sslh和stunnel v5.24开始内置socks5代理

stunnel在v5.24版本出现了一个新的实例，这个实例可能是用来全局翻的，可惜没在openwrt下面配置成功，但是stunnel v5.24内置了socks代理而且是个同时支持ipv4+ipv6的，不再需要借助第三方的socks代理，好像一下看视频时缓冲性能都好了很多，至少增加了200kbps。

Transparent SOCKS-based VPN configuration
https://www.stunnel.org/socksvpn.html
服务器上的服务器端
[SOCKS Server]
PSKsecrets = secrets.txt
accept = :::9080
protocol = socks
服务器上的客户端，因为有些服务仍然需要一个socks代理前端，就单独用一个配置文件，这样同一台服务器是可以同时运行服务器端+客户端
[SOCKS Client Direct]
client = yes
TIMEOUTconnect = 10
PSKsecrets = secrets.txt
accept = :::1080
connect = ::1:9080

socat -d -d -d tcp4-listen:1080,bind=127.0.0.1,connect-timeout=30,keepalive,reuseaddr,debug,fork openssl:0.0.0.0:9080,cert=./1.pem,verify=0

sslh刚看到它的描述时，这不是解决传说中的墙会返回探测端口的服务真实用途吗？没错，非常NB的软件，哈哈。按测试的结果可以同时在一个80端口加载 http ssl ssh，而且可能不局限于此，因为两个混淆工具ossh obfs4proxy竟然都可以和客户端正常连接工作。这样在一些严格屏蔽网络端口的环境，但通常会开放用于网页浏览服务的tcp 80 443端口，就可以在这两个端口上实现增值服务了，当然也许前提是网络中不存在所谓的dpi深度包检测工具。以前从来没用过80端口，即便是支持混淆的工具在非常规端口能有1400kbps就差不多了，可是80是经常1600kbps。要注意如果连接有问题的选项，可以尝试比如–ssl 0.0.0.0:8443放到顺序的最前面以避免可能出现连接失败。

yum install libconfig libconfig-devel
apt-get install libwrap0-dev libconfig8-dev
git clone https://github.com/yrutschle/sslh.git
cd sslh
make

killall sslh-select
/usr/local/sslh/sslh-select –user ossh -t 2 –on-timeout ssh –listen [::]:80 –ssh [::]:26241 –http [::1]:81 –ssl [::]:1723 –anyprot [::]:8843 -n –pidfile /var/run/sslh/sslh.pid

wget返回结果
root@OpenWrt:/tmp# wget XXX.XXX.XXX.XXX
Connecting to XXX.XXX.XXX.XXX (XXX.XXX.XXX.XXX:80)
wget: server returned error: HTTP/1.1 401 Unauthorized

sslh accepts connections on specified ports, and forwards them further based on tests performed on the first data packet sent by the remote client.

Probes for HTTP, SSL, SSH, OpenVPN, tinc, XMPP are implemented, and any other protocol that can be tested using a regular expression, can be recognised. A typical use case is to allow serving several services on port 443 (e.g. to connect to ssh from inside a corporate firewall, which almost never block port 443) while still serving HTTPS on that port.

Hence sslh acts as a protocol demultiplexer, or a switchboard. Its name comes from its original function to serve SSH and HTTPS on the same port.

sslh supports IPv6, privilege dropping, transparent proxying, and more.

http://www.rutschle.net/tech/sslh.shtml
https://github.com/yrutschle/sslh