<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html;
      charset=windows-1252">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <font face="Century Gothic">Heikki,<br>
      <br>
      You can get this to work by making openvpn and stunnel separate:<br>
      <br>
      On the client side:<br>
      <br>
      [openvpn]<br>
      client = yes<br>
      accept = localhost:443<br>
      connect = remote:20433<br>
      <br>
      On the server side<br>
      client = no<br>
      accept = 20443<br>
      connect = 443<br>
      <br>
      The traffic will be doubly encrypted.  It might be easier just to
      use openvpn for this connection.<br>
      <br>
      Carter<br>
    </font><br>
    <div class="moz-cite-prefix">On 3/22/2019 6:23 PM, Heikki Lavaste
      wrote:<br>
    </div>
    <blockquote type="cite"
cite="mid:DB6P194MB0167166D8B12BEE34609CB3894430@DB6P194MB0167.EURP194.PROD.OUTLOOK.COM">
      <meta http-equiv="Content-Type" content="text/html;
        charset=windows-1252">
      <style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>
      <div style="font-family: Calibri, Helvetica, sans-serif;
        font-size: 12pt; color: rgb(0, 0, 0);">
        Hi, </div>
      <div style="font-family: Calibri, Helvetica, sans-serif;
        font-size: 12pt; color: rgb(0, 0, 0);">
        <br>
      </div>
      <div style="font-family: Calibri, Helvetica, sans-serif;
        font-size: 12pt; color: rgb(0, 0, 0);">
        To bypass the office firewall to access home server, I'm trying
        to run openvpn over port 443 with stunnel. </div>
      <div style="font-family: Calibri, Helvetica, sans-serif;
        font-size: 12pt; color: rgb(0, 0, 0);">
        I managed to get to this point:</div>
      <div style="font-family: Calibri, Helvetica, sans-serif;
        font-size: 12pt; color: rgb(0, 0, 0);">
        <br>
      </div>
      <div style="font-family: Calibri, Helvetica, sans-serif;
        font-size: 12pt; color: rgb(0, 0, 0);">
        <br>
      </div>
      <div style="font-family: Calibri, Helvetica, sans-serif;
        font-size: 12pt; color: rgb(0, 0, 0);">
        Log on client side</div>
      <div style="font-family: Calibri, Helvetica, sans-serif;
        font-size: 12pt; color: rgb(0, 0, 0);">
        <br>
      </div>
      <div style="font-family: Calibri, Helvetica, sans-serif;
        font-size: 12pt; color: rgb(0, 0, 0);">
        <br>
      </div>
      <div style="font-family: Calibri, Helvetica, sans-serif;
        font-size: 12pt; color: rgb(0, 0, 0);">
        <span>2019.03.22 22:15:13 LOG5[38]: Connection closed: 352
          byte(s) sent to TLS, 2067 byte(s) sent to socket<br>
        </span>
        <div>2019.03.22 22:15:19 LOG5[39]: Service [openvpn] accepted
          connection from 127.0.0.1:51265<br>
        </div>
        <div>2019.03.22 22:15:19 LOG5[39]: s_connect: connected
          x.x.x.x:443<br>
        </div>
        <div>2019.03.22 22:15:19 LOG5[39]: Service [openvpn] connected
          remote server from x.x.x.x:51266<br>
        </div>
        <div>2019.03.22 22:15:19 LOG5[39]: Connection closed: 352
          byte(s) sent to TLS, 2067 byte(s) sent to socket<br>
        </div>
        <div><br>
        </div>
        <div>Log on server side:</div>
        <div><br>
        </div>
        <div><span>Mar 22 22:21:54 ssh-server-heikki stunnel[2797]:
            LOG5[2797:140127128753920]: connect_blocking: connected
            127.0.0.1:8443<br>
          </span>
          <div>Mar 22 22:21:54 ssh-server-heikki stunnel[2797]:
            LOG5[2797:140127128753920]: Service [openvpn] connected
            remote server from 127.0.0.1:49366<br>
          </div>
          <div>Mar 22 22:21:54 ssh-server-heikki stunnel[2797]:
            LOG5[2797:140127128753920]: Connection closed: 2067 byte(s)
            sent to SSL, 352 byte(s) sent to socket<br>
          </div>
          <span></span><br>
        </div>
        <div>Config:</div>
        <div><br>
        </div>
        <div>Client</div>
        <div><span>[openvpn]<br>
          </span>
          <div>client = yes<br>
          </div>
          <div>accept = localhost:1337<br>
          </div>
          <div>connect = x.x.x.xg:443<br>
          </div>
          <div>cert =
            C:\Users\heikki_lavaste\Documents\stunnel\stunnel.pem<br>
          </div>
          <div>verifyChain = yes<br>
          </div>
          <div>verify = 2<br>
          </div>
          <div>CAfile =
            C:\Users\heikki_lavaste\Documents\stunnel\ca-cert.pem<br>
          </div>
          <div>checkHost = stunnel.heikki-lab.local<br>
          </div>
          <span>sslVersion = TLSv1</span><br>
        </div>
        <div><span><br>
          </span></div>
        <div><span>Server</span></div>
        <div><span><br>
          </span></div>
        <div><span><span>chroot = /var/run/stunnel<br>
            </span>
            <div>sslVersion = TLSv1<br>
            </div>
            <div>pid = /stunnel.pid<br>
            </div>
            <div>setuid = nobody<br>
            </div>
            <div>setgid = nobody<br>
            </div>
            <div>socket = l:TCP_NODELAY=1<br>
            </div>
            <div>socket = r:TCP_NODELAY=1<br>
            </div>
            <div>cert = /etc/stunnel/stunnel.pem<br>
            </div>
            <div>[openvpn]<br>
            </div>
            <div>accept = 443<br>
            </div>
            <div>connect = localhost:8443<br>
            </div>
            <div>cert = /etc/stunnel/stunnel.pem<br>
            </div>
            <span></span><br>
          </span></div>
        <div><span><br>
          </span></div>
        <div><span>The issue is probably nothing to do with stunnel but
            if somebody can help me figure this out, that'd be
            appreciated.</span></div>
        <div><span><br>
          </span></div>
        <div><span><br>
          </span></div>
        <div><span>Kind Regards</span></div>
        <div><span>Heikki</span></div>
      </div>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <pre class="moz-quote-pre" wrap="">_______________________________________________
stunnel-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:stunnel-users@stunnel.org">stunnel-users@stunnel.org</a>
<a class="moz-txt-link-freetext" href="https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users">https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users</a>
</pre>
    </blockquote>
    <br>
  </body>
</html>