Send stunnel-users mailing list submissions to
        stunnel-users@stunnel.org

To subscribe or unsubscribe via the World Wide Web, visit
        https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
or, via email, send a message with subject or body 'help' to
        stunnel-users-request@stunnel.org

You can reach the person managing the list at
        stunnel-users-owner@stunnel.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of stunnel-users digest..."


Today's Topics:

   1. Academic doubt about firewall bypass (Brent Kimberley)
   2. How to turn off logging (David Yunker)
   3. Re: How to turn off logging (Thomas Eifert)


----------------------------------------------------------------------

Message: 1
Date: Mon, 8 Jul 2019 16:42:39 +0000 (UTC)
From: Brent Kimberley <brent_kimberley@rogers.com>
To: <stunnel-users@stunnel.org>
Cc: "hugo.marello@gmail.com" <hugo.marello@gmail.com>
Subject: [stunnel-users] Academic doubt about firewall bypass
Message-ID: <182803560.2815516.1562604159801@mail.yahoo.com>
Content-Type: text/plain; charset="utf-8"

 Which scenario did you have in mind?
[HTTP?CLIENT] -->[STUNNEL CLIENT]--><whatever>-->[STUNNEL SERVER]-->[HTTP Server]?OR[HTTP Client] -->[Forward-proxy client]->?[STUNNEL CLIENT]--> <whatever>-->[STUNNEL SERVER]-->[REVERSE-PROXY server]--><whatever>--> [HTTP SERVER ]



From: Hugo Marello <hugo.marello@gmail.com>
To: stunnel-users@stunnel.org

Hello guys,
I'm new to using stunnel but I find it quite a powerful tool. I'm doing a
POC on how we can bypass our firewall even with DPI, and chose to use
stunnel for an extra layer of cryptography. You don't have to worry about
access to any VM mentioned here. Here is my scenario:

[CLIENT BROWSER] -->[STUNNEL CLIENT]-->[FIREWALL]-->[STUNNEL
SERVER]-->[REVERSE PROXY]-->[FREE INTERNET]

So far I succeeded in getting HTTP working using stunnel CONNECT protocol
to the firewall and going all the way through. The problem is when I try to
access HTTPS, the connection get set to the stunnel server but it keeps
waiting for something. Double checked all the logs, firewall can't discern,
stunnel server get the connection, reverse proxy also get the socket
connection. My hypothesis is that stunnel client gets the CONNECT from the
browser and discard it, it uses its own way to connect to the firewall,
instead of encrypting the CONNECT all the way through. As it may seems, I
need a way to send 2 CONNECT packages. Does anyone know how can I proceed?

Follow my configs:
client = yes
output = /var/log/stunnel4/stunnel.log
debug = 7

[bypassclient]
accept = 4000
connect = firewall.example:3128
protocolHost = destination.com:443
protocol = connect
requireCert = no
verifyChain = no
verifyPeer = no
--------------------------------------------------------------------------------------------------------------------
[bypassserver]
accept = 0.0.0.0:443
connect = reverseproxy.com:8888
cert = /etc/ssl/cert.pem
key = /etc/ssl/key.pem
-----------------------------------------------------------------------------------------------------------------------


Thank you all in advance, already digging throw the source code (quite lost
tough),
Hugo 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20190708/ab52609e/attachment-0001.htm>

------------------------------

Message: 2
Date: Mon, 8 Jul 2019 21:46:56 +0000
From: David Yunker <davidyunker@hotmail.com>
To: "stunnel-users@stunnel.org" <stunnel-users@stunnel.org>
Subject: [stunnel-users] How to turn off logging
Message-ID:
        <MN2PR17MB27350CC77D41064964CC6B34AFF60@MN2PR17MB2735.namprd17.prod.outlook.com>

Content-Type: text/plain; charset="iso-8859-1"

To whom it may concern,
I would like to know if there is a way to disable logging or set a size limit or to have it overwrite the log file each time a new log is started?
I am using the Windows version of Stunnel.

Thank you for your help.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20190708/8a2cdcbe/attachment-0001.htm>

------------------------------

Message: 3
Date: Mon, 8 Jul 2019 17:41:37 -0500
From: Thomas Eifert <kxkvi@wi.rr.com>
To: stunnel-users@stunnel.org
Subject: Re: [stunnel-users] How to turn off logging
Message-ID: <652154f1-6422-d92f-dff3-f4adcf3aceda@wi.rr.com>
Content-Type: text/plain; charset="windows-1252"; Format="flowed"

You most likely have a statement in the global configuration section of
your stunnel.conf such as "output = stunnel.log".

Removing that statement should terminate logging.? If you would rather
retain logging but wish the previous log to be

overwritten, add the statement "log = overwrite" to the global
configuration section. (without the quotes)


Thomas


On 7/8/2019 4:46 PM, David Yunker wrote:
> To whom it may concern,
> I would like to know if there is a way to disable logging or set a
> size limit or to have it overwrite the log file each time a new log is
> started?
> I am using the Windows version of Stunnel.
>
> Thank you for your help.
>
>
>
> _______________________________________________
> stunnel-users mailing list
> stunnel-users@stunnel.org
> https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users

--
Attention: This message and all attachments are private and may contain information that is confidential and privileged. If you received this message in error, please notify the sender by reply email and delete the message immediately.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20190708/3740921b/attachment-0001.htm>

------------------------------

Subject: Digest Footer

_______________________________________________
stunnel-users mailing list
stunnel-users@stunnel.org
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users


------------------------------

End of stunnel-users Digest, Vol 180, Issue 1
*********************************************