You can do SSH tunneling over DNS, so everything is possible.
Selfhosted
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
Wait how do you do that? Local port forwarding with ssh -L
?
The option -D $port
creates a SOCKS5 proxy which can be used by most browsers, and will auto tunnel everything.
You can basically connect any local port to any remote port normal or reversed. Reversed is -R, normal with -L. In this setting, correct me if im worng, you want to connect the open port on the airplane to one already prepared on a vps which allows you to do what you want e.g. proxy websites.
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:
Fewer Letters | More Letters |
---|---|
DNS | Domain Name Service/System |
IP | Internet Protocol |
SSH | Secure Shell for remote terminal access |
SSL | Secure Sockets Layer, for transparent encryption |
TLS | Transport Layer Security, supersedes SSL |
VPN | Virtual Private Network |
VPS | Virtual Private Server (opposed to shared hosting) |
6 acronyms in this thread; the most compressed thread commented on today has 15 acronyms.
[Thread #69 for this sub, first seen 19th Aug 2023, 17:16] [FAQ] [Full list] [Contact] [Source code]
Good bot, keep it up
In theory, you could make a XMPP bot that can do all these things. Status information and executing simple commands shouldn't be that hard but interactive commands might need a custom wrapper.
RMS uses email to fetch websites instead of using a browser, you could easily do the same with XMPP.
What…the… Why?
He's just a special guy.
The man is eccentric to say the least.
https://github.com/msantos/xmppipe
Would be one example, but there are actually many such projects.
Especially if you are on a really bad or congested connection it actually works better than regular SSH.
Obviously security trade-offs regarding this need to be carefully considered.
Like the other guy said, they're probably not doing DPI to actually check for XMPP, so if something like portquiz.net:5222 loads, then you could host a VPN on the same ports as XMPP and have unrestricted internet.
If I were to do this would I have to change my actual XMPP port? Or, is it just a matter of adjusting my DNS records somehow? Or something else?
would I have to change my actual XMPP port? Yes.
You could port scan portquiz.net to find other unblocked ports if you want to use the same IP, or get a VPS or something to do the VPNing (Oracle cloud have free ones, or a cheap one will do).
https://github.com/Shura0/mastaj
For ActivityPub access.
Man, I love the internet!
Ah very cool. I just need to figure out how to install it.
XMPP can indeed be used for some other things
For example, Google uses it to this day for Google Cloud Messaging - the push notifications service in Android.
Just the how is something I cannot answer :/
IIRC, Nintendo switches use xmpp extensively as well. Whatsapp is a modified version of xmpp. Many apps in the wild use xmpp for notifications, signaling and pubsub.
What was your XMPP client connecting to? Was it a well-known public endpoint (that they could be whitelisting) or was it a private server? If the latter then that indicates that they are allowing arbitrary IP connections which in theory means that you should be able to proxy any traffic you want. I doubt they are doing DPI, since TLS makes this very difficult these days when you don't control the certificate stores on the clients.
I'd imagine they're relying on some combination of DNS whitelisting and port blocking which should be trivial to circumvent if you know ahead of time what traffic they allow through.
Yeah it was the server I'm running in my house.
It is possible. As long as the protocol allows sending bytes of data controlled by the user which XMPP allows.
You would basically wrap http with XMPP. You need a server that would understand XMPP, read the payload, create the http request, do the request for you, wrap the response with XMPP and send it back to you.
You can do that with DNS as well which would bypass probably everything. However, your bandwidth wouldn't be great.
The project is dead now, but have a look at Archipel, it's a whole orchestrator (like Proxmox) based around XMPP
There used to be web, ftp, and gopher relays that would work through email, so I'm sure it's possible.