[stunnel-users] Academic doubt about firewall bypass

Hugo Marello hugo.marello at gmail.com
Fri Jun 28 19:38:28 CEST 2019

Hello guys,
I'm new to using stunnel but I find it quite a powerful tool. I'm doing a
POC on how we can bypass our firewall even with DPI, and chose to use
stunnel for an extra layer of cryptography. You don't have to worry about
access to any VM mentioned here. Here is my scenario:


So far I succeeded in getting HTTP working using stunnel CONNECT protocol
to the firewall and going all the way through. The problem is when I try to
access HTTPS, the connection get set to the stunnel server but it keeps
waiting for something. Double checked all the logs, firewall can't discern,
stunnel server get the connection, reverse proxy also get the socket
connection. My hypothesis is that stunnel client gets the CONNECT from the
browser and discard it, it uses its own way to connect to the firewall,
instead of encrypting the CONNECT all the way through. As it may seems, I
need a way to send 2 CONNECT packages. Does anyone know how can I proceed?

Follow my configs:
client = yes
output = /var/log/stunnel4/stunnel.log
debug = 7

accept = 4000
connect = firewall.example:3128
protocolHost = destination.com:443
protocol = connect
requireCert = no
verifyChain = no
verifyPeer = no
accept =
connect = reverseproxy.com:8888
cert = /etc/ssl/cert.pem
key = /etc/ssl/key.pem

Thank you all in advance, already digging throw the source code (quite lost
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20190628/493b2078/attachment.htm>

More information about the stunnel-users mailing list