On Mon, Jan 07, 2019 at 02:53:24PM +0100, Moellers wrote:
Hello,
what I´m trying to accomplish is to build a secure RDP Connection between my Laptop and a Server, which are in the same Network but as RDP in itself is not secure enough I need the stunnel encryption.
So let's make sure that we are on the same page here.
RDP is an unencrypted protocol (though it does have some TLS extensions, so maybe stunnel is not needed at all if your client can negotiate that, although I've had some problems with xfreerdp in that regard), so in order to connect from your laptop to an RDP server you will need two stunnel instances: - one in your laptop running in client mode ("client = yes"), accepting unencrypted connections on, say, port 3389, and connecting to the other stunnel instance - one on the RDP server running in server mode (no "client = yes" line), accepting connections on the same port the other stunnel instance is configured to connect to and connecting to port 3389 of its local server
Is this how you have them configured? Pay particular attention to the "client = yes/no" setting and the port numbers for each stunnel instance.
Once you have that, you should be able to establish an unencrypted connection to the stunnel instance running on your laptop and listening on port 3389, then it should establish an encrypted connection to the other stunnel instance, then the latter should establish an unencrypted connection to the actual RDP server.
As of now I can establish a connection but as soon as I try to start an RDP Connection I get the following message:
SSL_accept: 1408F10B: error:1408F10B:SSL routines:ssl3_get_record:wrong version number
This may sometimes indicate stunnel trying to establish an encrypted connection or to listen for an encrypted connection, and somebody else sending unencrypted data to it. Can you double-check your configuration as per my notes above?
Hope that helps at least a bit!
G'luck, Peter