: sslh version 1.8+

Post by digger » April 30th, 2019, 7:46 pm

Ok,

it will last some time, I'm on vacation.
Best
Digger

digger
Posts: 18
Joined: August 13th, 2017, 10:32 am

Re: sslh version 1.8+

Post by digger » June 21st, 2019, 7:11 am

Hi again,

in the meantime, I've got some trouble between sslh and ovpn n2n.
There should not be any interaction between them. In case of ovpn reconnect (both sides have dynamic IPs, running at a different, not sslh used port) the process stumbles.
Sometimes it's possible to terminate and restart the connection via gui. But the results are like a lottery and it lasts a long time.
Shutting down sslh first and then restarting the ovpn n2n results a quick connection. Then enbaling sslh again.
I think the problem is based on setting routes.

I've tried this to automate by a fcron started script, but thats obviously not the same.
Might it depend on user rights?

Any hints are welcome.

Best,
Digger

digger
Posts: 18
Joined: August 13th, 2017, 10:32 am

Re: sslh version 1.8+

Post by digger » December 17th, 2019, 9:54 pm

Hi again,

I've setup an new machine Core Update138 x86-64.
I run into an issue, sslh won't work with user sslh in my setup, firewall is blocking. Changing user to root, everything works fine.
Any hints how to solve this?

Greetings Digger

ummeegge
Community Developer
Community Developer
Posts: 5001
Joined: October 9th, 2010, 10:00 am

Re: sslh version 1.8+

Post by ummeegge » December 19th, 2019, 11:37 am

Hi,
may you need CAP_NET_BIND_SERVICE and CAP_NET_ADMIN --> http://www.rutschle.net/tech/sslh/README.html ?

Best,

UE
Image
Image

digger
Posts: 18
Joined: August 13th, 2017, 10:32 am

Re: sslh version 1.8+

Post by digger » December 20th, 2019, 3:47 pm

Hi ummeegge,

I activated that setcap stuff, but no success.
I'm using sslh not sslh-select.
The version installed was downloaded from your link.
Are the setcap options activated while compilation?

Best,

digger
Last edited by digger on December 21st, 2019, 11:30 am, edited 1 time in total.

ummeegge
Community Developer
Community Developer
Posts: 5001
Joined: October 9th, 2010, 10:00 am

Re: sslh version 1.8+

Post by ummeegge » December 20th, 2019, 9:25 pm

Hi digger,
digger wrote:
December 20th, 2019, 3:47 pm
I'm using sslh not sslh-select.The version installed was dowloaded from your link.
If you use my package you use sslh-fork.
digger wrote:
December 20th, 2019, 3:47 pm
Are the setcap options activated while compilation?
Currently it is not --> https://git.ipfire.org/?p=people/ummeeg ... f47625a2d2 but i ask myself if it makes sense since i think setcap is primarily used with sslh-select ?!

Am building currently all again in origin/next, should i integrate something else for some tests ?

Best,

Erik
Image
Image

digger
Posts: 18
Joined: August 13th, 2017, 10:32 am

Re: sslh version 1.8+

Post by digger » December 20th, 2019, 9:35 pm

Hi ummeege,

that would be great!
I don't need sslh-select.
I've used before the compilation of cmish (32bit) and ssh-fork with setcap activated.
Glad to know, why it fails.
An updated would be highly appreciated.
In my opinion it would be very useful, running it as a 'non-root'.

Thank you.

Best

Digger

Post Reply