OpenVPN/Stunnel

From charlesreid1

Guide

Instructions

Link

Useful link here: http://kyl191.net/2012/12/tunneling-openvpn-through-stunnel/

See Stunnel page for the basics. Reviewing some of those steps here.

Create Stunnel Server SSL Certificate

Main article: Stunnel/Certificates

Start by creating an SSL certificate for the stunnel server: 

openssl req -new -x509 -days 3650 -nodes -out /etc/stunnel/stunnel.pem -keyout /etc/stunnel/stunnel.pem

This puts the SSL certificate in the /etc/stunnel directory.

Configure Stunnel Server for OpenVPN

The stunnel server will listen for external, encrypted traffic on port 443. It will decrypt any traffic it receives, and forward it on to OpenVPN at local port 9999. Here is the stunnel configuration file to accomplish this: 

[openvpn]
accept	= 443
connect = 127.0.0.1:9999

Here, port 9999 is a local port only, and is closed to the rest of the world. Stunnel listens on port 443 for OpenVPN traffic, and when it hears anything, it encrypts it and forwards it on to local port 9999 (where OpenVPN is listening).

Verify OpenVPN Running on Server

Main article: OpenVPN

Verify OpenVPN process is up and listening: 

$ ps aux | grep [o]penvpn

$ netstat -tulpn | grep openvpn

Open Hole in Firewall

Now use iptables to open up the firewall. Assuming you're using port 9999: 

iptables -A INPUT -p tcp --dport 9999 -j ACCEPT

Run Stunnel on Boot

Make stunnel run on boot by editing crontab crontab -e and adding: 

@reboot stunnel /etc/stunnel/stunnel.conf

Configure Stunnel

Now we will edit stunnel.conf (ignore the .cnf file). Edit this file to include the following 4 lines: 

[openvpn]
client = yes
accept = 127.0.0.1:31337
connect = ip.add.re.ss:9999

OpenVPN needs to be configured to use this port 9999. This means you can replace connection profiles with ports with "remote localhost 31337". (Assumes TCP not UDP.) <-- ?

References

Useful link: http://home.arcor.de/lightsky/docs/stunnel_openssl_synergy.pdf

Another useful link: http://kyl191.net/2012/12/tunneling-openvpn-through-stunnel/

Flags


Defcon.png
OpenVPN
a tool for creating and connecting to virtual private networks.


OpenVPN  · Category:OpenVPN

Creating a Static Key VPN: OpenVPN/Static Key

Configuring Your DNS: DNS


Category:VPN  · Category:Security  · Category:Anonymous Browsing  · Category:Networking


Flags  · Template:OpenVPNFlag  · e




Retrieved from "https://charlesreid1.com/w/index.php?title=OpenVPN/Stunnel&oldid=17087"