[stunnel-users] newbie config not running

fuzzy_4711 fuzzy_4711 at gmx.de
Fri Nov 2 14:49:22 CET 2007


Craig Retief schrieb:
>> Hello list.
>>
>>     
>
> Hello's :-)
>
>   
>> I am new to stunnel and do have some problems to get it running.
>>
>>     
>
> Welcome to the list :-)
>
>   
>> The server is a WinXPSP2 behind a router. The router has port
>> forwarding
>> enabled for port 9999 to the stunnel server (4.21). On the same box a
>> vnc server is running on port 5900 which I like to tunnel. Firewall is
>> opened. The netstat -a -n shows the server listening on the desired
>> port
>> (9999).
>>
>> My server config looks like that:
>>
>> cert = stunnel.pem
>> ;key = stunnel.pem
>>
>> ; Some performance tunings
>> socket = l:TCP_NODELAY=1
>> socket = r:TCP_NODELAY=1
>>
>> ; Workaround for Eudora bug
>> ;options = DONT_INSERT_EMPTY_FRAGMENTS
>>
>> ; Authentication stuff
>> ;verify = 2
>> ; Don't forget to c_rehash CApath
>> ;CApath = certs
>> ; It's often easier to use CAfile
>> ;CAfile = certs.pem
>> ; Don't forget to c_rehash CRLpath
>> ;CRLpath = crls
>> ; Alternatively you can use CRLfile
>> ;CRLfile = crls.pem
>>
>> ; Some debugging stuff useful for troubleshooting
>> ;debug = 7
>> ;output = stunnel.log
>>
>> ; Use it for client mode
>> ;client = yes
>>
>> [pop3s]
>> accept  = 995
>> connect = 110
>>
>> [imaps]
>> accept  = 993
>> connect = 143
>>
>> [ssmtp]
>> accept  = 465
>> connect = 25
>>
>>     
>
>
>
> Change on server
>
> [VNC Server]
> accept = 9999
> connect = 5900
>
> to
>
> [VNC Server]
> accept = 9999
> connect = 127.0.0.1:5900
>
> On the server you need to specify the place where the service needs to
> connect to. Thus you should specify the localhost ip so that when the server
> receives a connect on port 9999 it directs it to the server itself. 
>
>
>
>
>   
>> The client side is a linux box with config setting:
>> client = yes
>>
>>     
>
>
>
> Change on client
>
> [VNC Server]
> accept = 5900
> connect = 9999
>
> to
>
> [VNC Server]
> accept = 5900
> connect = your_router_ip:9999
>
> When connecting to the service, you need to specify the servers IP address
> where the connection needs to go, if you don't then stunnel won't know where
> to direct the traffic to.
>
> What should happen is that you specify your connection in VNC as
> 127.0.0.1:5900 and then VNC will connect to stunnel that will direct the
> traffic to the server which will in return direct it to the VNC service on
> itself
>
> Let me know if you get stuck and I will generate a config file for you. Also
> it is recommended that you don't use the default stunnel.pem file. Please
> create a new certificate on the server and client and use verify = 3 to
> completely secure the connection. This will prevent someone else that also
> has the stunnel.pem file from connecting to your server.
>
> Let me know if you need help with the creation of the certificates. It's
> pretty straight forward ;-)
>
> Cheers,
>
> Craig
>
>   
Hello Craig.

Thanks a lot - this was exactly the information needed.

Communities are living because of people like you are!
The perfect answer: Friendly, with some explainations where needed and
the offer to help even further.


Thanks again.
Stefan

P.S.: I think I can do the pem-file by myself - I ll try tomorrow.


>> I turned on debugging and stunnel.log seems to be okay - no error
>> messages.
>>
>> But I am not able to get an connection.
>>
>> What am I doing wrong?
>>
>> Stefan
>> _______________________________________________
>> stunnel-users mailing list
>> stunnel-users at mirt.net
>> http://stunnel.mirt.net/mailman/listinfo/stunnel-users
>>     
>
> _______________________________________________
> stunnel-users mailing list
> stunnel-users at mirt.net
> http://stunnel.mirt.net/mailman/listinfo/stunnel-users
>
>   




More information about the stunnel-users mailing list