How to work from behind proxies ? (with patch providing a partial solution)

[Jan Hudec]

On Thu, Jul 27, 2006 at 11:28:03AM +0100, martin f krafft wrote:
> also sprach Vincent LADEUIL <v.ladeuil at alplog.fr> [2006.07.27.1045 +0100]:
> > Hmmm. So  you propose to install  OpenVPN on the H  host only and
> > not  on the  F  one (where  I  lack admins  privileges to  modify
> > network setup) ? Care to elaborate a bit on your setup then ?
> 
> Laptop -> HTTP Proxy -> Firewall -> [Internet] -> my machine:443
> 
> In your case I'd run it on H and make both F and W connect to it.
> You could then automatically connect from W to F and vice versa.
> 
> > 
> > How  would I  handle https  connections  for the  H https  server
> > already listening on 443 ?
> 
> Ah, you cannot really do that.
> 
> But what you could do, and I've long wanted to implement this, is
> write a stupid daemon that listens on port 443 and will wait for
> a configurable (small) amount of time for traffic from the client.
> If it gets traffic, it passes the connection off to apache. If it
> does not get traffic, it passes off to sshd. This should work
> because http and ssh do differ in who says the first word in
> a connection: the client issues a request for HTTP, but waits for
> the server banner for SSH.
> 
> I'll reply privately from now on, but wanted to make the above idea
> more public to increase the chance of someone picking up on it. :)

There is one more way. You can tell appache to CONNECT you to the ssh
server. Apache is capable of accepting both encrypted and unencryped
traffic on the same port, so the CONNECT request does not have to be
SSL-wrapped (but can in case your HTTP proxy checks connections to 443
for SSL startup). Putty does not seem to be able to do tunelling through
2 proxies, but openssh with corcscrew or some similar tool certailnly
can.

--------------------------------------------------------------------------------
                  				- Jan Hudec `Bulb' <bulb at ucw.cz>