[stunnel-users] SSL VPN configuration confusion
TJ
stunnel at iam.tj
Thu Mar 28 06:20:32 CET 2013
On 28/03/13 05:03, TJ wrote:
>
> A quick follow-up on some progress. I realised on reading my own message that both ends of the PPP connection had the "silent" a.k.a 'passive' option set. I removed it from the client end and there is
> now LCP negotiation but the interface fails to come up.
Insight is snowballing. During the trials of the 'buggy' version 4.46 I had found that the "notty" option seemed to get the connection further along. After reading the last messages on the client that
I just posted to the list:
Serial line is looped back.
I took a closer look at the server's configuration and tried removing the "notty" option. That solved the issue of no IP address assignment.
Both ends of the link now come up and have the expected IP addresses.
My next task is to open the shorewall policy rules up to allow traffic through. I'll tackle that tomorrow.
Here is the working configuration, server first:
----- /etc/stunnel/pella-vpn.conf -----
CAfile = /etc/stunnel/vpn.pem
cert = /etc/stunnel/vpn.pem
key = /etc/stunnel/vpn.pem
output = /var/log/stunnel-vpn.log
debug = 7
client = no
foreground = no
[vpn]
accept = 109.74.x.y:9876
exec = /usr/sbin/pppd
execargs = pppd call pella-vpn 10.254.241.1:10.254.241.2
pty = yes
----------
----- /etc/ppp/peers/pella-vpn -----
# ensure we use ppp3 (ppp0-2 are already in use)
unit 3
#notty
ktune
local
noipdefault
noccp
noauth
novj
nomp
nopcomp
noaccomp
updetach
linkname pella
debug
dump
----------
And on the client (note the name ends .vpn to prevent the stunnel4 daemon loading this profile automatically):
----- /etc/stunnel/pella.conf.vpn -----
pid = /var/run/stunnel4/pella.pid
debug = debug
output = /var/log/stunnel-pella.log
foreground = no
client=yes
connect = 109.74.x.y:9876
CAfile = /etc/stunnel/vpn.pem
# verify the peer's certificate
verify = 2
----------
----- /etc/ppp/peers/pella-vpn -----
# ensure we use ppp3 (ppp0-2 are already in use)
unit 3
ktune
local
noipdefault
noccp
noauth
novj
nomp
nopcomp
noaccomp
updetach
logfd 2
linkname pella
pty "/usr/bin/stunnel4 /etc/stunnel/pella.conf.vpn"
debug
dump
----------
More information about the stunnel-users
mailing list