https://aznot.com/index.php?action=history&feed=atom&title=Stunnel
Stunnel - Revision history
2026-05-07T02:49:51Z
Revision history for this page on the wiki
MediaWiki 1.41.0
https://aznot.com/index.php?title=Stunnel&diff=1135&oldid=prev
Kenneth: /* Configuration */
2014-09-29T04:15:19Z
<p><span dir="auto"><span class="autocomment">Configuration</span></span></p>
<p><b>New page</b></p><div>== Configuration ==<br />
<br />
Path:<br />
/etc/stunnel<br />
<br />
Configure /etc/stunnel/stunnel.conf example:<br />
cert = /etc/stunnel/oeey.com.pem<br />
[https]<br />
accept = 10.10.10.3:443<br />
connect = 127.0.0.1:80<br />
<br />
Set certificate permissions:<br />
chmod 600 oeey.com.pem<br />
<br />
See [[#Startup Script]]<br />
<br />
== Common Ports ==<br />
<br />
<pre><br />
[https]<br />
accept = 10.10.10.3:443<br />
connect = 127.0.0.1:80<br />
<br />
[smtps]<br />
accept = 10.10.10.3:465<br />
connect = 127.0.0.1:25<br />
<br />
[pop3s]<br />
accept = 10.10.10.3:995<br />
connect = 127.0.0.1:110<br />
<br />
[imaps]<br />
accept = 10.10.10.3:993<br />
connect = 127.0.0.1:143<br />
</pre><br />
<br />
== client mode ==<br />
<br />
client mode (remote service uses SSL)<br />
<br />
<pre><br />
[google]<br />
client = yes<br />
accept = 127.0.0.1:8000<br />
connect = google.com:443<br />
</pre><br />
<br />
References:<br />
* The Goldfish ยป Stunnel in client mode - http://www.thegoldfish.org/2010/01/stunnel-in-client-mode/<br />
<br />
== Logs ==<br />
<br />
Logs get dumped to syslog under /var/log/secure.<br />
<br />
== SSL to SSH Tunnel ==<br />
<br />
SSL to SSH tunneling (stunnel) | JAKERI - http://www.jakeri.net/2009/01/ssl-to-ssh-tunneling-stunnel/<br />
<br />
Sometimes it can be handy to reach your home server even if you have all sorts of proxy servers and firewalls between you and your home server (e.g. from work). <br />
<br />
Stunnel to the rescue!.<br />
<br />
Server:<br />
<pre><br />
cert=stunnel.pem<br />
pid=/tmp/stunnel.pid<br />
[stunnel443]<br />
accept = 192.168.1.7:443<br />
connect = 192.168.1.7:22<br />
</pre><br />
<br />
Client:<br />
<pre><br />
#cert = stunnel.pem<br />
pid=/tmp/stunnelclient.pid<br />
#foreground=yes<br />
client=yes<br />
[21222]<br />
accept=21222<br />
connect=192.168.1.7:443<br />
</pre><br />
<br />
Client:<br />
ssh -p 21222 localhost<br />
<br />
== Startup Script ==<br />
<br />
<pre><br />
#!/bin/bash<br />
#<br />
# Script to run stunnel in daemon mode at boot time.<br />
#<br />
# Check http://www.gaztronics.net/ for the<br />
# most up-to-date version of this script.<br />
#<br />
# This script is realeased under the terms of the GPL.<br />
# You can source a copy at:<br />
# http://www.fsf.org/copyleft/copyleft.html<br />
#<br />
# Please feel free to modify the script to suite your own needs.<br />
# I always welcome email feedback with suggestions for improvements.<br />
# Please do not email for general support. I do not have time to answer<br />
# personal help requests.<br />
<br />
# Author: Gary Myers MIIE MBCS<br />
# email: http://www.gaztronics.net/webform/<br />
# Revision 1.0 - 4th March 2005<br />
<br />
#====================================================================<br />
# Run level information:<br />
#<br />
# chkconfig: 2345 99 99<br />
# description: Secure Tunnel<br />
# processname: stunnel<br />
#<br />
# Run "/sbin/chkconfig --add stunnel" to add the Run levels.<br />
# This will setup the symlinks and set the process to run at boot.<br />
#====================================================================<br />
<br />
#====================================================================<br />
# Paths and variables and system checks.<br />
<br />
# Source function library (It's a Red Hat thing!)<br />
. /etc/rc.d/init.d/functions<br />
<br />
# Check that networking is up.<br />
#<br />
[ ${NETWORKING} ="yes" ] || exit 0<br />
<br />
# Path to the executable.<br />
#<br />
SEXE=/usr/sbin/stunnel<br />
<br />
# Path to the configuration file.<br />
#<br />
CONF=/etc/stunnel/stunnel.conf<br />
<br />
# Check the configuration file exists.<br />
#<br />
if [ ! -f $CONF ] ; then<br />
echo "The configuration file cannot be found!"<br />
exit 0<br />
fi<br />
<br />
# Path to the lock file.<br />
#<br />
LOCK_FILE=/var/lock/subsys/stunnel<br />
<br />
#====================================================================<br />
<br />
#====================================================================<br />
# Run controls:<br />
<br />
prog=$"stunnel"<br />
<br />
RETVAL=0<br />
<br />
# Start stunnel as daemon.<br />
#<br />
start() {<br />
if [ -f $LOCK_FILE ]; then<br />
echo "stunnel is already running!"<br />
exit 0<br />
else<br />
echo -n $"Starting $prog: "<br />
$SEXE $CONF<br />
fi<br />
<br />
RETVAL=$?<br />
[ $RETVAL -eq 0 ] && success <br />
echo<br />
[ $RETVAL -eq 0 ] && touch $LOCK_FILE<br />
return $RETVAL<br />
}<br />
<br />
<br />
# Stop stunnel.<br />
#<br />
stop() {<br />
if [ ! -f $LOCK_FILE ]; then<br />
echo "stunnel is not running!"<br />
exit 0<br />
<br />
else<br />
<br />
echo -n $"Shutting down $prog: "<br />
killproc stunnel<br />
RETVAL=$?<br />
[ $RETVAL -eq 0 ]<br />
rm -f $LOCK_FILE<br />
echo<br />
return $RETVAL<br />
<br />
fi<br />
}<br />
<br />
# See how we were called.<br />
case "$1" in<br />
start)<br />
start<br />
;;<br />
stop)<br />
stop<br />
;;<br />
restart)<br />
stop<br />
start<br />
;;<br />
condrestart)<br />
if [ -f $LOCK_FILE ]; then<br />
stop<br />
start<br />
RETVAL=$?<br />
fi<br />
;;<br />
status)<br />
status stunnel<br />
RETVAL=$?<br />
;;<br />
*)<br />
echo $"Usage: $0 {start|stop|restart|condrestart|status}"<br />
RETVAL=1<br />
esac<br />
<br />
exit $RETVAL<br />
</pre><br />
<br />
== keywords ==<br />
<br />
[[Category:Linux]]</div>
Kenneth