On the client side, simply SSH localhost on the configured port (22) and stunnel will intercept this connection and establish a TLS tunnel with the server to the SSH service running on it. Needing to expose it and, for example, set up a SOCKS proxy and browse the internet securely through the tunnel. This would allow us to SSH our server without Just for testing, I have installed stunnel on a Windows box and configured it as a client (with a client certificate signed by the same CA as the server) and connections to server port 443 will be forwarded to the SSH service running on the server side. protocol version (all, SSLv2, SSLv3, TLSv1) These are the specific lines in the nf (server side): The way I have the stunnel service configured is using MTLS (client and server authentication) and allowing only TLSv1.2 protocol. So, the OpenVPN+stunnel combo looks like a pretty good security solution to be installed on our OpenWRT device. The advantage over using my existing VPN, under certain circumstances, is that the establishment of the secure tunnel looks pretty much like a normal connection to an HTTPS website so most of the networks/proxys will allow this traffic whilst the VPN might be blocked (especially if UDP is used). Another application is to avoid exposing many services and make all of them pass through the tunnel and, therefore, securing all the traffic at the same time.Īnd because I have a WR703N with an OpenVPN server installed, I decided to set up stunnel and give it a try. This is especially useful when it comes to protect existing client-server communications that do not provide any encryption at all. Stunnel is an open source software that provides SSL/TLS tunneling.
0 Comments
Leave a Reply. |