I followed this tutorial to install the SSLH package to handle both web hosting and openvpn in my ubuntu 18 server.
However, my server can just handle very limit public incoming port, such as 80,443,1193 (TCP only), for security reason but no limitation for the port use amongst the intranet. For example: I can connect 10.10.10.2:63952 (ip from intranet:any port) to 10.10.10.1:63952 (my server:any port) or 8.8.8.2:443 (public ip:443) to 10.10.10.1:443 (my server:443), but not 8.8.8.2:63952 (public ip:random port) to 10.10.10.1:63952 (my server:random port)
After I installed SSLH, I found openvpn worked in intranet but not public ip. I got into the syslog and found many https connections fired from sslh daemon randomly. That's why I noticed the SSLH daemon fires ips and ports randomly when I successfully connected it from intranet but not for the public ip.
This is the syslog when I successfully connected to openvpn from an intranet ip:
Nov 10 16:09:31 joe-ubuntu sslh[34055]: openvpn:connection from 10.10.10.2:63952 to joe-ubuntu:https forwarded from localhost:56122 to localhost:openvpn (That is intranet ip with random port connecting to my server with random port)
expected outcome: Nov 10 16:09:31 joe-ubuntu sslh[34055]: openvpn:connection from 8.8.8.2:443 to joe-ubuntu:https forwarded from localhost:443 to localhost:openvpn
My Config in /etc/default/sslh DAEMON_OPTS="--user nobody --listen 10.10.10.1:443 --ssl 127.0.0.1:443 --openvpn 127.0.0.1:1194 --pidfile /var/run/sslh/sslh.pid".
Server listening ip: 127.0.0.1, port 1193/tcp. Client connecting port 443/tcp.
The ip and port raised by SSLH seems arbitrary. How can I fix this problem by editing /etc/default/sslh so I could direct 8.8.8.2:443 to localhost:openvpn? Thank you.
