[stunnel-users] Connecting stunnels

• Previous message (by thread): [stunnel-users] Connecting stunnels
• Next message (by thread): [stunnel-users] Connecting stunnels
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 2016-03-31 09:39:49 -0400, Carter Browne wrote:
> A single instance of stunnel can be a server or a client depending on  
> the settings.  For this configuration, you would want host3 to be a  
> server not a client.
> Thus, you need the intermediate port on server2 to server as both a  
> client and a server:
>
> In your configuration files you would need:
>
> Host1:
> [secure_telnet]
> accept = local:23
> connect = host2:host2port1
> client = yes
>
> Host2:
> [incoming_telnet_relay]
> accept = host2:host2port1
> connect = local:host2port2
> client = no
>
> [outgoing_telnet_relay]
> accept =local:host2port2
> connect = host3:host3port1
> client = yes
>
> Host3:
> [incoming_telnet]
> accept = host3:host3port1
> connect = local:23

Carter,

What's the advantage of this setup over a direct connection from Host1
to Host3?

 Host1:

 [secure_telnet]
 accept  = local:23
 connect = host3:host3port1
 client  = yes

 Host3:

 [incoming_telnet]
 accept  = host3:host3port1
 connect = local:23
 client  = no

If e.g. Host3 isn't directly reachable from Host1, a simple port
forwarding (without decryption and re-encryption) on Host2 would
suffice.

Ludolf

-- 

Ludolf Holzheid
 
Bihl+Wiedemann GmbH
Floßwörthstraße 41
68199 Mannheim, Germany
 
Tel: +49 621 33996-0
Fax: +49 621 3392239
 
mailto:lholzheid at bihl-wiedemann.de
http://www.bihl-wiedemann.de
 
Sitz der Gesellschaft: Mannheim
Geschäftsführer: Jochen Bihl, Bernhard Wiedemann
Amtsgericht Mannheim, HRB 5796

• Previous message (by thread): [stunnel-users] Connecting stunnels
• Next message (by thread): [stunnel-users] Connecting stunnels
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]