[stunnel-users] Username authentication

Brian Hatch bri at stunnel.org
Fri Mar 7 10:34:25 CET 2008

About 2008-03-04 17:05 -0500, Joe Kemp voiced:

> I want to try to use stunnel as a "simple" client vpn.
> It solves all of my encryption issues but I would like to
> verify a username/password before it lets the traffic
> through.  I didn't see any patches or hacks out there
> that did this.  Has this been attempted before or am I on
> my own.  I would also be interested in other solutions
> based on openssl that are not network device level VPNs
> clients.

You want to use X509 certificate verification.  It's the way
authentication is done in the SSL world.  It's built into Stunnel.

You may also want to look at tappipe, which is Michal's
VPN-over-Stunnel package.  I use it very successfully for
a few of my connections.

> Already using client side certificates and I know that is the normal SSL authentication mechanism....

Then why don't you want to use them?  ;-)

Brian Hatch                  Waltz, nymph, for quick jigs vex Bud.
   Systems and               --28 letter panagram
   Security Engineer

Every message PGP signed
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20080307/b7d8dca1/attachment.sig>

More information about the stunnel-users mailing list