[stunnel-users] Stunnel over a separate proxy?

John A. Wallace jw72253 at verizon.net
Sat Feb 9 17:37:01 CET 2013 

> -----Original Message-----
> From: stunnel-users-bounces at stunnel.org [mailto:stunnel-users-
> bounces at stunnel.org] On Behalf Of Michal Trojnara
> Sent: Friday, February 08, 2013 2:25 AM
> To: stunnel-users at stunnel.org
> Subject: Re: [stunnel-users] Stunnel over a separate proxy?
> 
> Alex Gottschalk wrote:
> > I've successfully deployed stunnel4 to wrap rsync for transferring
> > data between remote sites and a central repository.  The issue I'm
> > running into, is that some of these sites mandate use of a proxy
> (HTTP
> > or SOCKS5 usually) for outbound network connections.  It seems like
> > there is some proxy support in stunnel with the
> > protocol{Host,Authentication,etc} configuration options, but I have
> > had zero luck getting them to work.  For example, I've tried making a
> > simple SOCKS5 proxy using ssh, that I'm successfully able to send
> HTTP
> > traffic over:
> >
> > ssh -g -D1080 proxy-host # create the proxy, open port 1080 on a
> > public interface
> 
> There is no SOCKS proxy support in stunnel.

You can send stunnel over socks proxy using socat easily enough, and this
works on both Windows and Linux.

> 
> > [rsync]
> >     protocol = connect
> >     protocolHost = proxy-host:1080
> >     accept = 127.0.0.1:873
> >     connect = rsync-destination:443
> 
> You have reversed "protocolHost" and "connect" values.  "connect" is
> the host *stunnel* connects to while "protocolHost" is the final
> destination requested from this host.  It may be unintuitive compared
> to other services (like web browsers), but for stunnel proxy support is
> a part of SSL protocol negotiations rather than a separate feature.
> 
>  From the fine manual of stunnel:
> 
> connect = address
> 
>      connect to a remote address
> 
>      If no host is specified, the host defaults to localhost.
> 
>      Multiple connect options are allowed in a single service section.
> 
>      If host resolves to multiple addresses and/or if multiple connect
> options are specified, then the remote address is chosen using a round-
> robin algorithm.
> 
> protocolHost = host:port
> 
>      destination address for protocol negotiations
> 
> Mike

More information about the stunnel-users mailing list