Hi all,
I am a new STUNNEL user,I will do 2 secure sockets TCP (Server / Client). I would like to know how to set 'stunnel.conf. I tried but it does not work.
Description: ---------- I created a CA root and from this I have created 2 pairs (key and certificate) one for the server and one for the client. You can send me please a config file of the server.
Many thanks,
Stunnel.config (serveur) -----------------------
cert = server.crt
key = serverkey.key
CAfile = ca.crt ;[Server]
accept = 192.168.1.4:4433
connect = 192.168.1.4:4433
_________________________________________________________________ Votre contact a choisi Hotmail, l'e-mail nouvelle génération. Créez un compte. http://www.windowslive.fr/hotmail/default.asp
Sometime near 2008-01-08 10:30 +0100, khaled khaled harangued:
I am a new STUNNEL user,I will do 2 secure sockets TCP (Server / Client). I would like to know how to set 'stunnel.conf. I tried but it does not work.
You need to be more clear about
1) what IP/Port you want to accept on 2) if you're accepting cleartext or ssl
3) what IP/Port you want to connect to (or prrogam to launch) 4) if you're sending cleartext or ssl (this should be the opposite of #2 above)
cert = server.crt key = serverkey.key CAfile = ca.crt accept = 192.168.1.4:4433 connect = 192.168.1.4:4433
You have stunnel accepting connections and send them to itself. While a recursive loop may be fun, I doubt it's what you actually wanted.
Hi, I have a normal TCP server which listenning to 192.168.1.4:4433 address. the client (192.168.1.5) will connect with the serveur via Port serie .I want to make a root certificate CA, which will generate 2 pairs ( key + certificate) one for the server and one for the client. 1-Root certificate : CA2-Key + certificate:for the Client 3-Key + certificate:for the Server I do not know how to configure the SSL elements in Stunnel, I am using Windows XP.
My config: Stunnel.config for the server: ; Some performance tuningssocket = l:TCP_NODELAY=1socket = r:TCP_NODELAY=1 output = stunnel.log ; Authentication stuffverify = 1 ; It's often easier to use CAfileCAfile = ca.pemcert = stunnel.pem debug = 7;foreground=yes client = no[server]accept = 4433 connect = 192.168.1.4:4433
But doesn't work :(
thanks,
KHALED Khaled Ingénieur de télécommunications et informatique
Date: Tue, 8 Jan 2008 10:29:19 -0800> From: bri@stunnel.org> To: kkhaled@hotmail.fr> CC: stunnel-users@mirt.net; stunnel-users-owner@mirt.net> Subject: Re: [stunnel-users] TCP (Server / Client)> > Sometime near 2008-01-08 10:30 +0100, khaled khaled harangued:> > > I am a new STUNNEL user,I will do 2 secure sockets TCP (Server / Client). I > > would like to know how to set 'stunnel.conf. I tried but it does not work.> > You need to be more clear about > > 1) what IP/Port you want to accept on> 2) if you're accepting cleartext or ssl> > 3) what IP/Port you want to connect to (or prrogam to launch)> 4) if you're sending cleartext or ssl> (this should be the opposite of #2 above)> > > cert = server.crt > > key = serverkey.key> > CAfile = ca.crt> > accept = 192.168.1.4:4433> > connect = 192.168.1.4:4433> > You have stunnel accepting connections and send them to itself.> While a recursive loop may be fun, I doubt it's what you> actually wanted.> > > -- > Brian Hatch Friends come and go,> Systems and but enemies accumulate.> Security Engineer> http://www.ifokr.org/bri/%3E > Every message PGP signed
_________________________________________________________________ Nouveau ! Créez votre profil Messenger ! http://home.services.spaces.live.com/
Right around 2008-01-09 10:21 +0100, khaled khaled expressed:
First, your emails are coming through without any line breaks which makes them almost impossible to read. I'm re-factoring it so I can reply better, but if you can fix your mailer to actually work with non-HTML mail clients, that'd be nice.
I have a normal TCP server which listenning to 192.168.1.4:4433 address.
