[stunnel-users] forcing my untangle server to scan my https traffic

Bing H Bang bingb at tcsaa.com
Mon Feb 28 22:27:42 CET 2011


I'm so close to making this work, I can taste it. I also need some 
suggestions on how to fix the last hurdle.

My setup

10.0.0.10 ip of my webserver
24.159.165.122 static ip of my untangle server (router mode)

untangle server port forwards
443 to 10.0.0.10:10443
80 to 10.0.0.10:80 (web server only listens on 443)

stunnel config file on the web server

[https-terminate]
client = no
cert = /var/lib/stroot/cypherdog.com.pem
accept = 10.0.0.10:10443
connect = 24.159.165.122:80

[https-re-engage]
client = yes
accept = 10.0.0.10:80
connect = 10.0.0.10:443


What I'm trying to do is accept https traffic, decrypt it, pass it 
through untangle, then encrypt it back as it gets delivered to the https 
port of the web server.

This setup works in that I can point my browser at the https port of my 
untangle server and the web pages work properly.

What doesn't work is the untangle server shows no scanning activity when 
I access the web pages. I think the path webserver->untangle->webserver 
does not trigger the scanning in untangle because the traffic it sees is 
from an internal ip going to the same internal ip.

Is there a way to fix this, anyone?




More information about the stunnel-users mailing list