Stunnel/Client: Difference between revisions

Stunnel Client

Running an stunnel client requires installing stunnel and setting up a configuration file just like if you were setting up an Stunnel/Server, except swapping the accept and connect ports, since we want the client to accept local traffic (on port 8443) and send it on to the server that it connects to with SSL (on port 443).

If we want to establish a connection on port 443 (externally) to forward on to port 8443 (locally), we can use the following config file:

output  = /var/log/stunnel4/stunnel.log
cert    = /usr/local/etc/stunnel/stunnel.pem
key     = /usr/local/etc/stunnel/stunnel.pem
pid     = /var/run/stunnel4/stunnel.pid
client  = yes
[https]
accept  = 127.0.0.1:8443
connect = 10.11.12.13:443

Note the server certificate and key files must be the same ones as are on the stunnel server. This is how you verify the identity of the server - if you can receive their public key over a trusted, published, public channel, then you can exchange encrypted communications with them. Use a trusted, encrypted channel like SSH or a USB key if you have physical access to the server.

If using Homebrew stunnel as your client, the server's certificate file should go in /usr/local/etc/stunnel/.

Flags

stunnel secure tunnel - create secure encrypted connections on any port to wrap any protocol Stunnel  · Category:Stunnel Using: Client: Stunnel/Client Server: Stunnel/Server Stunnel Over Docker: Stunnel/Docker Certificates: Stunnel/Certificates Protocols: Stunnel/Rsync  · Stunnel/SSH  · Stunnel/Scp  · Stunnel/HTTP  · Stunnel/OpenVPN Other Links: RaspberryPi/Headless  · RaspberryPi/Reverse SSH Category:Stunnel  · Category:SSH  · Category:Networking Flags  · Template:StunnelFlag  · e