Gotcha.
the client (192.168.1.5) will connect with the serveur via Port serie .I want to make a root certificate CA, which will generate 2 pairs ( key
- certificate) one for the server and one for the client.
1-Root certificate : CA2-Key + certificate:for the Client 3-Key + certificate:for the Server I do not know how to configure the SSL elements in Stunnel, I am using Windows XP.
Let's not even talk about the certs yet. We're not even close to that yet.
When a connection comes to stunnel 192.168.1.4:4433 (SSL), where should it send it (cleartext)?
Start with just the default ssl cert, don't go creating new certs or CA-signed certs, and get the actual conectivity working first. You're still working on the 'accept' and 'connect' part of the configuration.
Send us the output of the debug log and what you see from the client.
How do I opt out of these e mails? Sent from my Verizon Wireless BlackBerry
-----Original Message----- From: Brian Hatch bri@stunnel.org
Date: Wed, 9 Jan 2008 06:58:14 To:khaled khaled kkhaled@hotmail.fr Cc:stunnel-users-owner@mirt.net, stunnel-users@mirt.net Subject: Re: [stunnel-users] TCP (Server / Client)
Right around 2008-01-09 10:21 +0100, khaled khaled expressed:
First, your emails are coming through without any line breaks which makes them almost impossible to read. I'm re-factoring it so I can reply better, but if you can fix your mailer to actually work with non-HTML mail clients, that'd be nice.
I have a normal TCP server which listenning to 192.168.1.4:4433 address.
Gotcha.
the client (192.168.1.5) will connect with the serveur via Port serie .I want to make a root certificate CA, which will generate 2 pairs ( key
- certificate) one for the server and one for the client.
1-Root certificate : CA2-Key + certificate:for the Client 3-Key + certificate:for the Server I do not know how to configure the SSL elements in Stunnel, I am using Windows XP.
Let's not even talk about the certs yet. We're not even close to that yet.
When a connection comes to stunnel 192.168.1.4:4433 (SSL), where should it send it (cleartext)?
Start with just the default ssl cert, don't go creating new certs or CA-signed certs, and get the actual conectivity working first. You're still working on the 'accept' and 'connect' part of the configuration.
Send us the output of the debug log and what you see from the client.
Very close to 2008-01-09 15:00 +0000, James K. Blakely sounded off:
How do I opt out of these e mails?
Read the footer at the bottom of every single email.
stunnel-users mailing list stunnel-users@mirt.net http://stunnel.mirt.net/mailman/listinfo/stunnel-users
the clear data sent by the client. Many thanks,> Date: Tue, 8 Jan 2008 10:29:19 -0800> From: bri@stunnel.org> To: kkhaled@hotmail.fr> CC: stunnel-users@mirt.net; stunnel-users-owner@mirt.net> Subject: Re: [stunnel-users] TCP (Server / Client)> > Sometime near 2008-01-08 10:30 +0100, khaled khaled harangued:> > > I am a new STUNNEL user,I will do 2 secure sockets TCP (Server / Client). I > > would like to know how to set 'stunnel.conf. I tried but it does not work.> > You need to be more clear about > > 1) what IP/Port you want to accept on> 2) if you're accepting cleartext or ssl> > 3) what IP/Port you want to connect to (or prrogam to launch)> 4) if you're sending cleartext or ssl> (this should be the opposite of #2 above)> > > cert = server.crt > > key = serverkey.key> > CAfile = ca.crt> > accept = 192.168.1.4:4433> > connect = 192.168.1.4:4433> > You have stunnel accepting connections and send them to itself.> While a recursive loop may be fun, I doubt it's what you> actually wanted.> > > -- > Brian Hatch Friends come and go,> Systems and but enemies accumulate.> Security Engineer> http://www.ifokr.org/bri/%3E > Every message PGP signed _________________________________________________________________ Nouveau ! Créez votre profil Messenger ! http://home.services.spaces.live.com/
-
Brian Hatch -
James K. Blakely -
khaled khaled