Hello,
what I´m trying to accomplish is to build a secure RDP Connection between my Laptop and a Server, which are in the same Network but as RDP in itself is not secure enough I need the stunnel encryption.
As of now I can establish a connection but as soon as I try to start an RDP Connection I get the following message:
SSL_accept: 1408F10B: error:1408F10B:SSL routines:ssl3_get_record:wrong version number
I tried serveral things for example: sslVersion = all
options = NO_SSLv2
Sadly this doesn´t work either as I get a different error after that.
This is pretty much the config for both Server and Client.
; R.B. Konfiguration HMailServer InvNr. 4522 RDP Zugriff mit STunnel-Verschlüsselung
[RDP-SSL]
CAfile = certs.pem
accept = 9000
connect = 3389
;verify = 4
verifyPeer = yes
verifyChain = no
sslVersion = all
cert = stunnel.pem
I exchanged the certificates between the Server and the Laptop but can´t establish a connection to get a RDP Session going.
Hope someone can help me.
Kind regards.
F.Moellers
Mit freundlichen Grüßen
IT-Abteilung
Jugendhilfe Köln e.V.
Christianstr. 82
50825 Köln
Tel. (0221) 54600-177
mailto:it@jugendhilfe-koeln.de it@jugendhilfe-koeln.de
http://www.jugendhilfe-koeln.de www.jugendhilfe-koeln.de
Geschäftsführerin: Almut Gross - Amtsgericht Köln VR 7348
Vorstandsvorsitzende: Dr. Agnes Klein
On Mon, Jan 07, 2019 at 02:53:24PM +0100, Moellers wrote:
Hello,
what I´m trying to accomplish is to build a secure RDP Connection between my Laptop and a Server, which are in the same Network but as RDP in itself is not secure enough I need the stunnel encryption.
So let's make sure that we are on the same page here.
RDP is an unencrypted protocol (though it does have some TLS extensions, so maybe stunnel is not needed at all if your client can negotiate that, although I've had some problems with xfreerdp in that regard), so in order to connect from your laptop to an RDP server you will need two stunnel instances: - one in your laptop running in client mode ("client = yes"), accepting unencrypted connections on, say, port 3389, and connecting to the other stunnel instance - one on the RDP server running in server mode (no "client = yes" line), accepting connections on the same port the other stunnel instance is configured to connect to and connecting to port 3389 of its local server
Is this how you have them configured? Pay particular attention to the "client = yes/no" setting and the port numbers for each stunnel instance.
Once you have that, you should be able to establish an unencrypted connection to the stunnel instance running on your laptop and listening on port 3389, then it should establish an encrypted connection to the other stunnel instance, then the latter should establish an unencrypted connection to the actual RDP server.
As of now I can establish a connection but as soon as I try to start an RDP Connection I get the following message:
SSL_accept: 1408F10B: error:1408F10B:SSL routines:ssl3_get_record:wrong version number
This may sometimes indicate stunnel trying to establish an encrypted connection or to listen for an encrypted connection, and somebody else sending unencrypted data to it. Can you double-check your configuration as per my notes above?
Hope that helps at least a bit!
G'luck, Peter
-
Moellers -
Peter Pentchev