[stunnel-users] My home ISP blocking ssh protocol

pepak at seznam.cz pepak at seznam.cz
Thu Dec 12 07:10:06 CET 2019


> I need to know if Stunnel is going to accomplish what i need to do. My home
> ISP blocks protocol HTTP and SSH from coming in so that people cant run
> their own website from home without paying the ISP for a "Business" line


> Would stunnel allow me to make ssh traffic look like regular https traffic,
> thus allowing me to connect to my server at home so i can do my homework??

Well, yes and no:

Yes: Your SSH traffic will be wrapped in the standard TLS protocol,
which would make it impossible for the ISP to determine what's inside.
They wouldn't be able to determine the actual contents of the traffic,
although they could make good guesses based on the packet metadata
(direction, size, frequency, time between packets, etc.). But they
won't be able to scan packet headers and determine that "hey, this is
SSH, let's block it!".

No: Part of the answer lies above: using statistical methods, it may
be possible to distinguish SSH from something else. The other part
lies in the fact that the ISP doesn't really have to do it - if they
feel like it, they could e.g. block all incoming traffic unless it is
a response to a prior outgoing traffic, or block all incoming traffic
unless it can be determined that it is one of a selected few permitted

Likely you won't run into the "No" part of the answer, and in that
case Stunnel will serve nicely (I use it in this scenario, myself).
But you might. In that case, you may want to use something like TCP/IP
Gender Changer (which basically creates a tunnel with reverse
directions), either alone or in combination with Stunnel.


More information about the stunnel-users mailing list