Alex Gottschalk wrote:
I've successfully deployed stunnel4 to wrap rsync for transferring data between remote sites and a central repository. The issue I'm running into, is that some of these sites mandate use of a proxy (HTTP or SOCKS5 usually) for outbound network connections. It seems like there is some proxy support in stunnel with the protocol{Host,Authentication,etc} configuration options, but I have had zero luck getting them to work. For example, I've tried making a simple SOCKS5 proxy using ssh, that I'm successfully able to send HTTP traffic over:
ssh -g -D1080 proxy-host # create the proxy, open port 1080 on a public interface
There is no SOCKS proxy support in stunnel.
[rsync] protocol = connect protocolHost = proxy-host:1080 accept = 127.0.0.1:873 connect = rsync-destination:443
You have reversed "protocolHost" and "connect" values. "connect" is the host *stunnel* connects to while "protocolHost" is the final destination requested from this host. It may be unintuitive compared to other services (like web browsers), but for stunnel proxy support is a part of SSL protocol negotiations rather than a separate feature.
From the fine manual of stunnel:
connect = address
connect to a remote address
If no host is specified, the host defaults to localhost.
Multiple connect options are allowed in a single service section.
If host resolves to multiple addresses and/or if multiple connect options are specified, then the remote address is chosen using a round-robin algorithm.
protocolHost = host:port
destination address for protocol negotiations
Mike