Update README.md

2017-10-30 11:24:29 -06:00 · 2017-10-30 11:24:29 -06:00 · 4a576da545
commit 4a576da545
parent af14149a13
1 changed files with 20 additions and 3 deletions
--- a/README.md
+++ b/README.md
@ -324,6 +324,11 @@ tcp:
        - _ssh.example.com      # Note: this domain would also listed in tls.acme.domains
      host: localhost
      port: 22
+    - type: proxy
+      domains:
+        - _vpn.example.com      # Note: this domain would also listed in tls.acme.domains
+      host: localhost
+      port: 1194
 ```

 _Note_: In same cases network administrators purposefully block ssh and vpn connections using
@ -351,11 +356,23 @@ Host example.com

 There are two strategies that will work well for you:

-1) [Use ssh](https://redfern.me/tunneling-openvpn-through-ssh/) with the config above to reverse proxy tcp port 1194 to you. (`ssh -L 1194:localhost:1194 example.com`)
+1) [Use ssh](https://redfern.me/tunneling-openvpn-through-ssh/) with the config above to reverse proxy tcp port 1194 to you.

-2) [Use stunnel](https://git.daplie.com/Daplie/node-tunnel-client)
+```bash
+ssh -L 1194:localhost:1194 example.com
+```

-3) Use stunnel.js as described in the "tunnel_server" section below
+2) [Use stunnel]https://serverfault.com/questions/675553/stunnel-vpn-traffic-and-ensure-it-looks-like-ssl-traffic-on-port-443/681497)
+
+```
+[openvpn-over-goldilocks]
+client = yes
+accept = 127.0.0.1:1194
+sni = _vpn.example.com
+connect = example.com:443
+```
+
+3) [Use stunnel.js](https://git.daplie.com/Daplie/node-tunnel-client) as described in the "tunnel_server" section below.

 ### tcp.forward