Hello, is it possible to implement "direct" protocol support?
For an example: You have OpenVPN TCP on a server and let's say SSH (or any other TCP software) and you want to use stunnel on the same port or under the same SNI. Configs would like: [server] accept = 443 protocol = direct
[client_openvpn_tcp] sni=test.com protocolHost = 127.0.0.1:2000 connect = server:443 accept = 127.0.0.1:2000
[client_ssh] sni=test.com protocolHost = 127.0.0.1:22 connect = server:443 accept = 127.0.0.1:222
I know, you can use "protocol = socks", but in this case you can't use this thing directly with your software that doesn't support socks5 (OpenVPN isn't a fully good example, because it supports socks5 proxy). SSH is a good example if you want to use it under TLS on the same port with OpenVPN TCP and other TCP applications. It will be useful for many other applications without socks5 support and if you won't occupy more than 1 port or SNI.
P.S.: I'm still trying to use socks5 code from stunnel to implement "direct" protocol, but i'm not very good at C.
Thanks.
I believe it will be very similar to socks5, when we send protocolHost (idk if we should use DNS names here at all) as 6 bytes header IPv4 (or whatever this length would be), on the server side we parse protocolHost, fetch IP/DNS Name and port, resolve, connect and start sending data back to the client.
Created this PR on Github: https://github.com/mtrojnar/stunnel/pull/20
Please, if you have time, check it out and if you have any concerns about memory leaking and etc - please advise.
-
stavultras@gmail.com