Stunnel – Universal SSL tunnel for network daemons

Sponsored Link
The stunnel program is designed to work as an SSL encryption wrapper between remote client and local (inetd-startable) or remote server. It can be used to add SSL functionality to commonly used inetd daemons like POP2, POP3, and IMAP servers without any changes in the programs' code. Stunnel uses OpenSSL libraries for cryptography, so it supports whatever cryptographic algorithms you compiled into your library.

Install stunnel on ubuntu

Open the terminal and run the following command

sudo apt-get install stunnel4

Configure stunnel

First we need to enable stunnel

Enabling stunnel

$ vi /etc/default/stunnel4

Change the line,

ENABLED=0

to

ENABLED=1

Save and exit the file

Create your certificate with openssl (Optional)

$ openssl req -new -out mail.pem -keyout mail.pem -nodes -x509 -days 365

Where ever your /etc/stunnel/stunnel.conf file is pointing to mail.pem is where you should put this file. Mine points to /etc/stunnel/mail.pem.

Start your stunnel server

$ sudo /etc/init.d/stunnel4 start

If you get an error like You should check that you have specified the pid= in you configuration file, open up /etc/stunnel/stunnel.conf and comment out these services that may be enabled by default.

;[pop3s]
;accept = 995
;connect = 110

;[imaps]
;accept = 993
;connect = 143

;[ssmtp]
;accept = 465
;connect = 25

Example of setting up remote desktop for stunnel

Edit your /etc/stunnel/stunnel.conf.

Add the contents,

[rdp]
accept = 2000
connect = 192.168.2.10:7422

and uncomment the line that says ;client = yes. This should be done on the client side. Restart stunnel: /etc/init.d/stunnel4 restart.

Note:- My SSH server port configured on 7422

The accept variable (port) can be anything. The connect variable should be the host you are trying to connect to with appended to it.

On the server side, you would do something similar. Just add to your stunnel.conf

[rdp]
accept = 22
connect = 3389

and start the stunnel server.

$ sudo /etc/init.d/stunnel4 start

Now we need to connect to the remote desktop. On the client, since we set the accept port to 2000 and mapped that to 192.168.2.10:7422 the server, we will connect to the remote desktop server from the client itself. Just issue the command,

$ rdesktop localhost:2000

This looks in the stunnel.conf on the client side, finds the service that accepts port 2000, and then actually performs the connect which is to host 192.168.2.10 on port 7422. On the server end, stunnel gets a request on port 22 and says to actually connect to port 3389, the one remote desktop is running on.

Sponsored Link

You may also like...

1 Response

  1. arvind bisht says:

    ON ARM BASED PLATFORM….while starting the device at runtime it is giving the following error:

    [Failed: /etc/stunnel/stunnel.conf]. Check if pid= is specified in the file
    can anyone fix the problem?..

Leave a Reply

Your email address will not be published. Required fields are marked *