openconnect
sslh
| openconnect | sslh | |
|---|---|---|
| 13 | 44 | |
| - | 4,401 | |
| - | - | |
| - | 8.5 | |
| - | 7 days ago | |
| C | ||
| - | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
openconnect
-
Backdoor in upstream xz/liblzma leading to SSH server compromise
A lot of software (including https://gitlab.com/openconnect/openconnect of which I'm a maintainer) uses libxml2, which in turn transitively links to libzma, using it to load and store compressed XML.
I'm not *too* worried about OpenConnect given that we use `libxml2` only to read and parse uncompressed XML…
But I am wondering if there has been any statement from libxml2 devs (they're under the GNOME umbrella) about potential risks to libxml2 and its users.
-
Actual SSH over HTTPS
From the article:
> Ubiquitous presence of HTTPS allows you to pass your data through very restrictive middle boxes!
This is, in fact, why all — or nearly all — proprietary VPN protocols (so-called "SSL VPNs") implement a mode that initiates a tunnel via HTTPS, at least as a fallback if not as the primary mode of operation: precisely in order to have a mode of operation that works with almost any connection to the global Internet.
I'm one of the main developers of https://gitlab.com/openconnect/openconnect, which implements many such protocols, and wrote https://github.com/dlenski/what-vpn, which sniffs or identifies even more flavors of TLS-based VPN servers.
-
OpenConnect stopped working: Unexpected 404 result from server
Found the solution: It's as simple, as changing the user agent with --useragent=AnyConnect. This is ridiculous. https://gitlab.com/openconnect/openconnect/-/issues/544
-
Work from home (WFH) while travelling internationally?
Source: I am one of the lead developers of OpenConnect, a popular open-source client for many corporate VPNs, and have done all of the above.
-
How to vet an untrusted open-source project?
Be careful you're not using an illicit fork. https://gitlab.com/openconnect/openconnect
-
Which SLT package is better if I want the best consistent speed? would they reduce the speed in the unlimited package?
I personally have an openconnect server, and I patched their client to let me specify the SNI, (it's set to the server's hostname by default (https://gitlab.com/openconnect/openconnect/-/blob/master/gnutls.c#L2366), but it's optional in the anyconnect protocol spec)
-
GlobalProtect from PaloAlto: "Cannot connect to local gpd service."
Thank you, trying openconnect for multiple hours, but cannot auth, created issue about that https://gitlab.com/openconnect/openconnect/-/issues/446
-
Overriding a minimum EC2 sizing from a vendor
If this is for anything other than AnyConnect I feel like you're better off with a t4g.nano running OpenVPN. If it's AnyConnect, you can run OpenConnect.
- Linux user has to migrate to Windows or Mac
-
Create second MacOS VM within MacOS install
I had similar issue with Fortinet VPN. Try using something like https://gitlab.com/openconnect/openconnect. Run this from terminal to connect to VPN when needed. If this doesn't work search for global protect open source and there are other options.
sslh
- Actual SSH over HTTPS
-
SSH3: SSH using HTTP/3 and QUIC
That already has a (brutal) solution now - sslh https://www.rutschle.net/tech/sslh/README.html - the current version is more sophisticated, but it was originally just a perl script that would send the connection to sshd or the https web server, based on regex matching on an initial string (and I probably timing out and going to sshd if it didn't see one? Something like that, I haven't dug out the old code to check.)
- Sslh – Use HTTPS and SSH on the same port
-
Jellyfin (open source Plex) moves from Reddit to its own traditional-style MyBB forum
Maybe something like https://github.com/yrutschle/sslh would work? Although it will probably break mobile client as well.
- Tunwg: Access your HTTP servers anywhere with end to end TLS with self hosted server option.
- Reverse Proxies on OpenWRT
- 443 port sharing
-
What is the program that lets you run multiple services on port 443?
I think you're looking for sslh.
-
How to setup IRC server with NPM?
However, there is a hacky tool that should fit your use case, you could try that: https://www.rutschle.net/tech/sslh/README.html
-
Best easy way to SSH from outside network?
I haven’t tried it but have a look here. TBH I didn’t even know sslh supported UDP!
What are some alternatives?
GlobalProtect-openconnect - A GlobalProtect VPN client for Linux, written in Rust, based on OpenConnect and Tauri, supports SSO with MFA, Yubikey, and client certificate authentication, etc.
chisel - A fast TCP/UDP tunnel over HTTP
macos-virtualbox-vm - Instructions and script to help you create a VirtualBox VM running macOS.
headscale-ui - A web frontend for the headscale Tailscale-compatible coordination server
rsa_ct_kip - Provision an RSA SecurID token with RSA's CT-KIP protocol
wstunnel - Tunnel all your traffic over Websocket or HTTP2 - Bypass firewalls/DPI - Static binary available
openconnect - OpenConnect client extended to support Palo Alto Networks' GlobalProtect VPN
cmux - Connection multiplexer for GoLang: serve different services on the same port!
gp-saml-gui - Interactively authenticate to GlobalProtect VPNs that require SAML
AntiZapret-V2Ray - V2Ray rule generator to circumvent censorship by the Russian government and evade DPI
stencil-golang - Template repository for Golang applications
yewtube - Terminal based YouTube player and downloader. No Youtube API key required. Forked from https://github.com/mps-youtube/mps-youtube