From 4a576da5455bf81fbe3a13c3282d45fe0981a083 Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Mon, 30 Oct 2017 11:24:29 -0600 Subject: [PATCH] Update README.md --- README.md | 23 ++++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 7deca89..b0ec7d6 100644 --- a/README.md +++ b/README.md @@ -324,6 +324,11 @@ tcp: - _ssh.example.com # Note: this domain would also listed in tls.acme.domains host: localhost port: 22 + - type: proxy + domains: + - _vpn.example.com # Note: this domain would also listed in tls.acme.domains + host: localhost + port: 1194 ``` _Note_: In same cases network administrators purposefully block ssh and vpn connections using @@ -351,11 +356,23 @@ Host example.com There are two strategies that will work well for you: -1) [Use ssh](https://redfern.me/tunneling-openvpn-through-ssh/) with the config above to reverse proxy tcp port 1194 to you. (`ssh -L 1194:localhost:1194 example.com`) +1) [Use ssh](https://redfern.me/tunneling-openvpn-through-ssh/) with the config above to reverse proxy tcp port 1194 to you. -2) [Use stunnel](https://git.daplie.com/Daplie/node-tunnel-client) +```bash +ssh -L 1194:localhost:1194 example.com +``` -3) Use stunnel.js as described in the "tunnel_server" section below +2) [Use stunnel]https://serverfault.com/questions/675553/stunnel-vpn-traffic-and-ensure-it-looks-like-ssl-traffic-on-port-443/681497) + +``` +[openvpn-over-goldilocks] +client = yes +accept = 127.0.0.1:1194 +sni = _vpn.example.com +connect = example.com:443 +``` + +3) [Use stunnel.js](https://git.daplie.com/Daplie/node-tunnel-client) as described in the "tunnel_server" section below. ### tcp.forward