[stunnel-users] OpenVPN with stunnel

• Previous message (by thread): [stunnel-users] OpenVPN with stunnel
• Next message (by thread): [stunnel-users] ERR_SSL_VERSION_INTERFERENCE on Google Chrome v 73.0.3683.86 and stunnel v5.51b1
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Heikki,

You can get this to work by making openvpn and stunnel separate:

On the client side:

[openvpn]
client = yes
accept = localhost:443
connect = remote:20433

On the server side
client = no
accept = 20443
connect = 443

The traffic will be doubly encrypted.  It might be easier just to use 
openvpn for this connection.

Carter

On 3/22/2019 6:23 PM, Heikki Lavaste wrote:
> Hi,
>
> To bypass the office firewall to access home server, I'm trying to run 
> openvpn over port 443 with stunnel.
> I managed to get to this point:
>
>
> Log on client side
>
>
> 2019.03.22 22:15:13 LOG5[38]: Connection closed: 352 byte(s) sent to 
> TLS, 2067 byte(s) sent to socket
> 2019.03.22 22:15:19 LOG5[39]: Service [openvpn] accepted connection 
> from 127.0.0.1:51265
> 2019.03.22 22:15:19 LOG5[39]: s_connect: connected x.x.x.x:443
> 2019.03.22 22:15:19 LOG5[39]: Service [openvpn] connected remote 
> server from x.x.x.x:51266
> 2019.03.22 22:15:19 LOG5[39]: Connection closed: 352 byte(s) sent to 
> TLS, 2067 byte(s) sent to socket
>
> Log on server side:
>
> Mar 22 22:21:54 ssh-server-heikki stunnel[2797]: 
> LOG5[2797:140127128753920]: connect_blocking: connected 127.0.0.1:8443
> Mar 22 22:21:54 ssh-server-heikki stunnel[2797]: 
> LOG5[2797:140127128753920]: Service [openvpn] connected remote server 
> from 127.0.0.1:49366
> Mar 22 22:21:54 ssh-server-heikki stunnel[2797]: 
> LOG5[2797:140127128753920]: Connection closed: 2067 byte(s) sent to 
> SSL, 352 byte(s) sent to socket
>
> Config:
>
> Client
> [openvpn]
> client = yes
> accept = localhost:1337
> connect = x.x.x.xg:443
> cert = C:\Users\heikki_lavaste\Documents\stunnel\stunnel.pem
> verifyChain = yes
> verify = 2
> CAfile = C:\Users\heikki_lavaste\Documents\stunnel\ca-cert.pem
> checkHost = stunnel.heikki-lab.local
> sslVersion = TLSv1
>
> Server
>
> chroot = /var/run/stunnel
> sslVersion = TLSv1
> pid = /stunnel.pid
> setuid = nobody
> setgid = nobody
> socket = l:TCP_NODELAY=1
> socket = r:TCP_NODELAY=1
> cert = /etc/stunnel/stunnel.pem
> [openvpn]
> accept = 443
> connect = localhost:8443
> cert = /etc/stunnel/stunnel.pem
>
>
> The issue is probably nothing to do with stunnel but if somebody can 
> help me figure this out, that'd be appreciated.
>
>
> Kind Regards
> Heikki
>
> _______________________________________________
> stunnel-users mailing list
> stunnel-users at stunnel.org
> https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20190325/d899d20a/attachment.html>

• Previous message (by thread): [stunnel-users] OpenVPN with stunnel
• Next message (by thread): [stunnel-users] ERR_SSL_VERSION_INTERFERENCE on Google Chrome v 73.0.3683.86 and stunnel v5.51b1
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]