[stunnel-users] stunnel-users Digest, Vol 180, Issue 1

• Previous message (by thread): [stunnel-users] Error during linking Stunnel 5.55
• Next message (by thread): [stunnel-users] feature ? authorizing only given certificates ?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I was thinking something more simple like the first scenario.
[HTTP?CLIENT] -->[STUNNEL CLIENT]--><whatever>-->[STUNNEL SERVER]-->[HTTP
Server]

But the end would be an HTTPS server, which would require a CONNECT to get
things going.
So:
[HTTP Client] -->[STUNNEL CLIENT]--> <whatever>-->[STUNNEL
SERVER]-->[REVERSE-PROXY server]--> [HTTPS SERVER]

Em ter, 9 de jul de 2019 às 07:00, <stunnel-users-request at stunnel.org>
escreveu:

> Send stunnel-users mailing list submissions to
>         stunnel-users at stunnel.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>         https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
> or, via email, send a message with subject or body 'help' to
>         stunnel-users-request at stunnel.org
>
> You can reach the person managing the list at
>         stunnel-users-owner at stunnel.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of stunnel-users digest..."
>
>
> Today's Topics:
>
>    1. Academic doubt about firewall bypass (Brent Kimberley)
>    2. How to turn off logging (David Yunker)
>    3. Re: How to turn off logging (Thomas Eifert)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Mon, 8 Jul 2019 16:42:39 +0000 (UTC)
> From: Brent Kimberley <brent_kimberley at rogers.com>
> To: <stunnel-users at stunnel.org>
> Cc: "hugo.marello at gmail.com" <hugo.marello at gmail.com>
> Subject: [stunnel-users] Academic doubt about firewall bypass
> Message-ID: <182803560.2815516.1562604159801 at mail.yahoo.com>
> Content-Type: text/plain; charset="utf-8"
>
>  Which scenario did you have in mind?
> [HTTP?CLIENT] -->[STUNNEL CLIENT]--><whatever>-->[STUNNEL SERVER]-->[HTTP
> Server]?OR[HTTP Client] -->[Forward-proxy client]->?[STUNNEL CLIENT]-->
> <whatever>-->[STUNNEL SERVER]-->[REVERSE-PROXY server]--><whatever>-->
> [HTTP SERVER ]
>
>
>
> From: Hugo Marello <hugo.marello at gmail.com>
> To: stunnel-users at stunnel.org
>
> Hello guys,
> I'm new to using stunnel but I find it quite a powerful tool. I'm doing a
> POC on how we can bypass our firewall even with DPI, and chose to use
> stunnel for an extra layer of cryptography. You don't have to worry about
> access to any VM mentioned here. Here is my scenario:
>
> [CLIENT BROWSER] -->[STUNNEL CLIENT]-->[FIREWALL]-->[STUNNEL
> SERVER]-->[REVERSE PROXY]-->[FREE INTERNET]
>
> So far I succeeded in getting HTTP working using stunnel CONNECT protocol
> to the firewall and going all the way through. The problem is when I try to
> access HTTPS, the connection get set to the stunnel server but it keeps
> waiting for something. Double checked all the logs, firewall can't discern,
> stunnel server get the connection, reverse proxy also get the socket
> connection. My hypothesis is that stunnel client gets the CONNECT from the
> browser and discard it, it uses its own way to connect to the firewall,
> instead of encrypting the CONNECT all the way through. As it may seems, I
> need a way to send 2 CONNECT packages. Does anyone know how can I proceed?
>
> Follow my configs:
> client = yes
> output = /var/log/stunnel4/stunnel.log
> debug = 7
>
> [bypassclient]
> accept = 4000
> connect = firewall.example:3128
> protocolHost = destination.com:443
> protocol = connect
> requireCert = no
> verifyChain = no
> verifyPeer = no
>
> --------------------------------------------------------------------------------------------------------------------
> [bypassserver]
> accept = 0.0.0.0:443
> connect = reverseproxy.com:8888
> cert = /etc/ssl/cert.pem
> key = /etc/ssl/key.pem
>
> -----------------------------------------------------------------------------------------------------------------------
>
>
> Thank you all in advance, already digging throw the source code (quite lost
> tough),
> Hugo
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://www.stunnel.org/pipermail/stunnel-users/attachments/20190708/ab52609e/attachment-0001.htm
> >
>
> ------------------------------
>
> Message: 2
> Date: Mon, 8 Jul 2019 21:46:56 +0000
> From: David Yunker <davidyunker at hotmail.com>
> To: "stunnel-users at stunnel.org" <stunnel-users at stunnel.org>
> Subject: [stunnel-users] How to turn off logging
> Message-ID:
>         <
> MN2PR17MB27350CC77D41064964CC6B34AFF60 at MN2PR17MB2735.namprd17.prod.outlook.com
> >
>
> Content-Type: text/plain; charset="iso-8859-1"
>
> To whom it may concern,
> I would like to know if there is a way to disable logging or set a size
> limit or to have it overwrite the log file each time a new log is started?
> I am using the Windows version of Stunnel.
>
> Thank you for your help.
>
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://www.stunnel.org/pipermail/stunnel-users/attachments/20190708/8a2cdcbe/attachment-0001.htm
> >
>
> ------------------------------
>
> Message: 3
> Date: Mon, 8 Jul 2019 17:41:37 -0500
> From: Thomas Eifert <kxkvi at wi.rr.com>
> To: stunnel-users at stunnel.org
> Subject: Re: [stunnel-users] How to turn off logging
> Message-ID: <652154f1-6422-d92f-dff3-f4adcf3aceda at wi.rr.com>
> Content-Type: text/plain; charset="windows-1252"; Format="flowed"
>
> You most likely have a statement in the global configuration section of
> your stunnel.conf such as "output = stunnel.log".
>
> Removing that statement should terminate logging.? If you would rather
> retain logging but wish the previous log to be
>
> overwritten, add the statement "log = overwrite" to the global
> configuration section. (without the quotes)
>
>
> Thomas
>
>
> On 7/8/2019 4:46 PM, David Yunker wrote:
> > To whom it may concern,
> > I would like to know if there is a way to disable logging or set a
> > size limit or to have it overwrite the log file each time a new log is
> > started?
> > I am using the Windows version of Stunnel.
> >
> > Thank you for your help.
> >
> >
> >
> > _______________________________________________
> > stunnel-users mailing list
> > stunnel-users at stunnel.org
> > https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
>
> --
> Attention: This message and all attachments are private and may contain
> information that is confidential and privileged. If you received this
> message in error, please notify the sender by reply email and delete the
> message immediately.
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://www.stunnel.org/pipermail/stunnel-users/attachments/20190708/3740921b/attachment-0001.htm
> >
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> stunnel-users mailing list
> stunnel-users at stunnel.org
> https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
>
>
> ------------------------------
>
> End of stunnel-users Digest, Vol 180, Issue 1
> *********************************************
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20190709/a79ad38d/attachment-0001.htm>

• Previous message (by thread): [stunnel-users] Error during linking Stunnel 5.55
• Next message (by thread): [stunnel-users] feature ? authorizing only given certificates ?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]