Heikki,
You can get this to work by making openvpn and stunnel separate:
On the client side:
[openvpn] client = yes accept = localhost:443 connect = remote:20433
On the server side client = no accept = 20443 connect = 443
The traffic will be doubly encrypted. It might be easier just to use openvpn for this connection.
Carter
On 3/22/2019 6:23 PM, Heikki Lavaste wrote:
Hi,
To bypass the office firewall to access home server, I'm trying to run openvpn over port 443 with stunnel. I managed to get to this point:
Log on client side
2019.03.22 22:15:13 LOG5[38]: Connection closed: 352 byte(s) sent to TLS, 2067 byte(s) sent to socket 2019.03.22 22:15:19 LOG5[39]: Service [openvpn] accepted connection from 127.0.0.1:51265 2019.03.22 22:15:19 LOG5[39]: s_connect: connected x.x.x.x:443 2019.03.22 22:15:19 LOG5[39]: Service [openvpn] connected remote server from x.x.x.x:51266 2019.03.22 22:15:19 LOG5[39]: Connection closed: 352 byte(s) sent to TLS, 2067 byte(s) sent to socket
Log on server side:
Mar 22 22:21:54 ssh-server-heikki stunnel[2797]: LOG5[2797:140127128753920]: connect_blocking: connected 127.0.0.1:8443 Mar 22 22:21:54 ssh-server-heikki stunnel[2797]: LOG5[2797:140127128753920]: Service [openvpn] connected remote server from 127.0.0.1:49366 Mar 22 22:21:54 ssh-server-heikki stunnel[2797]: LOG5[2797:140127128753920]: Connection closed: 2067 byte(s) sent to SSL, 352 byte(s) sent to socket
Config:
Client [openvpn] client = yes accept = localhost:1337 connect = x.x.x.xg:443 cert = C:\Users\heikki_lavaste\Documents\stunnel\stunnel.pem verifyChain = yes verify = 2 CAfile = C:\Users\heikki_lavaste\Documents\stunnel\ca-cert.pem checkHost = stunnel.heikki-lab.local sslVersion = TLSv1
Server
chroot = /var/run/stunnel sslVersion = TLSv1 pid = /stunnel.pid setuid = nobody setgid = nobody socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 cert = /etc/stunnel/stunnel.pem [openvpn] accept = 443 connect = localhost:8443 cert = /etc/stunnel/stunnel.pem
The issue is probably nothing to do with stunnel but if somebody can help me figure this out, that'd be appreciated.
Kind Regards Heikki
stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users