Stunnel to protect unencrypted Services
Jump to navigation
Jump to search
create server certificate
cd /etc/stunnel mkdir server ; cd server openssl req -new -x509 -out cacert.pem -days 3650 -nodes cat privkey.pem cacert.pem > /etc/stunnel/server.pem cd ..
create client certificate
mkdir client ; cd client openssl req -new -x509 -out cacert.pem -days 3650 -nodes cat privkey.pem cacert.pem > /etc/stunnel/client.pem cd .. chmod 600 /etc/stunnel/*.pem chmod og-rwx /etc/stunnel/{client,server}
scp /etc/stunnel/client.pem /etc/stunnel/server.pem root@CLIENT:/etc/stunnel/
config for server vi /etc/stunnel/stunnel.conf
# Authentication stuff verify = 2 cert = /etc/stunnel/client.pem CAfile = /etc/stunnel/server.pem # Some debugging stuff #debug = 7 #output = stunnel.log # Use it for client mode client = no # Service-level configuration [telnet-test] accept = SERVER_IP_ADDRESS:1023 connect = 127.0.0.1:23 --- #config for client vi /etc/stunnel/stunnel.conf --- # Authentication stuff verify = 2 cert = /etc/stunnel/client.pem CAfile = /etc/stunnel/server.pem # Some debugging stuff #debug = 7 #output = stunnel.log # Use it for client mode client = yes # Service-level configuration [telnet-test] accept = 127.0.0.1:23 connect = SERVER_IP_ADDRESS:1023
create the start script
curl http://www.gaztronics.net/rc/stunnel.txt > /etc/init.d/stunnel chmod 700 /etc/init.d/stunnel ln -s /etc/init.d/stunnel /etc/rc3.d/S90stunnel
LINKS:
http://gentoo-wiki.com/HOWTO_create_a_logserver_with_syslog-ng
http://www.gaztronics.net
http://www.stunnel.org