SoftEther VPN User Forum

Hi Dear,
Need help- I am working in setup where all client connection would come into "Nginx --> to SSLH --> backend(ssh, tls, softether) . One of the backend is Softethr VPN server/cluster.
Now my question is - does soft-ether traffic can be distinguished with other HTTPs traffic by looking into first few bytes of client connection ? normally this set up worked with Openvpn protocol, but since I am using SE native client ( gives better performance) SSLH does not support outof the box.
I am trying to build something customize where SE traffic can be distinguished from regular https traffic , normally we can do that by looking into few first bytes of the connection from client.
Anyhelp on this regard is greatly helpful. Please let me know if any questions .

No, use SSLH "anyprot" for SoftEther as default target address.

Thanks Solo, my problem is we also have "regular https/tls" traffic which going into different backend , so either or , if I use anyport that means all traffic will go to either that endpoint or to softether. Can we build something based on the softether traffic initial packet ? which can differentiate that ?

Hi Solo,
Found a way for now - I see softether client sending IP as SNI as well, not only DNS of the server. I used that logic in the sslh since sslh v2.0+ support SNI based routing. Just would like to confirm if you aware of this that SE does send ip as SNI filed in the connection ?
I have decoded the tcpdump and found this . Any info in this regard would be greatly helpful

Thanks again for all help.

Yes, Network.c