SysChat

SysChat (http://www.syschat.com/forum.php)
-   Networking (http://www.syschat.com/tutorials/networking/)
-   -   Stunnel, a free multi-platform computer program, used to provide universal TLS/SSL (http://www.syschat.com/stunnel-free-multi-platform-computer-program-5822.html)

metal333 04-27-2010 12:56 PM

Stunnel, a free multi-platform computer program, used to provide universal TLS/SSL
 
Stunnel is a free multi-platform computer program, used to provide universal TLS/SSL tunnelling service. Stunnel can be used to provide secure encrypted connections for clients or servers that do not speak TLS or SSL natively. Stunnel is a program that allows you to encrypt arbitrary TCP connections inside SSL. This is mainly used for tunneling connections on a network. It is available for both windows and linux.

In order to compile, it requires a functioning SSL library such as OpenSSL or SSLeay. Stunnel gives you the functionality of to secure non-SSL aware demons and protocols(like POP, IMAP) by having stunnel providing the encryption, requiring no change in daemon’s code. Stunnel does not contain any cryptographic code inside it. For that it relies on the external SSL Libraries. Stunnel uses Public-key cryptography with X.509 digital certificates to secure the SSL connection. Clients can optionally be authenticated via a certificate too.

Stunnel has support for:
– Being an SSL client / server
– Server and client side certificate verification
– Protect interception of data
– Prevent manipulation of data
– Defend against IP source routing (one host sending packets as if they came from somewhere else)
– DNS spoofing (an attacker forging name server records)

Configuring stunnel for Windows:
1. Download the .exe from Stunnel.org
2. Install the .exe file on both server and client side.
3. Generate the certificate for the server side from Stunnel.org

Server Side Configuration
1. Put the generated certificate file stunnel.pem in the installed folder
2. Edit .conf file according to the required services for stunnel.
For eg:
Let us consider that the proxy server has IP:Port 172.31.1.4:8080. The protocol used is http/https and the connection for the same are accepted at server side on port 80.
So for the following setting the server side configuration file will have

;Service-level configuration
[http]
accept = 80
connect = 172.31.1.4:8080

[https]
accept = 80
connect = 172.31.1.4:8080
TIMEOUTclose = 0

Client Side Configuration
1. Install Stunnel.
2. Edit .conf file.
Here is the sample of configuration file assuming for the previous example.
;Use it for the client mode
client = yes

;Service-level configuration

[http]
accept = 127.0.0.1:443
connect = 172.16.4.29:80

[https]
accept = 127.0.0.1:444
connect = 172.16.4.29:80
TIMEOUTclose = 0


Here the connections are accepted on localhost and the packets for the same are tunneled to another machine over the network which has the internet connectivity. Here 172.16.4.29 is the IP of the machine on network which has stunnel server running on it. For using the internet connection, you should configure your browsers in the proxy section by selecting the option of “Manual Proxy Configuration” and put the IP address of the server i.e. 172.16.4.29 and the port as specified; in this case its 80.
After the connection is established between server and the client we can see the log on both sides showing the transferring of packets and if the connection isn’t proper than it will show the error.

Through this process you can also open blocked sites on one system by tunneling the packets from another system. So stunnel is a powerful tool and with great power comes great responsibility so use it well and for good of mankind.


All times are GMT -4. The time now is 04:47 AM.


Copyright © 2005-2013 SysChat.com


1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54