Hi, I guess if I were in your shoes I'd do this:<div><br></div><div>Set up a "server" (preferably one that has a spare IP address) so that SSH listens on 443 or 80. With this you can do many useful things. You can SSH into any box by setting up your SSH config like this:</div>
<div><br></div><div>Host some.computer</div><div> HostName ip.address.of.host</div><div> ProxyCommand ssh user@server:443 nc -q0 %h %p</div><div><br></div><div>Then you can ssh some.computer and you'll proxy through your host.</div>
<div><br></div><div>You can also run:</div><div><br></div><div>ssh -ND 8080 user@server:443</div><div><br></div><div>(nothing will appear to happen because of -N)</div><div><br></div><div>Then set up your browser, e-mail or chat program to use localhost:8080 as a SOCKS proxy. Internet explorer doesn't like this because it will want you to configure the proxy at the system level which may not work for you. However Firefox will work just fine.</div>
<div><br></div><div>In order to set up an SSH server to listen on port 443 or 80 you'll have to first make sure they're not being used. If you have Apache on the server you can disable mod_ssl and it should leave 443 alone or I *think* you can use this configuration in Apache to make it listen to only one address:</div>
<div><br></div><div>Change </div><div>Listen 80</div><div>Listen 443</div><div><br></div><div>to</div><div>Listen 111.222.333.444:80</div><div><div>Listen 111.222.333.444:443</div><div>(assuming you have a second ip address, this will cause Apache to listen to only one of them)</div>
<div><br></div><div>In sshd_config you can add a statement like this:</div><div>ListenAddress 111.222.333.444:443</div><div>in *addition* to what you already have there. </div><div><br></div><div class="gmail_quote">On Fri, Sep 9, 2011 at 8:33 AM, L. V. Lammert <span dir="ltr"><<a href="mailto:lvl@omnitec.net">lvl@omnitec.net</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div class="im">On Fri, 9 Sep 2011, Paul Gray wrote:<br>
<br>
> I've seen a lot of discussion, but no true answers to the original question.<br>
><br>
</div>> You can run openvpn on a remote server on port 443 and it will<br>
<div class="im">> accomplish > all that you're looking to do. (I have done it, am doing<br>
> it, and have encountered numerous situations where it's warranted.)<br>
><br>
</div>A vpn is not the solution - in addition to messing with the network config<br>
on the client, the outbound proxy does not seem to allow them.<br>
<br>
The interesteing part is that the proxy does not work with tools like<br>
connection-proxy or corkscrew [at least I could not get them to work].<br>
<br>
TFTR,<br>
<br>
Lee<br>
<div><div></div><div class="h5">_______________________________________________<br>
Cialug mailing list<br>
<a href="mailto:Cialug@cialug.org">Cialug@cialug.org</a><br>
<a href="http://cialug.org/mailman/listinfo/cialug" target="_blank">http://cialug.org/mailman/listinfo/cialug</a><br>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br>Matthew Nuzum<br>newz2000 on freenode, skype, linkedin and twitter<br><br><p>
</p><p><span>♫</span> You're never fully dressed without a smile! <span>♫</span></p><p></p><br>
</div>