Hi Dear,
Need help- I am working in setup where all client connection would come into "Nginx --> to SSLH --> backend(ssh, tls, softether) . One of the backend is Softethr VPN server/cluster.
Now my question is - does soft-ether traffic can be distinguished with other HTTPs traffic by looking into first few bytes of client connection ? normally this set up worked with Openvpn protocol, but since I am using SE native client ( gives better performance) SSLH does not support outof the box.
I am trying to build something customize where SE traffic can be distinguished from regular https traffic , normally we can do that by looking into few first bytes of the connection from client.
Anyhelp on this regard is greatly helpful. Please let me know if any questions .
Using Softether with SSLH
-
solo
- Posts: 1867
- Joined: Sun Feb 14, 2021 10:31 am
Re: Using Softether with SSLH
No, use SSLH "anyprot" for SoftEther as default target address.
-
suddhasilsarkar
- Posts: 15
- Joined: Mon Feb 16, 2026 3:26 pm
Re: Using Softether with SSLH
Thanks Solo, my problem is we also have "regular https/tls" traffic which going into different backend , so either or , if I use anyport that means all traffic will go to either that endpoint or to softether. Can we build something based on the softether traffic initial packet ? which can differentiate that ?
-
suddhasilsarkar
- Posts: 15
- Joined: Mon Feb 16, 2026 3:26 pm
Re: Using Softether with SSLH
Hi Solo,
Found a way for now - I see softether client sending IP as SNI as well, not only DNS of the server. I used that logic in the sslh since sslh v2.0+ support SNI based routing. Just would like to confirm if you aware of this that SE does send ip as SNI filed in the connection ?
I have decoded the tcpdump and found this . Any info in this regard would be greatly helpful
Thanks again for all help.
Found a way for now - I see softether client sending IP as SNI as well, not only DNS of the server. I used that logic in the sslh since sslh v2.0+ support SNI based routing. Just would like to confirm if you aware of this that SE does send ip as SNI filed in the connection ?
I have decoded the tcpdump and found this . Any info in this regard would be greatly helpful
Thanks again for all help.
-
solo
- Posts: 1867
- Joined: Sun Feb 14, 2021 10:31 am
Re: Using Softether with SSLH
Yes, Network.c
Code: Select all
// Get SNI name from the data that has arrived to the TCP connection before accepting an SSL connection
bool GetSniNameFromPreSslConnection(SOCK *s, char *sni, UINT sni_size)
{
UCHAR tmp[1500];
UINT size;
// Validate arguments
if (s == NULL || sni == NULL)
{
return false;
}
size = Peek(s, tmp, sizeof(tmp));
if (size == 0)
{
return false;
}
return GetSniNameFromSslPacket(tmp, size, sni, sni_size);
}