OpenVPN/Stunnel: Difference between revisions
From charlesreid1
No edit summary |
No edit summary |
||
| Line 1: | Line 1: | ||
=Guide= | =Guide= | ||
==Instructions== | |||
===Link=== | |||
Useful link here: http://kyl191.net/2012/12/tunneling-openvpn-through-stunnel/ | |||
See [[Stunnel]] page for the basics. Reviewing some of those steps here. | See [[Stunnel]] page for the basics. Reviewing some of those steps here. | ||
===Create Certificates=== | |||
Start by creating your certificates: | Start by creating your certificates: | ||
| Line 12: | Line 18: | ||
This puts the certificates in the <code>/etc/stunnel</code> directory. | This puts the certificates in the <code>/etc/stunnel</code> directory. | ||
===Configure OpenVPN=== | |||
Barebones conf file: | Barebones conf file: | ||
| Line 33: | Line 41: | ||
</pre> | </pre> | ||
Assuming you're using port 9999: | ===Open Hole in Firewall=== | ||
Now use iptables to open up the firewall. Assuming you're using port 9999: | |||
<pre> | <pre> | ||
iptables -A INPUT -p tcp --dport 9999 -j ACCEPT | iptables -A INPUT -p tcp --dport 9999 -j ACCEPT | ||
</pre> | </pre> | ||
===Run Stunnel on Boot=== | |||
Make stunnel run on boot by editing crontab <code>crontab -e</code> and adding: | Make stunnel run on boot by editing crontab <code>crontab -e</code> and adding: | ||
| Line 44: | Line 56: | ||
@reboot stunnel /etc/stunnel/stunnel.conf | @reboot stunnel /etc/stunnel/stunnel.conf | ||
</pre> | </pre> | ||
===Configure Stunnel=== | |||
Now we will edit <code>stunnel.conf</code> (ignore the .cnf file). Edit this file to include the following 4 lines: | Now we will edit <code>stunnel.conf</code> (ignore the .cnf file). Edit this file to include the following 4 lines: | ||
| Line 56: | Line 70: | ||
OpenVPN needs to be configured to use this port 9999. This means you can replace connection profiles with ports with "remote localhost 31337". (Assumes TCP not UDP.) <-- ? | OpenVPN needs to be configured to use this port 9999. This means you can replace connection profiles with ports with "remote localhost 31337". (Assumes TCP not UDP.) <-- ? | ||
==References== | |||
Useful link: http://home.arcor.de/lightsky/docs/stunnel_openssl_synergy.pdf | |||
Another useful link: http://kyl191.net/2012/12/tunneling-openvpn-through-stunnel/ | |||
=Flags= | =Flags= | ||
Revision as of 07:08, 27 July 2016
Guide
Instructions
Link
Useful link here: http://kyl191.net/2012/12/tunneling-openvpn-through-stunnel/
See Stunnel page for the basics. Reviewing some of those steps here.
Create Certificates
Start by creating your certificates:
openssl req -new -x509 -days 3650 -nodes -out /etc/stunnel/stunnel.pem -keyout /etc/stunnel/stunnel.pem
This puts the certificates in the /etc/stunnel directory.
Configure OpenVPN
Barebones conf file:
cert = /etc/stunnel/stunnel.pem pid = /var/run/stunnel.pid output = /var/log/stunnel [openvpn] accept=9999 connect=ip.add.re.ss:1337
Here, we're using port 9999. This is a bad idea, since Stunnel normally uses 443. But this is just to illustrate how to set the port.
Verify openvpn process is up and listening:
netstat -nlp | grep openvpn
Open Hole in Firewall
Now use iptables to open up the firewall. Assuming you're using port 9999:
iptables -A INPUT -p tcp --dport 9999 -j ACCEPT
Run Stunnel on Boot
Make stunnel run on boot by editing crontab crontab -e and adding:
@reboot stunnel /etc/stunnel/stunnel.conf
Configure Stunnel
Now we will edit stunnel.conf (ignore the .cnf file). Edit this file to include the following 4 lines:
[openvpn] client = yes accept = 127.0.0.1:31337 connect = ip.add.re.ss:9999
OpenVPN needs to be configured to use this port 9999. This means you can replace connection profiles with ports with "remote localhost 31337". (Assumes TCP not UDP.) <-- ?
References
Useful link: http://home.arcor.de/lightsky/docs/stunnel_openssl_synergy.pdf
Another useful link: http://kyl191.net/2012/12/tunneling-openvpn-through-stunnel/
Flags
 |
OpenVPN a tool for creating and connecting to virtual private networks.
Creating a Static Key VPN: OpenVPN/Static Key Configuring Your DNS: DNS
|