[stunnel-users] VNC, STUNNEL & HTTPTUNNEL ----- (((VNC)SSL)HTTP)
yves.rutschle at c-s.fr
Mon Feb 25 09:39:29 CET 2008
sean bhola a écrit :
> I need to connect to my PC at work from home. The firewall at work has
> only ports 80 (http) and 443 (https) open, I also think there is a
> proxy. I was wondering which scenario would work.
A general problem here is that you can't reach your machine at work
because of the firewall + proxy: the only solution is to have the
machine at work connect to the machine at home, and create a reverse
tunnel. That's perfectly possible but inconvenient (for one, you can't
control the machine at work to create or re-create the tunnel if it breaks).
You can do that with either stunnel or ssh.
> 1: To encapsulate vnc traffic within ssl using stunnel and pass it
> though port 443, OR
This should work fine: run stunnel at home listening on 443, and, from
work, connect through the proxy (you'll probably need something like
> 2: To encapsulate vnc traffic within ssl using stunnel, then
> encapsulate that within http using httptunnel and pass through port 80
Probably won't go through the proxy -- proxys tend to try and understand
the traffic that's going through them. I may be wrong thought, there are
many different kind of proxys out there.
> 3: To encapsulate vnc traffic within http, then encapsulate that
> within ssl using stunnel and pass through port 443
Should work, but it's just the same as number 1 with http encapsulation,
which you don't need. Once you're carrying SSL through the
proxy/firewall, it makes no difference what's in that SSL (http or VNC),
as the proxy can't see it anyways.
More information about the stunnel-users