openwrt
/
proxytunnel
mirror of https://github.com/JulAlx/proxytunnel.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
14 Commits
1 Branch
0 Tags
40 KiB
 
Tree: 941fe0ad52
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '941fe0ad52'
${ noResults }
proxytunnel/files/proxytunnel.template

139 lines
5.6 KiB
Raw Blame History

-----------
proxytunnel
-----------
Author: Jos Visser <josv@osp.nl>, Mark Janssen <maniac@maniac.nl>
Hi all,
This is proxytunnel, a program that connects stdin and stdout
to an origin server somewhere in the Internet through an industry
standard HTTPS proxy. I originally wrote this program to be used
as an extension to SSH, to be able to SSH to my box at home. In
this file, I will describe the use with SSH. If you want to use it
with some other application, feel free, and let me know!
Usage:
Proxytunnel is very easy to use, when running proxytunnel with the help
option it specifies it's command-line options.
$ ./proxytunnel --help
proxytunnel 1.9.9 Copyright 2001-2018 Proxytunnel Project
Usage: proxytunnel [OPTIONS]...
Build generic tunnels through HTTPS proxies using HTTP authentication
Standard options:
-i, --inetd Run from inetd (default: off)
-a, --standalone=INT Run as standalone daemon on specified port
-p, --proxy=STRING Local proxy host:port combination
-r, --remproxy=STRING Remote proxy host:port combination (using 2 proxies)
-d, --dest=STRING Destination host:port combination
-e, --encrypt SSL encrypt data between local proxy and destination
-E, --encrypt-proxy SSL encrypt data between client and local proxy
-X, --encrypt-remproxy SSL encrypt data between local and remote proxy
-L (legacy) enforce TLSv1 connection
-T, --no-ssl3 Do not connect using SSLv3
Additional options for specific features:
-z, --no-check-certficate Don't verify server SSL certificate
-C, --cacert=STRING Path to trusted CA certificate or directory
-F, --passfile=STRING File with credentials for proxy authentication
-P, --proxyauth=STRING Proxy auth credentials user:pass combination
-R, --remproxyauth=STRING Remote proxy auth credentials user:pass combination
-N, --ntlm Use NTLM based authentication
-t, --domain=STRING NTLM domain (default: autodetect)
-H, --header=STRING Add additional HTTP headers to send to proxy
-o STRING send custom Host Header
-x, --proctitle=STRING Use a different process title
Miscellaneous options:
-v, --verbose Turn on verbosity
-q, --quiet Suppress messages
-h, --help Print help and exit
-V, --version Print version and exit
To use this program with OpenSSH to connect to a host somewhere, create
a $HOME/.ssh/config file with the following content:
Host foobar
ProtocolKeepAlives 30
ProxyCommand /path/to/proxytunnel -p proxy:8080 -P username
-d mybox.athome.nl:443
With:
- foobar The symbolic name of the host you want to connect to
- proxy The host name of the proxy you want to connect through
- 8080 The port number where the proxy software listens to
- username Your proxy userid (password will be prompted)
- mybox.athome.nl The hostname of the box you want to connect to (ultimately)
- 443 The port number of the SSH daemon on mybox.athome.nl
If your proxy doesn't require the username and password for using it,
you can skip these options. If you don't provide the password on the
command-line (which is recommended) you will be prompted for it by
proxytunnel. If you are on a trusted system you can also put the
password in an environment variable, and tell proxytunnel where to
find it with '-S'.
If you want to run proxytunnel from inetd add the '--inetd' option.
Most HTTPS proxies do not allow access to ports other than 443 (HTTPS)
and 563 (SNEWS), so some hacking is necessary to start the SSH daemon on
the required port. (On the server side add an extra Port statement in
the sshd_config file, or use a redirect rule in your firewall.)
When your proxy uses NTLM authentication (like Microsoft IIS proxy)
you need to specify -N to enable NTLM, and then specify your username
and password (and optionally domain, if autodetection fails).
The NT domain can be specified on the commandline if the
auto-detection doesn't work for you (which is usually doesn't)
If you want to have the first proxy connect to another http proxy (like
one you can control, specify -r proxy2:port. The first proxy will then
connect to this remote proxy, which will be asked to connect to the
requested destination. Note that authentication doesn't (yet) work on
this remote proxy. For more information regarding this feature, check
out http://dag.wieers.com/howto/ssh-http-tunneling/
If your proxy is more advanced, and does protocol inspection it will
detect that your connection is not a real HTTPS/SSL connection. You
can enable SSL encryption (using -e), which will work around this
problem, however, you need to setup stunnel4 on the other side, or
connect to a process that understands SSL itself.
When all this is in place, execute an "ssh foobar" and you're in business!
Environment Variables
=====================
Proxytunnel can make use of the following environment variables:
PROXYUSER Username for the proxy-authentication
PROXYPASS Password for the proxy-authentication
REMPROXYUSER Username for remote proxy-authentication
REMPROXYPASS Password for remote proxy-authentication
HTTP_PROXY Primary proxy host and port information
Format: HTTP_PROXY=http://<host>:<port>/
Authentication File
===================
Proxytunnel can read authentication data from a file (-F/--passfile)
The format for this file is:
<field> = <value>
<field> = <value>
etc
One entry per line, 1 space before and after the equal sign.
The accepted fields are:
* proxy_user
* proxy_passwd
* remproxy_user
* remproxy_passwd
Share and Enjoy!
Jos Visser <josv@osp.nl>
Mark Janssen <maniac@maniac.nl>