[stunnel-users] Stunnel over a separate proxy?
John A. Wallace
jw72253 at verizon.net
Sat Feb 9 17:37:01 CET 2013
> -----Original Message-----
> From: stunnel-users-bounces at stunnel.org [mailto:stunnel-users-
> bounces at stunnel.org] On Behalf Of Michal Trojnara
> Sent: Friday, February 08, 2013 2:25 AM
> To: stunnel-users at stunnel.org
> Subject: Re: [stunnel-users] Stunnel over a separate proxy?
>
> Alex Gottschalk wrote:
> > I've successfully deployed stunnel4 to wrap rsync for transferring
> > data between remote sites and a central repository. The issue I'm
> > running into, is that some of these sites mandate use of a proxy
> (HTTP
> > or SOCKS5 usually) for outbound network connections. It seems like
> > there is some proxy support in stunnel with the
> > protocol{Host,Authentication,etc} configuration options, but I have
> > had zero luck getting them to work. For example, I've tried making a
> > simple SOCKS5 proxy using ssh, that I'm successfully able to send
> HTTP
> > traffic over:
> >
> > ssh -g -D1080 proxy-host # create the proxy, open port 1080 on a
> > public interface
>
> There is no SOCKS proxy support in stunnel.
You can send stunnel over socks proxy using socat easily enough, and this
works on both Windows and Linux.
>
> > [rsync]
> > protocol = connect
> > protocolHost = proxy-host:1080
> > accept = 127.0.0.1:873
> > connect = rsync-destination:443
>
> You have reversed "protocolHost" and "connect" values. "connect" is
> the host *stunnel* connects to while "protocolHost" is the final
> destination requested from this host. It may be unintuitive compared
> to other services (like web browsers), but for stunnel proxy support is
> a part of SSL protocol negotiations rather than a separate feature.
>
> From the fine manual of stunnel:
>
> connect = address
>
> connect to a remote address
>
> If no host is specified, the host defaults to localhost.
>
> Multiple connect options are allowed in a single service section.
>
> If host resolves to multiple addresses and/or if multiple connect
> options are specified, then the remote address is chosen using a round-
> robin algorithm.
>
> protocolHost = host:port
>
> destination address for protocol negotiations
>
> Mike
More information about the stunnel-users
mailing list