Hi,
To bypass the office firewall to access home server, I'm trying to run openvpn over port 443 with stunnel. I managed to get to this point:
Log on client side
2019.03.22 22:15:13 LOG5[38]: Connection closed: 352 byte(s) sent to TLS, 2067 byte(s) sent to socket 2019.03.22 22:15:19 LOG5[39]: Service [openvpn] accepted connection from 127.0.0.1:51265 2019.03.22 22:15:19 LOG5[39]: s_connect: connected x.x.x.x:443 2019.03.22 22:15:19 LOG5[39]: Service [openvpn] connected remote server from x.x.x.x:51266 2019.03.22 22:15:19 LOG5[39]: Connection closed: 352 byte(s) sent to TLS, 2067 byte(s) sent to socket
Log on server side:
Mar 22 22:21:54 ssh-server-heikki stunnel[2797]: LOG5[2797:140127128753920]: connect_blocking: connected 127.0.0.1:8443 Mar 22 22:21:54 ssh-server-heikki stunnel[2797]: LOG5[2797:140127128753920]: Service [openvpn] connected remote server from 127.0.0.1:49366 Mar 22 22:21:54 ssh-server-heikki stunnel[2797]: LOG5[2797:140127128753920]: Connection closed: 2067 byte(s) sent to SSL, 352 byte(s) sent to socket
Config:
Client [openvpn] client = yes accept = localhost:1337 connect = x.x.x.xg:443 cert = C:\Users\heikki_lavaste\Documents\stunnel\stunnel.pem verifyChain = yes verify = 2 CAfile = C:\Users\heikki_lavaste\Documents\stunnel\ca-cert.pem checkHost = stunnel.heikki-lab.local sslVersion = TLSv1
Server
chroot = /var/run/stunnel sslVersion = TLSv1 pid = /stunnel.pid setuid = nobody setgid = nobody socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 cert = /etc/stunnel/stunnel.pem [openvpn] accept = 443 connect = localhost:8443 cert = /etc/stunnel/stunnel.pem
The issue is probably nothing to do with stunnel but if somebody can help me figure this out, that'd be appreciated.
Kind Regards Heikki
Heikki,
You can get this to work by making openvpn and stunnel separate:
On the client side:
[openvpn] client = yes accept = localhost:443 connect = remote:20433
On the server side client = no accept = 20443 connect = 443
The traffic will be doubly encrypted. It might be easier just to use openvpn for this connection.
Carter
On 3/22/2019 6:23 PM, Heikki Lavaste wrote:
Hi,
To bypass the office firewall to access home server, I'm trying to run openvpn over port 443 with stunnel. I managed to get to this point:
Log on client side
2019.03.22 22:15:13 LOG5[38]: Connection closed: 352 byte(s) sent to TLS, 2067 byte(s) sent to socket 2019.03.22 22:15:19 LOG5[39]: Service [openvpn] accepted connection from 127.0.0.1:51265 2019.03.22 22:15:19 LOG5[39]: s_connect: connected x.x.x.x:443 2019.03.22 22:15:19 LOG5[39]: Service [openvpn] connected remote server from x.x.x.x:51266 2019.03.22 22:15:19 LOG5[39]: Connection closed: 352 byte(s) sent to TLS, 2067 byte(s) sent to socket
Log on server side:
Mar 22 22:21:54 ssh-server-heikki stunnel[2797]: LOG5[2797:140127128753920]: connect_blocking: connected 127.0.0.1:8443 Mar 22 22:21:54 ssh-server-heikki stunnel[2797]: LOG5[2797:140127128753920]: Service [openvpn] connected remote server from 127.0.0.1:49366 Mar 22 22:21:54 ssh-server-heikki stunnel[2797]: LOG5[2797:140127128753920]: Connection closed: 2067 byte(s) sent to SSL, 352 byte(s) sent to socket
Config:
Client [openvpn] client = yes accept = localhost:1337 connect = x.x.x.xg:443 cert = C:\Users\heikki_lavaste\Documents\stunnel\stunnel.pem verifyChain = yes verify = 2 CAfile = C:\Users\heikki_lavaste\Documents\stunnel\ca-cert.pem checkHost = stunnel.heikki-lab.local sslVersion = TLSv1
Server
chroot = /var/run/stunnel sslVersion = TLSv1 pid = /stunnel.pid setuid = nobody setgid = nobody socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 cert = /etc/stunnel/stunnel.pem [openvpn] accept = 443 connect = localhost:8443 cert = /etc/stunnel/stunnel.pem
The issue is probably nothing to do with stunnel but if somebody can help me figure this out, that'd be appreciated.
Kind Regards Heikki
stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
-
Carter Browne -
Heikki Lavaste