RFE: Connect across HTTP/SOCKS Proxy

[lars18th]

Hi,

Bounce support is great. However, in some cases only a TCP proxy is available to connect outside. Please, can you add support for connecting using HTTP and/or SOCKS PROXY?

Thank you!

[securesocketfunneling]

Hello,

This feature is in the TODO list :-)

We can't tell you right now when it will be implemented but it is one of our priority after the version 2.0.0 of SSF (new network layer).

Thanks for your interest.

[lars18th]

Ok. I hope you can implement it soon. ;)

Thank you!

[securesocketfunneling]

Hello,

We just pushed the 2.1.0 version on develop branch. It adds the support of HTTP proxy connection (CONNECT request). Basic, Digest, NTLM (Windows only) and Negotiate authentications are also supported. Have a look on the config file documentation and do not hesitate to give us feedback.

2.1.0 binaries will be added to the website ASAP.

[lars18th]

Thank you! I'll check soon. ;)

[securesocketfunneling]

An issue (#23) has been reported concerning the proxy (server name resolution client side and not proxy side), it will be fixed in the next release scheduled next week.

[securesocketfunneling]

2.2.0 binaries are out

[lars18th]

Hi,

New HTTP proxy support introduced in 2.1.0 is good. Thank you! However, SOCKS support will be also very useful. You'll implement it?

[securesocketfunneling]

Yes, it is planned.

We can't tell you when it will be available but we will definitely work on this for a future release.

[lars18th]

Great!

So, then finally will be possible to use SSF over SSF tunnel, right? This will be similar to end-to-end encryption: then you can use host-to-host encryption with bounce, and end-to-end encryption (second layer) over the SSF tunnel. Yeah!

Thank you.

[securesocketfunneling]

That's right but i don't know why someone would do that ;-) By the way, the end to end encryption (encryption over bounces) was added in 2.1.0 thanks to the transport protocol refactoring so it is already built-in.

[lars18th]

Hi,

the end to end encryption (encryption over bounces) was added in 2.1.0 thanks to the transport protocol refactoring so it is already built-in.

OK, that's "TLS layer over circuit layer"...

i don't know why someone would do that ;-)

I'm sure that you "hate" to use SSH, but in some environments (ISP admin) this is the only way... Then you only have the option of a SOCKS tunnel over SSH. In this particular scenario, it's best to have SOCKS poxy support for use SSF than HTTP proxy support. You agree?

[securesocketfunneling]

OK, that's "TLS layer over circuit layer"...

Exactly. My friend and I still need to unify the terms we are using. Sorry...

I'm sure that you "hate" to use SSH, but in some environments (ISP admin) this is the only way... Then you only have the option of a SOCKS tunnel over SSH. In this particular scenario, it's best to have SOCKS poxy support for use SSF than HTTP proxy support. You agree?

Ok, I see your point.

But don't worry, it is planned and we will keep you informed of the status of this feature :-)

[lars18th]

Hi,

I'm impatient for testing SSF over SSH (with socks redirection). Are there plans to release a test version soon?

Thank you!

[securesocketfunneling]

Hey ! We just came back from vacation.

We are working on it! At the moment, we tested the socks proxy feature on Windows and it seems to be alright. We need more tests on Linux and OS X before releasing the feature.

When it is ready for testing, we will attach an archive on this issue for you ;-) Thanks for your support !

[lars18th]

Great! Thank you @securesocketfunneling !

However, please, remember to provide a testing version without encryption enabled, like suggested in #28 . It's a pain to test it (SSF) over SSH socks needing certificates and encryption when running over a "secure tunnel".

[securesocketfunneling]

However, please, remember to provide a testing version without encryption enabled

We will see what we can do ;-)

[lars18th]

Great! I expect to see what you can do. ;)

[securesocketfunneling]

Connection through SOCKS proxy is now supported in version 3.0.0.