Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [stunnel]

Stunnel is a small tool that can wrap the connection of other protocols with SSL/TLS.

Stunnel is a free software based on OpenSSL providing a SSL/TLS encryption wrapper between remote clients and a local or remote server. It can be used to add SSL functionality to commonly used inetd daemons like POP2, POP3, and IMAP servers without any changes in the programs' code. Stunnel uses the OpenSSL library for cryptography, so it supports whatever cryptographic algorithms are compiled into the library.

For more information, see the homepage of the project at stunnel.org.

152 questions
0
votes
2 answers

How do I create certificates for both ends of an stunnel connection?

I am using stunnel to authenticate RDP (Remote Desktop) and I need to verify that a client possesses the proper credentials. So people cannot brute force into the machine. I am also using a bad (outdated) version of RDP that has security…
unixman83
  • 1,912
  • 8
  • 25
  • 33
0
votes
2 answers

how to portforward port 7300 from server A to server B

We are using Stunnel. But want to replace it is with an iptables entry if possible. 192.168.123.122:7300 need to be forwarded to 192.168.123.188:7300. So in iptables I set these two entries: [root@dev ~]# iptables -t nat -A PREROUTING -p tcp --dport…
Patrick van Hout
  • 1
0
votes
1 answer

haproxy session stats change suddenly

We have a load balancer where if we refresh the stats page over and over, we will notice that the Current sessions value will stay stable for a time, say 45-50 sessions per server more or less, then suddenly we will refresh the page and one server…
Kyle
  • 1,849
  • 2
  • 17
  • 23
0
votes
1 answer

stunnel in client mode as proxy for sendmail

I'm configuring an internal mail network that is supposed to do all the transmission using ssl and I want to have all the encryption done by stunnel. So far I have pop3s, imaps and sendmail in server mode all using ssl encryption provided by…
user58292
0
votes
1 answer

Is HAProxy in front of Stunnel with SNIs possible?

I have a working SSL Termination with STunnel in front of HAproxy. Recently, the matter of adding support for HTTP/2 was thrown my way. That is easy with HAProxy, but, as a constraint, STunnel must stay. The reason for STunnel needing to stay is…
Ai N.
  • 3
  • 2
0
votes
1 answer

stunnel3 : [!] Inetd mode: TLS server needs a certificate [!] Configuration failed

I'm trying to configure and start stunnel3 but each time I get [!] Inetd mode: TLS server needs a certificate [!] Configuration failed stunnel.conf cert = /pathto/server.pem key = /pathto/server.key client = no fips = no sslVersion = all socket =…
John R
  • 101
  • 3
0
votes
0 answers

stunnel client accepts any peer certificate

I have a Linux machine that is connecting to a remote MySQL server using stunnel 5.56. I downloaded the remote server's certificate and put it in /etc/ssl/cert/mysql-server.pem. Here is my Linux machine's stunnel configuration: #…
user35042
  • 2,601
  • 10
  • 32
  • 57
0
votes
0 answers

How to change service “access point “?

I have a service running on a certain network server. In order to interface with that service, all the other network nodes contact the server on a particular open port (the service is listening on it). For security reasons, I would like to not…
rudicangiotti
  • 101
  • 1
0
votes
0 answers

Stunnel outgoing packets strangely modified

I have a box with two nics setup as bridge. Ebtables redirects http traffic to iptables. The br0 ip address is 10.10.10.10. Stunnel is setup with transparent = source. It accepts connections on 127.1.1.1:8080 and always connects to the same ip…
r0b0tron
  • 3
  • 1
0
votes
0 answers

Unable to connect to stunnelled RTSP stream using VLC mediaplayer

This problem has been plaguing me for quite a while. I've setup Stunnel (v5.59) on my Windows10 desktop. Certificates were generated with Certbot (beta1.15.0) for my internal network. Stunnel configuration is as follows: socket=…
ngzhongcai
  • 113
  • 5
0
votes
1 answer

How to use Nginx HTTPS behind a SSLH and a STUNNEL

I have a NGINX listening on port 441 and SSLH listening to ports: 441(https), 442(ssh) and finally STUNNEL listening on port 443 forwarding to SSLH(port 2243). STUNNEL config: pid = /var/run/stunnel.pid cert =…
Pahan
  • 1
0
votes
1 answer

Stunnel for Service IPC over TCP?

I am working with an application that consists of Windows Services on the same server sending messages to each other over TCP. Each service is assigned a port on which it listens for messages. I should like to encrypt this traffic to prevent it from…
David Brower
  • 103
  • 3
0
votes
1 answer

Route Tinyproxy outgoing connections through OpenVPN interface

I've created an Ubuntu 16.04 lxd container and setup Stunnel, Tinyproxy and OpenVPN client in it. The goal is to connect to Tinyproxy through Stunnel and force Tinyproxy to use OpenVPN's interface for outgoing connections. Stunnel -> Tinyproxy works…
Mishgun_
  • 101
  • 2
0
votes
4 answers

Postfix smtp relay can send emails but not relay other hosts

Use Case: We have several Eaton PDU/PSUs that don't support SSL/TLS authentication. I was tasked with building a SMTP relay server that can take the basic SMTP/25 emails and forward them to our email provider via SSL. Note: The relay host makes the…
Nathaniel Alconcel
  • 1
  • 3
0
votes
0 answers

Send SOCKS proxy credentials over SSL/TLS

OpenVPN client config file has a socks-proxy rule which allows connecting to a SOCKS proxy before connecting to a VPN. I installed Dante SOCKS proxy but it looks like it does not support SSL/TLS so credentials will be sent in clear text and someone…
baptx
  • 103
  • 7
1 2 3
10
11