Many administrators will have detection technologies such as IDS/IPS to detect and prevent open VPN connections. One method we can employ to get around this is levering an SSL tunneling package or proxy. While stunnel was used in the first edition of this book, we evaluated several alternatives, such as sslh, ncat, cryptcat, hitch, ptunnel, and nginx, should stunnel fail to meet our needs. While each of these grew out of different use cases (that is, server load balancing with HAProxy), with some effort all of them can create secure communication between a TCP client and server by hiding our covert payload inside another SSL (or other benign protocol's) envelope. Each package does so by using industry-standard crypto libraries such ...