[stunnel-users] VNC, STUNNEL & HTTPTUNNEL ----- (((VNC)SSL)HTTP)

Yves Rutschle yves.rutschle at c-s.fr
Mon Feb 25 09:39:29 CET 2008


sean bhola a écrit :
> I need to connect to my PC at work from home. The firewall at work has 
> only ports 80 (http) and 443 (https) open, I also think there is a 
> proxy. I was wondering which scenario would work.

A general problem here is that you can't reach your machine at work 
because of the firewall + proxy: the only solution is to have the 
machine at work connect to the machine at home, and create a reverse 
tunnel. That's perfectly possible but inconvenient (for one, you can't 
control the machine at work to create or re-create the tunnel if it breaks).

You can do that with either stunnel or ssh.

>  1: To encapsulate vnc traffic within ssl using stunnel and pass it 
> though port 443,    OR

This should work fine: run stunnel at home listening on 443, and, from 
work, connect through the proxy (you'll probably need something like 
corkscrew).

>  2: To encapsulate vnc traffic within ssl using stunnel, then 
> encapsulate that within http using httptunnel and pass through port 80

Probably won't go through the proxy -- proxys tend to try and understand 
the traffic that's going through them. I may be wrong thought, there are 
many different kind of proxys out there.

>     OR
>  3: To encapsulate vnc traffic within http, then encapsulate that 
> within ssl using stunnel and pass through port 443

Should work, but it's just the same as number 1 with http encapsulation, 
which you don't need. Once you're carrying SSL through the 
proxy/firewall, it makes no difference what's in that SSL (http or VNC), 
as the proxy can't see it anyways.

Y.



More information about the stunnel-users mailing list