{{tag>Réseau}}

= Notes socat

Dance, Socat Dance !

Voir aussi :
* [[OpenSSL Proxy http_proxy]] / proxytunnel

Voir également spiped :
* http://www.tarsnap.com/spiped.html
* http://www.daemonology.net/blog/2012-08-30-protecting-sshd-using-spiped.html


Voir :
* netsed
* http://blog.chmd.fr/ssh-over-ssl-episode-2-replacing-proxytunnel-with-socat.html
* http://www.dest-unreach.org/socat/doc/socat-gender.txt
* http://www.dest-unreach.org/socat/doc/socat-genericsocket.html
* http://mikeferrier.com/2013/07/13/using-nmap-and-socat-to-get-around-public-internet-port-restrictions/
* https://blog.docker.com/2013/09/docker-joyent-openvpn-bliss/

Exemple 

<code bash>
socat TCP4-LISTEN:10053,reuseaddr,fork,su=nobody TCP4:10.9.0.6:10050
</code>

Mais la bonne solution est :
<code bash>
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 10053 -j DNAT --to-destination 10.9.0.6:10050
iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
</code>

== TUN

=== TUN Server

<code bash>
socat -d -d TCP-LISTEN:11443,reuseaddr TUN:192.168.255.1/24,up
</code>

After starting this command, socat will wait for a connection and then create a TUN pseudo network device with address 192.168.255.1; the bit number specifies the mask of the network that is pretended to be connected on this interface.

=== TUN Client

<code bash>
socat TCP:1.2.3.4:11443 TUN:192.168.255.2/24,up
</code>

This command should establish a connection to the server and create the TUN device on the client.

=== OpenVPN

http://serverfault.com/questions/580442/tunnel-over-http-server

OpenVPN sur le port 443

<code bash>
socat TCP-LISTEN:9999,bind=localhost OPENSSL:proxy.example.com:443
</code>

=== Socket Unix

https://www.ffdn.org/wiki/doku.php?id=documentation:openvpn:fdn

<code bash>
socat /var/run/openvpn.management.serveur EXEC:"echo kill foo@vpn.fdn.fr"
</code>

<code bash>
echo "status 3" | socat stdio /var/run/openvpn.mgmt
</code>

=== Tunnel SSH Over SCTP

http://0x27.me/2015/07/27/SSH-Over-SCTP.html

assuming you want the SCTP socket to listen on port 80/SCTP and sshd is on 22/TCP

<code bash>
socat SCTP-LISTEN:80,fork TCP:localhost:22 
</code>

replace SERVER_IP with IP of listening server, and 80 with whatever port the SCTP listener is on :)

<code bash>
socat TCP-LISTEN:1337,fork SCTP:SERVER_IP:80
</code>
 
replace username and -p port value as needed...

<code bash>
ssh -lusername localhost -D 8080 -p 1337 # 
</code>

=== Décapsuler HTTPS

<code bash>
socat TCP-LISTEN:8082,reuseaddr,pf=ip4,fork OPENSSL:192.168.51.142:443,verify=0
</code>


== Autres

<code bash>
echo "GET hosts" | socat - TCP4:127.0.0.1:6557,crnl
</code>

<code bash>
socat -ls TCP4-LISTEN:443,fork,reuseaddr TCP4:10.96.0.1:443
</code>