OpenVPN/Stunnel: Difference between revisions
From charlesreid1
(Created page with "http://kyl191.net/2012/12/tunneling-openvpn-through-stunnel/ =Flags= {{OpenVPNFlag}} Category:July 2016") |
No edit summary |
||
| Line 1: | Line 1: | ||
=Guide= | |||
Nice link here: http://kyl191.net/2012/12/tunneling-openvpn-through-stunnel/ | |||
See [[Stunnel]] page for the basics. Reviewing some of those steps here. | |||
Start by creating your certificates: | |||
<pre> | |||
openssl req -new -x509 -days 3650 -nodes -out /etc/stunnel/stunnel.pem -keyout /etc/stunnel/stunnel.pem | |||
</pre> | |||
This puts the certificates in the <code>/etc/stunnel</code> directory. | |||
Barebones conf file: | |||
<pre> | |||
cert = /etc/stunnel/stunnel.pem | |||
pid = /var/run/stunnel.pid | |||
output = /var/log/stunnel | |||
[openvpn] | |||
accept=9999 | |||
connect=ip.add.re.ss:1337 | |||
</pre> | |||
Here, we're using port 9999. This is a bad idea, since Stunnel normally uses 443. But this is just to illustrate how to set the port. | |||
Verify openvpn process is up and listening: | |||
<pre> | |||
netstat -nlp | grep openvpn | |||
</pre> | |||
Assuming you're using port 9999: | |||
<pre> | |||
iptables -A INPUT -p tcp --dport 9999 -j ACCEPT | |||
</pre> | |||
Make stunnel run on boot by editing crontab <code>crontab -e</code> and adding: | |||
<pre> | |||
@reboot stunnel /etc/stunnel/stunnel.conf | |||
</pre> | |||
Now we will edit <code>stunnel.conf</code> (ignore the .cnf file). Edit this file to include the following 4 lines: | |||
<pre> | |||
[openvpn] | |||
client = yes | |||
accept = 127.0.0.1:31337 | |||
connect = ip.add.re.ss:9999 | |||
</pre> | |||
OpenVPN needs to be configured to use this port 9999. This means you can replace connection profiles with ports with "remote localhost 31337". (Assumes TCP not UDP.) <-- ? | |||
Another useful link: http://home.arcor.de/lightsky/docs/stunnel_openssl_synergy.pdf | |||
=Flags= | =Flags= | ||
Revision as of 07:06, 27 July 2016
Guide
Nice link here: http://kyl191.net/2012/12/tunneling-openvpn-through-stunnel/
See Stunnel page for the basics. Reviewing some of those steps here.
Start by creating your certificates:
openssl req -new -x509 -days 3650 -nodes -out /etc/stunnel/stunnel.pem -keyout /etc/stunnel/stunnel.pem
This puts the certificates in the /etc/stunnel directory.
Barebones conf file:
cert = /etc/stunnel/stunnel.pem pid = /var/run/stunnel.pid output = /var/log/stunnel [openvpn] accept=9999 connect=ip.add.re.ss:1337
Here, we're using port 9999. This is a bad idea, since Stunnel normally uses 443. But this is just to illustrate how to set the port.
Verify openvpn process is up and listening:
netstat -nlp | grep openvpn
Assuming you're using port 9999:
iptables -A INPUT -p tcp --dport 9999 -j ACCEPT
Make stunnel run on boot by editing crontab crontab -e and adding:
@reboot stunnel /etc/stunnel/stunnel.conf
Now we will edit stunnel.conf (ignore the .cnf file). Edit this file to include the following 4 lines:
[openvpn] client = yes accept = 127.0.0.1:31337 connect = ip.add.re.ss:9999
OpenVPN needs to be configured to use this port 9999. This means you can replace connection profiles with ports with "remote localhost 31337". (Assumes TCP not UDP.) <-- ?
Another useful link: http://home.arcor.de/lightsky/docs/stunnel_openssl_synergy.pdf
Flags
 |
OpenVPN a tool for creating and connecting to virtual private networks.
Creating a Static Key VPN: OpenVPN/Static Key Configuring Your DNS: DNS
|