Matt,

On 12/12/19 11:01, Matt Thomas wrote:

Server is 192.168.0.10 Router is 192.168.0.1

It works fine internally:)

I add a port forward in the router for port 22 pointed at .0.10. Routers firewall all ready is configured to accept ssh on port 22 from any any.

When ever anyone attempts to connect to the server, a pop up shows on my screen. When i try to have my friends or co-workers try from there house or i try from public place, no pop up or hits on the server log. Just times out.

But if i put minecraft on port 22, it works. So certain traffic is making it through. Even hamachi vpn works fine BUT i cant install that on public PC's haha

I was about to say "this is clearly an issue with the port number, pick something other than 22" but if you say you can run Minecraft over port 22, then that's ... strange.

I wasn't aware that Minecraft servers could have their ports changed like that. You can really set up your Minecraft server to listen on localhost:22 and it doesn't use UPnP or anything like that to reconfigure your firewall/router?

My advice is to try configuring things like this:

Router: 192.168.0.1 Forward WAN connections to port e.g. 1022 -> 192.168.0.10:1022

Server: 192.68.0.1 Accept stunnel connections on port 1022 accept=:1022 connect=localhost:22

If that works, I might even try just changing the port number of your ssh/sftp service from the "standard" port to something else and trying again without stunnel in the mix.

I've never encountered an ISP which does deep packet inspection to block services. They usually just block ports.

-chris

On Thu, Dec 12, 2019, 7:58 AM Christopher Schultz <chris@christopherschultz.net mailto:chris@christopherschultz.net> wrote:

Matt,

On 12/11/19 17:53, Matt Thomas wrote:
> I need to know if Stunnel is going to accomplish what i need to do. My
> home ISP blocks protocol HTTP and SSH from coming in so that
people cant
> run their own website from home without paying the ISP for a
"Business" line
>
> All i am trying to do is have a SFTP server that i can access my dang
> files from while i am at school, work, friends house, library or
> wherever. I have tried ssh on multiple random ports and made sure all
> firewall rules and port forward rules were correct in my home
router. I
> know they work because i even went as far as setting up a minecraft
> server to just test the port forward rules out and sure enough, my
> friend 200 miles away can connect just fine to my home minecraft
> server.. But he can not connect to the ssh server. No logs are ever
> created on the server either because something is stoping the packet
> from even hitting my router, that something is my ISP
>
> Would stunnel allow me to make ssh traffic look like regular https
> traffic, thus allowing me to connect to my server at home so i can
do my
> homework??

Those other servers probably use TLS or plaintext connections. stunnel
uses TLS, but ssh/sftp use a slightly different protocol that may
possibly be distinguishable by a determined ISP.

I would think that using stunnel to tunnel SFTP/SSH would be possible,
though not strictly necessary. I suspect some other problem is
preventing you from succeeding.

Can you be more specific about exactly what you did for configuration?
Port numbers, specific things you did, etc? You don't have to disclose
your public IP address, but perhaps give the local IPs of your router
and home server, etc?

-chris

_______________________________________________
stunnel-users mailing list
stunnel-users@stunnel.org <mailto:stunnel-users@stunnel.org>
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users