2015/10/11

stunnel

Various programs have a http interface, for examp-le, transmission-dameon (a BitTorrent program). These interfaces can be served outside th LAN, but the downside that they have no secure (i.e. encrypted) connection.

Adding SSL to it makes the connection encrypted. stunel is an daemon that tunnels connection with SSL encryption.

Dependecies

Two programs are needed to achieve this. The first is stunell and the second is openssl.

openssl

This program creates SSL certificates.

To generate a certificate, run:

$ openssl req -new -out stunnel_cert.pem -keyout stunnel.pem -nodes -x509 -days 365

This will create a certificate on file stunnel_cert.pem and a new private key stunnel.pem. To generate a certificate from an existing key old_key.pem:

$ openssl req -new -out stunnel_cert.pem -key old_key.pem -nodes -x509 -days 365

stunnel

The following configuration is an example:

client = no

[name_of_config]
cert = stunnel_cert.pem
accept = host_1:80
connect = host_2:81

The first line tells that this configurations is for a server.

The between []'s is the name of the forwarding configuration. Multiple configurations may reside here.

Then, it is specified the path to the certificate file (generated with openssl). In this case, configuration file and certificate file are in the same directory.

accept field is where stunnel will listen for connections. Is the "secure" connection port outside users will see. You can specify host_1, to tell stunnel to accept only connections for this host.

connect is where stunnel will forward the connection for the port specified in accept field. It can be the localhost or other host.

Running stunnel

To run stunnel, just type:

$ stunnel config_file

Root privileges are needed for some ports (lower range).

You should the that line to local.rc for stunnel run on startup.

section: options
    screenSaverSync = true
end
section: screens
    serverhost:
    clienthost:
end
section: links
    clienthost:
        left = serverhost
    serverhost:
        right = clienthost
end

Revision History

Post built on: 2015-11-02 14:39:36
Last modified on: 2015-11-02 14:39:31
First published on: 2015-10-11

Revision Date Description
1.00 2015-10-11 Initial version. Published

No comments :

Post a Comment