[stunnel-users] Question (new user!) how to get it to work? - SQL

Reinier van der Gugten info at rgit.eu
Fri Oct 10 14:22:50 CEST 2008


Hi, I read most of the messages and tutorials, but still I do not seem
to get it to work.

I want to achieve the following:
Client side: VB application communicating to a SQL server over port
1433.
Server side: Lisning on port 1433 that is lisned to by SQL 2005.
However this is not allowed evrywhere, so stunnel comes into play.

Client side: VB application communicating to localhost on port 1433
Stunnel installed lisning on port 1433 and passing it on to port 80
(Note for later: I would like to use SSL, so it will pass through
routers, But for the test it will suffice to keep it unencrypted.
Also the server is still local and could be reached directly. But it
should work fine for testing.)

Server: Stunnel installed as service lisning on port 80 and transmitting
it to port 1433 (later to be moved to 443, as I also run a HTTP server)

The config file looks like this:
-------------------------------------------------
Client:
; Sample stunnel configuration file by Michal Trojnara 2002-2006 ; Some
options used here may not be adequate for your particular configuration

; Certificate/key is needed in server mode and optional in client mode ;
The default certificate is provided only for testing and should not ; be
used in a production environment cert = stunnel.pem ;key = stunnel.pem

; Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1

; Workaround for Eudora bug
;options = DONT_INSERT_EMPTY_FRAGMENTS

; Authentication stuff
;verify = 2
; Don't forget to c_rehash CApath
;CApath = certs
; It's often easier to use CAfile
;CAfile = certs.pem
; Don't forget to c_rehash CRLpath
;CRLpath = crls
; Alternatively you can use CRLfile
;CRLfile = crls.pem

; Some debugging stuff useful for troubleshooting ;debug = 7 ;output =
stunnel.log

; Use it for client mode
client = yes

; Service-level configuration

[SQLServer]
accept = 127.0.0.1:1433
connect = 10.12.18.10:80

-------------------------------------------------
Server:
; Sample stunnel configuration file by Michal Trojnara 2002-2006 ; Some
options used here may not be adequate for your particular configuration

; Certificate/key is needed in server mode and optional in client mode ;
The default certificate is provided only for testing and should not ; be
used in a production environment cert = stunnel.pem ;key = stunnel.pem

; Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1

; Workaround for Eudora bug
;options = DONT_INSERT_EMPTY_FRAGMENTS

; Authentication stuff
;verify = 2
; Don't forget to c_rehash CApath
;CApath = certs
; It's often easier to use CAfile
;CAfile = certs.pem
; Don't forget to c_rehash CRLpath
;CRLpath = crls
; Alternatively you can use CRLfile
;CRLfile = crls.pem

; Some debugging stuff useful for troubleshooting ;debug = 7 ;output =
stunnel.log

; Use it for client mode
;client = yes

; Service-level configuration

[SQL]
accept = 80
connect = localhost:1433

-------------------------------------------------

As you can see, I tried to keep as close to the example file as I could.

Looking forward to getting this to work and then to including ssl...

Kind regards,

Reinier.



More information about the stunnel-users mailing list