ftasnetamot
commented
2 weeks ago Please describe what you are meaning with ping. The usual ping is sending out icmp-packets and that has nothing todo with sslh. Or, are you using a ping build in in one of your applications? In this case provide more information about that. In case you are using an tcp-based ping, you are walking right into a trap: I assume, that in this case a tcp-based ping is always opening new connections. In this case you are seeing the core sslh functionality: Sslh is listening for a connection. Once a packet is received, sslh is sending back the SYN-ACK and waiting for more data, as it needs this data to inspect and decide what to do next. Than sslh is opening a own connection to the final target, waiting for the SYN-ACK of this connection and than it sends the stored packet to the final application. After that sslh shovels all answers from the final target back to the client and all data coming from the client to the final target. So an application based tcp ping, which is only measuring connection starts, will tell you: Nonsense! To get real numbers, you have to analyze an tcpdump and the timing for the later packets. Here you will see (after my experience) 30ms-100ms more latency, usually all below 50ms, if the system has enough free ressources.
Saleh-Mumtaz
yrutschle
Hi, I want to thank you @yrutschle for your great project, this tool really comes in handy for beginners and newibies. I am using sslh to have a https website, another https website hidden and only accessed by special path(vpn control pannel), xray REALITY vpn, xray CDN vpn, telegram mtproto proxy, and also ssh on 443. I have compiled sslh on my server, an i am using sslh-ev executable. ubuntu 24.04. 1vcore 3.6GHz and 4gb ram. I am running it as a service.
1/I wanted to know why when I use --background switch in service file or manual running, it says code=6/NOTCONGIGUR? I don't want to configure other protocols, i don't need them.
2/And, when I use this setup, my ping(in v2rayng, xray client) inreases from 500ms to 1000 or 2000 and more, so much lagging, a lot of the times even no response. Is it natural and I can't do anything about it or my configuration is wrong?
For now, I placed xray as 443 manager, lost mtproxy and ssh on 443. ping is 400 to 600ms.
XRAY is on 4443 NGINX is on 8443 MTProxy is on 5443 SSH is on 6443
xray receives REALITY and CDN domains, handle the REALITY by it self, if it has a special path(xray can detect non-Reality and forward to specified local port or other websites) it will be redirected to local 8443, NGINX. If it is the CDN sni it will be redirected to NGINX(these are websocket connections).
Real REALITY connections are going through sslh-xray way. [ client <--> sslh:443 <--> xray:4443 | check if it is authentic REALITY request ]
NGINX will perform path based routing, decipher and return connections to xray local ports opened by it's inbounds. [ client <--> sslh:443 <--> xray:4443 <--> nginx:8443 <--> xray:inbound's_local_port ]
NGINX will show vpn control pannel by getting /special-path/ in url. [ client <--> sslh:443 <--> xray:4443 <--> nginx:8443 <--> x-ui:panel_port ]
MTProxy [ client <--> sslh:443 | check if sni == zula.ir <--> mtproxy:5443 ]
My /etc/sslh.cfg:
P.S I used the commented lines without third and fourth lines, it was okay but tested this new one. **** domains are REALITY(CDN-OFF) domain and CDN-ON domain. zula.ir is the fake-tls handshake site of mtproxy.