OpenVPN/Stunnel
From charlesreid1
Contents
Guide
Instructions
Link
Useful link here: http://kyl191.net/2012/12/tunneling-openvpn-through-stunnel/
See Stunnel page for the basics. Reviewing some of those steps here.
Create Stunnel Server SSL Certificate
Start by creating an SSL certificate for the stunnel server:
openssl req -new -x509 -days 3650 -nodes -out /etc/stunnel/stunnel.pem -keyout /etc/stunnel/stunnel.pem
This puts the SSL certificate in the /etc/stunnel
directory.
Configure Stunnel Server for OpenVPN
The stunnel server will listen for external, encrypted traffic on port 443. It will decrypt any traffic it receives, and forward it on to OpenVPN at local port 9999. Here is the stunnel configuration file to accomplish this:
[openvpn] accept = 443 connect = 127.0.0.1:9999
Here, port 9999 is a local port only, and is closed to the rest of the world. Stunnel listens on port 443 for OpenVPN traffic, and when it hears anything, it encrypts it and forwards it on to local port 9999 (where OpenVPN is listening).
Verify OpenVPN Running on Server
Verify OpenVPN process is up and listening:
$ ps aux | grep [o]penvpn $ netstat -tulpn | grep openvpn
Open Hole in Firewall
Now use iptables to open up the firewall. Assuming you're using port 443:
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
Configure Stunnel Client
Now we will edit stunnel.conf
on the client. This configuration assumes OpenVPN is running on the client on port 9999 as well:
... client = yes [openvpn] accept = 127.0.0.1:9999 connect = A.B.C.D:443
This assumes you are using TCP for OpenVPN. (If you use OpenVPN in UDP mode, I don't know what will happen.)
References
Useful links:
- http://home.arcor.de/lightsky/docs/stunnel_openssl_synergy.pdf
- http://kyl191.net/2012/12/tunneling-openvpn-through-stunnel/
Flags
stunnel secure tunnel - create secure encrypted connections on any port to wrap any protocol
Using: Client: Stunnel/Client Server: Stunnel/Server Stunnel Over Docker: Stunnel/Docker Certificates: Stunnel/Certificates
Protocols: Stunnel/Rsync · Stunnel/SSH · Stunnel/Scp · Stunnel/HTTP · Stunnel/OpenVPN
Other Links: RaspberryPi/Headless · RaspberryPi/Reverse SSH Category:Stunnel · Category:SSH · Category:Networking
|
OpenVPN a tool for creating and connecting to virtual private networks.
Creating a Static Key VPN: OpenVPN/Static Key Configuring Your DNS: DNS
|