OpenVPN/Stunnel: Difference between revisions
From charlesreid1
| (8 intermediate revisions by the same user not shown) | |||
| Line 22: | Line 22: | ||
===Configure Stunnel Server for OpenVPN=== | ===Configure Stunnel Server for OpenVPN=== | ||
{{Main|Stunnel/Server}} | |||
The stunnel server will listen for external, encrypted traffic on port 443. It will decrypt any traffic it receives, and forward it on to OpenVPN at local port 9999. Here is the stunnel configuration file to accomplish this: | The stunnel server will listen for external, encrypted traffic on port 443. It will decrypt any traffic it receives, and forward it on to OpenVPN at local port 9999. Here is the stunnel configuration file to accomplish this: | ||
| Line 33: | Line 35: | ||
Here, port 9999 is a local port only, and is closed to the rest of the world. Stunnel listens on port 443 for OpenVPN traffic, and when it hears anything, it encrypts it and forwards it on to local port 9999 (where OpenVPN is listening). | Here, port 9999 is a local port only, and is closed to the rest of the world. Stunnel listens on port 443 for OpenVPN traffic, and when it hears anything, it encrypts it and forwards it on to local port 9999 (where OpenVPN is listening). | ||
===Verify OpenVPN Running=== | ===Verify OpenVPN Running on Server=== | ||
Verify OpenVPN process is up and listening: | {{Main|OpenVPN}} | ||
Verify [[OpenVPN]] process is up and listening: | |||
<pre> | <pre> | ||
| Line 45: | Line 49: | ||
===Open Hole in Firewall=== | ===Open Hole in Firewall=== | ||
Now use iptables to open up the firewall. Assuming you're using port | {{Main|Stunnel/Server}} | ||
Now use iptables to open up the firewall. Assuming you're using port 443: | |||
<pre> | <pre> | ||
iptables -A INPUT -p tcp --dport | iptables -A INPUT -p tcp --dport 443 -j ACCEPT | ||
</pre> | </pre> | ||
=== | ===Configure Stunnel Client=== | ||
{{Main|Stunnel/Client}} | |||
Now we will edit <code>stunnel.conf</code> on the client. This configuration assumes [[OpenVPN]] is running on the client on port 9999 as well: | |||
<pre> | <pre> | ||
... | |||
= | client = yes | ||
[openvpn] | [openvpn] | ||
accept = 127.0.0.1:9999 | |||
accept = 127.0.0.1: | connect = A.B.C.D:443 | ||
connect = | |||
</pre> | </pre> | ||
This assumes you are using TCP for OpenVPN. (If you use OpenVPN in UDP mode, I don't know what will happen.) | |||
==References== | ==References== | ||
Useful | Useful links: | ||
* http://home.arcor.de/lightsky/docs/stunnel_openssl_synergy.pdf | |||
* http://kyl191.net/2012/12/tunneling-openvpn-through-stunnel/ | |||
=Flags= | |||
{{StunnelFlag}} | |||
{{OpenVPNFlag}} | {{OpenVPNFlag}} | ||
[[Category:July 2016]] | [[Category:July 2016]] | ||
Latest revision as of 19:47, 30 April 2017
Guide
Instructions
Link
Useful link here: http://kyl191.net/2012/12/tunneling-openvpn-through-stunnel/
See Stunnel page for the basics. Reviewing some of those steps here.
Create Stunnel Server SSL Certificate
Start by creating an SSL certificate for the stunnel server:
openssl req -new -x509 -days 3650 -nodes -out /etc/stunnel/stunnel.pem -keyout /etc/stunnel/stunnel.pem
This puts the SSL certificate in the /etc/stunnel directory.
Configure Stunnel Server for OpenVPN
The stunnel server will listen for external, encrypted traffic on port 443. It will decrypt any traffic it receives, and forward it on to OpenVPN at local port 9999. Here is the stunnel configuration file to accomplish this:
[openvpn] accept = 443 connect = 127.0.0.1:9999
Here, port 9999 is a local port only, and is closed to the rest of the world. Stunnel listens on port 443 for OpenVPN traffic, and when it hears anything, it encrypts it and forwards it on to local port 9999 (where OpenVPN is listening).
Verify OpenVPN Running on Server
Verify OpenVPN process is up and listening:
$ ps aux | grep [o]penvpn $ netstat -tulpn | grep openvpn
Open Hole in Firewall
Now use iptables to open up the firewall. Assuming you're using port 443:
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
Configure Stunnel Client
Now we will edit stunnel.conf on the client. This configuration assumes OpenVPN is running on the client on port 9999 as well:
... client = yes [openvpn] accept = 127.0.0.1:9999 connect = A.B.C.D:443
This assumes you are using TCP for OpenVPN. (If you use OpenVPN in UDP mode, I don't know what will happen.)
References
Useful links:
- http://home.arcor.de/lightsky/docs/stunnel_openssl_synergy.pdf
- http://kyl191.net/2012/12/tunneling-openvpn-through-stunnel/
Flags
 |
stunnel secure tunnel - create secure encrypted connections on any port to wrap any protocol
Using: Client: Stunnel/Client Server: Stunnel/Server Stunnel Over Docker: Stunnel/Docker Certificates: Stunnel/Certificates
Protocols: Stunnel/Rsync · Stunnel/SSH · Stunnel/Scp · Stunnel/HTTP · Stunnel/OpenVPN
Other Links: RaspberryPi/Headless · RaspberryPi/Reverse SSH Category:Stunnel · Category:SSH · Category:Networking
|
 |
OpenVPN a tool for creating and connecting to virtual private networks.
Creating a Static Key VPN: OpenVPN/Static Key Configuring Your DNS: DNS
|