Sslh on Tomato? (Shibby or Toastman)

Discussion in 'Tomato Firmware' started by spaze, Oct 12, 2012.

  1. spaze

    spaze Serious Server Member

    Hi all,

    I'm investigating the options for upgrading my Asus RT-N66U with Shibby's or Toastman's Tomato, but there is one issue I can't find anywhere. Does any Tomato build (or RMerlin or dd-wrt) support sslh ( on the router?

    It would seem like a useful addition to any router firmware to be able to reuse port 443 (the only port that's generally available from a corporate LAN proxy) for https, ssh and openvpn at the same time. Currently I'm using a Linux VM as router and I'm very pleased with sslh.

    From what I could find, none of the custom firmwares have support for it, nor does it exist in optware. I know that OpenVPN can share the port with https, but not with SSH. Layer 7 filtering can probably identify one kind of traffic from the other, but is not able to redirect or reroute and thus is no option.

    A possible workaround would be to forward 443 as is to a backend Linux VM with sslh and do the demultiplexing there, but I'd rather have it done on the firewall/router. I'm not aware of any other workaround or alternative for this setup, but if someone does, please let me know.

    Thanks for your replies!

    -- spaze
  2. maurer

    maurer Network Guru Member

  3. Steph217

    Steph217 Serious Server Member


    I've been looking for sslh also and wasn't able to find it.
    Here is sslh compiled with tomato.git toolchain for optware
    You can download it from:

    I'm running Tomato v1.28.0500 MIPSR2Toastman-RT-N K26 USB VLAN-VPN on a E4200.

    there are 2 archives.

    The CLI one only contains sslh and the man pages.
    Just copy the file and use cli to launch (/opt/sbin/sslh -p X.X.X.X:443 --ssh X.X.X.X:22 --ssl X.X.X.X:8081 -u nobody).

    The init.d one has startup script and kind of configuration file.
    Edit /opt/etc/default/sslh and start with /opt/etc/init.d/sslh.

    I'm a newbie, there might be some mistakes :)
    It has been running on my tomato for half a day now, without issues!

    Hope this will help.

  4. Garais

    Garais Serious Server Member

    Good day,
    This'll be a somewhat noobish post. Is there any updates on sslh compatibility with tomato? I've been using the ssh daemon for some time on the stock tomato 1.28, but that doesn't work any more due to a problem with the ssh port. Are there any news on this becoming a feature in future versions? Or is there a clear way to launch the files supplied by Steph above?
  5. Steph217

    Steph217 Serious Server Member

    Hi Garais,
    First of all, you will need Optware:

    Let's use CLI version sslh_1.13_opt_cli.tar.gz.
    Copy the file sslh to /opt/sbin and forget about the sslh.8 file.
    Add to your firewall script the below line:
    /opt/sbin/sslh -p X.X.X.X:443 --ssh Y.Y.Y.Y:22 --ssl Y.Y.Y.Y:8081 -u nobody

    X.X.X.X represents the listening IP address for sslh (put if you want to listen on all network interface).
    Y.Y.Y.Y represents the listening IP address for other services (in the example 22 for ssh and 8081 for alternate www)

    Hope this will help.

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice