Stunnel

Configuration
Path: /etc/stunnel

Configure /etc/stunnel/stunnel.conf example: cert = /etc/stunnel/oeey.com.pem [https] accept = 10.10.10.3:443 connect = 127.0.0.1:80

Set certificate permissions: chmod 600 oeey.com.pem

See

Common Ports
[https] accept = 10.10.10.3:443 connect = 127.0.0.1:80

[smtps] accept = 10.10.10.3:465 connect = 127.0.0.1:25

[pop3s] accept = 10.10.10.3:995 connect = 127.0.0.1:110

[imaps] accept = 10.10.10.3:993 connect = 127.0.0.1:143

client mode
client mode (remote service uses SSL)

[google] client = yes accept = 127.0.0.1:8000 connect = google.com:443

References:
 * The Goldfish » Stunnel in client mode - http://www.thegoldfish.org/2010/01/stunnel-in-client-mode/

Logs
Logs get dumped to syslog under /var/log/secure.

SSL to SSH Tunnel
SSL to SSH tunneling (stunnel) | JAKERI - http://www.jakeri.net/2009/01/ssl-to-ssh-tunneling-stunnel/

Sometimes it can be handy to reach your home server even if you have all sorts of proxy servers and firewalls between you and your home server (e.g. from work).

Stunnel to the rescue!.

Server: cert=stunnel.pem pid=/tmp/stunnel.pid [stunnel443] accept = 192.168.1.7:443 connect = 192.168.1.7:22

Client: pid=/tmp/stunnelclient.pid client=yes [21222] accept=21222 connect=192.168.1.7:443
 * 1) cert = stunnel.pem
 * 1) foreground=yes

Client: ssh -p 21222 localhost

Startup Script

 * 1) !/bin/bash
 * 2) Script to run stunnel in daemon mode at boot time.
 * 3) Check http://www.gaztronics.net/ for the
 * 4) most up-to-date version of this script.
 * 5) This script is realeased under the terms of the GPL.
 * 6) You can source a copy at:
 * 7) http://www.fsf.org/copyleft/copyleft.html
 * 8) Please feel free to modify the script to suite your own needs.
 * 9) I always welcome email feedback with suggestions for improvements.
 * 10) Please do not email for general support. I do not have time to answer
 * 11) personal help requests.
 * 1) Please feel free to modify the script to suite your own needs.
 * 2) I always welcome email feedback with suggestions for improvements.
 * 3) Please do not email for general support. I do not have time to answer
 * 4) personal help requests.


 * 1) Author: Gary Myers MIIE MBCS
 * 2) email: http://www.gaztronics.net/webform/
 * 3) Revision 1.0  -  4th March 2005


 * 1) Run level information:
 * 2) chkconfig: 2345 99 99
 * 3) description: Secure Tunnel
 * 4) processname: stunnel
 * 5) Run "/sbin/chkconfig --add stunnel" to add the Run levels.
 * 6) This will setup the symlinks and set the process to run at boot.
 * 1) Run "/sbin/chkconfig --add stunnel" to add the Run levels.
 * 2) This will setup the symlinks and set the process to run at boot.
 * 1) This will setup the symlinks and set the process to run at boot.


 * 1) Paths and variables and system checks.
 * 1) Paths and variables and system checks.

. /etc/rc.d/init.d/functions
 * 1) Source function library (It's a Red Hat thing!)

[ ${NETWORKING} ="yes" ] || exit 0
 * 1) Check that networking is up.

SEXE=/usr/sbin/stunnel
 * 1) Path to the executable.

CONF=/etc/stunnel/stunnel.conf
 * 1) Path to the configuration file.

if [ ! -f $CONF ] ; then echo "The configuration file cannot be found!" exit 0 fi
 * 1) Check the configuration file exists.

LOCK_FILE=/var/lock/subsys/stunnel
 * 1) Path to the lock file.




 * 1) Run controls:
 * 1) Run controls:

prog=$"stunnel"

RETVAL=0

start { if [ -f $LOCK_FILE ]; then echo "stunnel is already running!" exit 0 else echo -n $"Starting $prog: " $SEXE $CONF fi
 * 1) Start stunnel as daemon.

RETVAL=$? [ $RETVAL -eq 0 ] && success echo [ $RETVAL -eq 0 ] && touch $LOCK_FILE return $RETVAL }

stop { if [ ! -f $LOCK_FILE ]; then echo "stunnel is not running!" exit 0
 * 1) Stop stunnel.

else

echo -n $"Shutting down $prog: " killproc stunnel RETVAL=$? [ $RETVAL -eq 0 ] rm -f $LOCK_FILE echo return $RETVAL

fi }

case "$1" in  start)	start	;;   stop) stop ;;  restart)	stop	start	;;   condrestart) if [ -f $LOCK_FILE ]; then stop start RETVAL=$? fi ;;  status)	status stunnel	RETVAL=$?	;;   *) echo $"Usage: $0 {start|stop|restart|condrestart|status}" RETVAL=1 esac
 * 1) See how we were called.

exit $RETVAL