[stunnel-users] Stunnel over a separate proxy?
Michal Trojnara
Michal.Trojnara at mirt.net
Fri Feb 8 09:25:00 CET 2013
Alex Gottschalk wrote:
> I've successfully deployed stunnel4 to wrap rsync for transferring
> data between remote sites and a central repository. The issue I'm
> running into, is that some of these sites mandate use of a proxy
> (HTTP
> or SOCKS5 usually) for outbound network connections. It seems like
> there is some proxy support in stunnel with the
> protocol{Host,Authentication,etc} configuration options, but I have
> had zero luck getting them to work. For example, I've tried making a
> simple SOCKS5 proxy using ssh, that I'm successfully able to send
> HTTP
> traffic over:
>
> ssh -g -D1080 proxy-host # create the proxy, open port 1080 on a
> public interface
There is no SOCKS proxy support in stunnel.
> [rsync]
> protocol = connect
> protocolHost = proxy-host:1080
> accept = 127.0.0.1:873
> connect = rsync-destination:443
You have reversed "protocolHost" and "connect" values. "connect" is
the host *stunnel* connects to while "protocolHost" is the final
destination requested from this host. It may be unintuitive compared to
other services (like web browsers), but for stunnel proxy support is a
part of SSL protocol negotiations rather than a separate feature.
From the fine manual of stunnel:
connect = address
connect to a remote address
If no host is specified, the host defaults to localhost.
Multiple connect options are allowed in a single service section.
If host resolves to multiple addresses and/or if multiple connect
options are specified, then the remote address is chosen using a
round-robin algorithm.
protocolHost = host:port
destination address for protocol negotiations
Mike
More information about the stunnel-users
mailing list