Port forwarding to M:localhost:N does not work

[mtmiller]

A typical port forwarding pattern with ssh is something like ssh -L 8080:localhost:80 to access a service running on the remote machine itself.

This does not work with ocproxy -L 2222:localhost:22, where the openconnect server provides ssh access. However, specifying the server's localnet IP address does work, e.g. ocproxy -L 2222:192.168.1.1:22.

At a minimum it would be helpful to document this exception to commonly expected behavior.

At a stretch, maybe automatically replace localhost with INTERNAL_IP4_ADDRESS?

[cernekee]

At a stretch, maybe automatically replace localhost with INTERNAL_IP4_ADDRESS?

I think you would want VPNGATEWAY? But that's an external IP address so it may or may not work, depending on the setup.

[mtmiller]

Right, VPNGATEWAY. But yes, I have no idea if this is safe for every setup, just that that's what I intended localhost to mean for my setup.

[mtmiller]

fa6cdaa0 takes care of the "at a minimum", so you can close this if anything else seems like overreach.