[stunnel-users] Using stunnel for RDP / Proxy / Firewall

garberfc garberfc at coolsite.net
Mon Oct 29 12:46:38 CET 2007



Algol Tradent wrote:
> 
> 
> Here are the configs I've used. I must point out that
> I use certificates in both the client and server for
> authentication. Hence verify=3 in the config.
> 
> ======= SERVER =======
> 
> ;----------------------------------------------------
> ;--  SERVER OPTIONS
> ;----------------------------------------------------
> 
> ;select data compression algorithm 
> compression = zlib
> 
> ; Enable Taskbar icon
> taskbar = yes 
> 
> ; Some performance tunings
> ; turn off the Nagle algorithm for local sockets
> ; turn off the Nagle algorithm for remote sockets
> socket = l:TCP_NODELAY=1
> socket = r:TCP_NODELAY=1
> 
> [TServ]
> 
> ;Certificate Authority file
> CAfile = CAcert.pem
> 
> ;Certificate Authority directory 
> CApath = certificates
> 
> ;certificate chain PEM file name
> ;required in server mode
> cert   = server.pem
> 
> ;client mode - no (server mode)
> client = no
> 
> ;level 3 - verify peer with locally installed
> certificate
> verify = 3
> 
> accept = 50000
> connect = 127.0.0.1:3389
> 
> 
> ======= CLIENT =======
> 
> ;----------------------------------------------------
> ;                 GLOBAL OPTIONS
> ;----------------------------------------------------
> 
> 
> ;Logging Options
> debug = 7
> output = stunnel.log
> 
> ; Some performance tunings
> ; turn off the Nagle algorithm for local sockets
> ; turn off the Nagle algorithm for remote sockets
> socket = l:TCP_NODELAY=1
> socket = r:TCP_NODELAY=1
> 
> ;----------------------------------------------------
> ;        SERVICE-LEVEL OPTIONS
> ;----------------------------------------------------
> [tserver]
> accept = 127.0.0.1:50000
> connect = <my_server_IP>:50000
> 
> ;Server mode or Client mode
> ;Yes=Client mode
> client = yes
> 
> ;Certificate Authority file
> CAfile = CAcert.pem
> 
> ;Certificate Authority directory
> CApath = certificates
> 
> ;certificate chain PEM file name
> cert = client.pem
> 
> ;verify peer certificate
> ;level 3 - verify peer with locally installed
> certificate
> verify = 3
> 
> ;Select permitted SSL ciphers ':' delimited list
> ciphers = AES256-SHA 
> 
> --- Frank Garber <garberfc at coolsite.net> wrote:
> <snip />
> 
> 

I had a question about your setting:
    ;Certificate Authority directory
    CApath = certificates

Where does your 'certificates' directory live in relation to the
stunnel.conf file?

Did you create the server.pem, client.pem and CAcert.pem file your self? Are
any of these files the same files or all different?

Thanks for the help,

Frank

-- 
View this message in context: http://www.nabble.com/Using-stunnel-for-RDP---Proxy---Firewall-tf4654985.html#a13465792
Sent from the Stunnel - Users mailing list archive at Nabble.com.




More information about the stunnel-users mailing list