zirias@
Developer
I've seen very little discussion on it, so I want to advertize a little but very helpful port 
First a bit of motivation: So you operate some infrastructure at home? And you want to manage it from anywhere "on the road"? Ever came across these overly restrictive "firewalls"? They are often found in "consumer plastic" routers. Ssh out to TCP/22? Nope. OpenVPN to UDP/1194? Forget it!
There's one "magic" port all these braindead "firewalls" leave alone (note this doesn't apply to some real corporate firewalls…): TCP/443. Why? Because https works on that port, and without some "man in the middle" stuff (breaking encryption), there's no alternative to just allowing internal hosts to connect to that port on any outside host! Well, short of just breaking the web…
So, of course, the solution is to offer SSH, OpenVPN, and whatever else you might need on TCP/443. Yes, a VPN over TCP is far from perfect, but still better than no VPN at all So, one host per service, nice and simple…
BUT: Imagine you're on the road, connected to some "Fritzbox" or whatever wifi, maybe offered by a hotel. You might be lucky and get IPv6. Or maybe not. And of course, say you're still getting IPv4 from your ISP at home, you definitely don't get more than one single IPv4 address.
And that's when net/sslh is so useful! It can multiplex a few encrypted protocols (https, ssh, openvpn and a few others) on a single TCP/443 port. Give it a try
First a bit of motivation: So you operate some infrastructure at home? And you want to manage it from anywhere "on the road"? Ever came across these overly restrictive "firewalls"? They are often found in "consumer plastic" routers. Ssh out to TCP/22? Nope. OpenVPN to UDP/1194? Forget it!
There's one "magic" port all these braindead "firewalls" leave alone (note this doesn't apply to some real corporate firewalls…): TCP/443. Why? Because https works on that port, and without some "man in the middle" stuff (breaking encryption), there's no alternative to just allowing internal hosts to connect to that port on any outside host! Well, short of just breaking the web…
So, of course, the solution is to offer SSH, OpenVPN, and whatever else you might need on TCP/443. Yes, a VPN over TCP is far from perfect, but still better than no VPN at all
So, one host per service, nice and simple…BUT: Imagine you're on the road, connected to some "Fritzbox" or whatever wifi, maybe offered by a hotel. You might be lucky and get IPv6. Or maybe not. And of course, say you're still getting IPv4 from your ISP at home, you definitely don't get more than one single IPv4 address.
And that's when net/sslh is so useful! It can multiplex a few encrypted protocols (https, ssh, openvpn and a few others) on a single TCP/443 port. Give it a try