[stunnel-users] Is anyone using Stunnel for tunnelling Voip?

Peter Pentchev roam at ringlet.net
Tue Jun 3 14:15:16 CEST 2008

On Tue, Jun 03, 2008 at 12:52:35PM +0100, Errol Samuels wrote:
> Hi Peter,
> > Now... stunnel should work just as well as SSH, but it also has just
> > the same basic "limitation" - or, rather, design goal - stunnel is
> > used only for forwarding TCP connections.  I'm not sure what your
> > VoIP model is, but if it is in any way based on UDP packets flying
> > around, then neither stunnel nor SSH would be of any use to you.
> My VoIP model is using 10000 - 20000 udp for the media so this is the reason
> I have to tunnel OpenVPN through SSH or Stunnel since I can forward my udp
> traffic through OpenVPN.  

Oh... so you still want to use OpenVPN?  That is, you want:
- VoIP traffic
- UDP packets on a virtual interface
- OpenVPN encryption with OpenVPN configured for a TCP connection
- and an additional stunnel or SSH wrapper?

Yikes :)  This *will* add some additional overhead, and although
the overhead will be the same no matter whether you choose SSH or
stunnel, it will still be there anyway.

> Another alternative that I am exploring is SSH or Stunnels with Socat!
> http://www.zarb.org/~gc/html/udp-in-ssh-tunneling.html but I need to find
> out how to forward a range of ports through it.

Well, this might turn out to be a better alternative.  If you use
the netcat (or socat) method described there, you'll just need to run
a lot of netcat (or socat) processes, one for each port you need
to forward.  I've not yet used socat, but from its manual page it seems
that it cannot listen on more than one port either.

> > With that in mind, if it's a TCP connection that you want to encrypt,
> > either stunnel or SSH port forwarding should do the job just fine,
> > although for "permanent" setups I would rather use stunnel, since SSH
> > may have some issues with timeouts and dropped control connections
> > and such.
> I need to investigate if Stunnel is available as a package for OpenWRT or
> DD-WRT firmware.


Peter Pentchev	roam at ringlet.net    roam at cnsys.bg    roam at FreeBSD.org
PGP key:	http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint	FDBA FD79 C26F 3C51 C95E  DF9E ED18 B68D 1619 4553
because I didn't think of a good beginning of it.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20080603/f57701de/attachment.sig>

More information about the stunnel-users mailing list