stunnel-users

8 participants
3311 discussions

Re: [stunnel-users] Experimental stunnel-4.35b1
by Michal Trojnara 17 Dec '10

17 Dec '10

Dear cpu.lin, > No response to the problem: > http://stunnel.mirt.net/pipermail/stunnel-users/2010-December/002860.html > Could you please help me? This is how the protocol works: http://tools.ietf.org/id/draft-luotonen-ssl-tunneling-02.txt You need a different protocol (e.g. ssh) if you don't like it. Mike

1 0

Experimental stunnel-4.35b1
by Michal Trojnara 15 Dec '10

15 Dec '10

Dear Users, I have uploaded stunnel-4.35b1 to ftp://stunnel.mirt.net/stunnel/ for your testing. Please give it a shot and submit any problems to stunnel-users mailing list. This is the way you can not only help me improve production 4.35, but also make sure it's going to work on your platform! Please consider version 4.35b1 highly experimental and not ready for production. Specifically it is no supposed to be packaged for any OS distribution (e.g. *BSD ports). Best regards, Michal Trojnara

1 0

endpoints using different versions of stunnel
by nishith n 15 Dec '10

15 Dec '10

Hello all, We have a client who would like to send us data using stunnel 4.33 at their end of the connection. Can we establish connection from our end using stunnel 4.11 version. We are working on a sun machine. I know I can simply download the latest stunnel version but it has to go through an authorization process which probably will take more time than I have and hence this question. What could be the impacts to connectivity or otherwise with such a setup? Thanks for your replies, Nishith

1 0

Examples of stunnel and lighttpd
by fanboy 15 Dec '10

15 Dec '10

Apparently lighttpd ssl support isn't so flash, I'm been attempting (I'm a newb) to use stunnel instead, are there any examples? I have a free startssl cert also (ssl.key / ssl.cert) What information do I need to setup a reliable connection?

1 0

How to encrypt the URL?
by cpu.lin 08 Dec '10

08 Dec '10

Dear friends, After reading mailing lists & Web & FAQ I couldn't find answers to these: stunnel.conf as follows: debug=7 client = yes [proxy] accept=1111 connect=62.215.5.69:8080 (Public SSL Proxy) protocol=connect protocolHost=stunnel.mirt.net:443 CLIENT(Browser+Special software)<->firewall<->(Internet)<->Public SSL Proxy<->WEB SERVER Public SSL Proxy as follows: http://tools.rosinstrument.com/raw_free_db.htm?t=2 Only the CLIENT side have stunnel. After running stunnel 4.34 (Windows binaries). Then. Browser http://localhost:1111/ But Sniffer can monitor the command-(CONNECT stunnel.mirt.net:443). The problem as follows: Only the CLIENT side can install special software. Special software including but not limited to stunnel. If the firewall can block many websites depend on Web IP & URL. How to pass through the firewall base on Public SSL Proxy? How to encrypt the URL-(stunnel.mirt.net:443)? What is the special software? If stunnel can solve this issue. How to configure? Best regards, cpu

1 0

stunnel and IE6 issue
by Bill Tindal 06 Dec '10

06 Dec '10

Hi, I have stunnel running in front of HaProxy and everything is working fine however IE6 users cannot access our HTTPS pages and are instead shown a 'Page cannot be found'. They can access normal pages. Obviously there's something that stunnel doesn't like about IE6 (who doesn't) but I'm at a loss as to what changes to make to the stunnel conf. My conf for stunnel is below: ------------------------------------------------ sslVersion = all options = NO_SSLv2 fips = no setuid = root setgid = stunnel pid = /var/run/stunnel.pid socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 output = /var/log/stunnel.log [secure.domain.com] cert = /usr/local/openssl/certs/secure.domain.com.crt key = /usr/local/openssl/certs/secure.domain.com.key accept = X.X.X.X:443 connect = X.X.X.X:81 xforwardedfor = yes TIMEOUTclose = 0

1 0

How to define stunnel.conf so openvpn packet will go thru stunnel to as HTTP?
by UARE1234 29 Nov '10

29 Nov '10

Hi, >From what I read the examples in stunnel site it possible to wrap VPN's using Stunnel tool. Is it possible to do it for openvpn packets? I can configure thru the openvpn configurations that it packets will go thru port 80 and use TCP but the packets are not http pure. I need to wrap this packets using the stunnel tool. The purpose is to use openvpn over http. I will appreceate if someone can give me a solution for combinig Stunnel and openvpn if possible. Thanks -- View this message in context: http://old.nabble.com/How-to-define-stunnel.conf-so-openvpn-packet-will-go-… Sent from the Stunnel - Users mailing list archive at Nabble.com.

1 0

Is it possible to wrap openvpn thru stunnel to HTTP-Like
by UARE1234 28 Nov '10

28 Nov '10

Hi, I understand that it is possible to wrap VPN's using Stunnel tool. How Can I do that for openvpn. The purpose is to use openvpn over http like. OpenVPN can establish an HTTP connection to a proxy server, where it will issue a CONNECT to establish a binary connection to the VPN server on port 443/TCP. This works in 99,9% but not in this case since I am talking about a very restrictive network but yet Skype for example works on it since it works in a way of http like. I will appreceate if someone can give me a solution for combinig Stunnel and openvpn or other tool if possible. Thanks -- View this message in context: http://old.nabble.com/Is-it-possible-to-wrap-openvpn-thru-stunnel-to-HTTP-L… Sent from the Stunnel - Users mailing list archive at Nabble.com.

1 0

Stunnel resource usage
by Avinash Gaonkar 26 Nov '10

26 Nov '10

Hi All, I need to understand how can we calculate the throughput for stunnel based on allocated CPU and memory. For e.g if we allocate 512Mb of RAM and 1 core for the stunnel in Vmware, what would be the throughput in Mbps. Regards, Avinash gaonkar

1 0

Enhance description of transparent mode in FAQ
by Ivan Trancik 25 Nov '10

25 Nov '10

Hello, I would suggest to improve 'transparent = yes | no (Unix only)' section of http://www.stunnel.org/faq/stunnel.html#service_level_options and how this option work on OS X. I think that this part remote mode (I<connect> option) on Linux >=2.6.28 remote mode (I<connect> option) 2.2.x local mode (I<exec> option) is not clear. Remote mode is a "I<connect> option"? What the heck? And local mode is a "I<exec> option"? Does this "I" thingie stand for unnamed pipe or capital "i" or small cap "L"?? I ran to this problem when I tried to set up stunnel on Mac OS X and carelessly used some example config on web. Setting "transparent = yes" in Mac OS X will result in very funny behavior. Consider this conf debug=7 output=stunnel.log verify=0 foreground=yes client=yes pid= [https] accept=localhost:8080 connect=google.com:443 transparent=yes will result in unbelievable error - "local_bind (original port): Address family not supported by protocol family (47)" Using 127.0.0.1 instead of localhost will do better - "Service https bound to 127.0.0.1:8080" - BUT when you try to access 127.0.0.1:8080 nothing reasonable happens and log will show another strange error "connect_blocking: connect <ip_address>: Network is unreachable (51)" The next spectacular thing is that when you use only localhost connect and accept parameter, than transparent=yes works OK. I would suggest rewriting that part to reflect these kind of situations in more clear way - they are very hard to debug, and honestly I couldn't figure it out even though I read FAQ several times. Final question - is it possible on OS X (which doesn't have iptables interface, but has ipfw) to set up transparent proxy tunnel with stunnel? Thanks.

2 1

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

stunnel-users