create account

Stunnel - how to Secure your connection(Step by Step guide with configuration files) by meysam

View this thread on: hive.blogpeakd.comecency.com
· @meysam · (edited)
$20.25
Stunnel - how to Secure your connection(Step by Step guide with configuration files)
When you setting up a service which is supposed to receive and transfer important data, one of the main concerns is security and basically how to keep the data safe when it is passing an unsecure network. There is a lot of ways to secure your connection like using different protocols like https, SSL, TLS, etc… but sometimes you are dealing with a service which does not support any of those protocols, in this case you have to use another service as a third party to address this issue. The real question is what protocol is going to fulfill your needs as a fast, flexible and multi platform service!
<center>https://i.imgsafe.org/9ef165701e.jpg</center>
<center>[Source](https://n0where.net/stunnel/)</center>
## <center>Introducing Stunnel</center>

 Stunnel is a third party application which can help you to secure your data by encrypting it with different protocols outside your main application.
### Let’s put it in a scenario to understand how it really works
Imagine you have a database which is listening on the port 1433 and you want your users to connect to the database in a secure and encrypted network
At first you have to run stunnel on your server side with the IP address 192.168.1.100(note that if your service supports protocols like SSL, you don’t need to have the server side, just install stunnel on the client) and configure it in a way that the stunnel process listens on a specific port (like 10001) and sends data received on that port to the main service port (in this case 1433)
And on the client side you should install stunnel and configure it in a way that the stunnel receives on a specific port (let’s say 6004) and send the data to the server 192.168.1.100 port 10001.
Finally you need to configure your service on the client side to start the session on its IP(127.0.0.1) and port 6004.
Let’s list all the actions that happen when you start your service
1.	Client request to connect to its local IP on the port 6004
2.	Stunnel receives the connection request and pass it to 192.168.1.100:10001
3.	Server receives the request and send it to its local IP on the port 1433
https://i.imgsafe.org/9ac9be5e32.jpg
As you can see stunnel is exactly in the middle and encrypts all the data
Ok enough about the concept, now we are going to dirty our hands with installing and configuring the stunnel. Before installing stunnel we need to install openssl as a perquisite and for making certificate.
## <center>Installing openssl</center>
(I added installaition of openssl just in case if you needed that to generate certificate)
To check whether the openssl is installed on your server simply run following command:
#### openssl version
Result should be something like this:
“OpenSSL 1.0.1e-fips 11 Feb 2013”
If it couldn’t find the openssl command then you need to install it first.
#### mkdir /src
#### cd /src
#### wget https://www.openssl.org/source/openssl-1.0.2-latest.tar.gz
#### tar -zxf filename 
#### cd openssl-1.0.2a
#### ./config
#### make
#### make test
#### make install
To make sure that you are using the latest version even if you had an older version already installed
#### mv /usr/bin/openssl /root/
#### ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl
Now check your openssl version again
#### openssl version
Now you should see an output like this:
“OpenSSL 1.0.2k  26 Jan 2017”

## <center>Installing Stunnel</center>
Download the latest version
#### cd /src
#### wget https://www.stunnel.org/downloads/stunnel-5.40.tar.gz
Keep in mind that the version might change, if you get error go to the [stunnel]( https://www.stunnel.org/downloads.html) download page and see the latest version number
#### tar -xvf stunnel-5.40.tar.gz
#### yum install gcc
#### ./configure
#### make
#### make install
#### stunnel -version

Now you got your stunnel installed 
### Generating the private key
Stunnel have provided some scripts in its source to make it easier for users to create certificate pairs
#### cd /src/stunnel-5.40/tools
#### ./makecert.sh
Note that you can fill the requested questions or simply just press enter
<center>https://i.imgsafe.org/9ca3d6e832.jpg</center>
This command is going to create a stunnel.pem file including the private key and certificate
Now we need the configuration file for stunnel which by default resides in /src/stunnel-5.40/tools
Remember that to start stunnel you need to pass the conf file as a parameter to the command
#### (Example: stunnel /src/stunnel-5.40/tools/stunnel.conf)
You can create the configuration file as server mode, client mode and both, also you can have different options and protocols for your stunnel but here to keep it simple and show you how it is done, I am going to create two config file with the basic configuration
To do that you need a stunnel.pem(for server) file and a certificate.crt(for client) file
Go head and edit the stunnel.conf
#### vi stunnel.conf
```
debug = 7
output = stunnel.log
cert = stunnel.pem
[test]
accept = 127.0.0.1:10001
connect = 127.0.0.1:1433
```
<center>https://i.imgsafe.org/9dc1d62e84.jpg</center>
Now create a file
#### vi client.conf
```
debug = 7
output = stunnel-server.log
[test]
client = yes
accept = 127.0.0.1:6004
connect = 127.0.0.1:10001
CAfile = certificate.crt
```
<center>https://i.imgsafe.org/9dc679a432.jpg</center>
To create certificate.crt you can easily copy the certificate from the .pem file
Your certificate.crt file should look like this:
<center>https://i.imgsafe.org/9def451a87.jpg</center>
For more options and details click [here](https://www.stunnel.org/static/stunnel.html)
In this video I am going to show you the data captured from port 10001 which is encrypted and port 1433 which is plain
(something was wrong with youtube, so I had to share it by [drobbox](https://www.dropbox.com/home?preview=%DB%B2%DB%B0%DB%B1%DB%B7-%DB%B0%DB%B2-%DB%B0%DB%B7+at+%DB%B1%DB%B8-%DB%B4%DB%B1-%DB%B5%DB%B9.mp4))
That is it, now you have stunnel service up, running and working properly in basic level
### I hope you guys find it useful enough to upvote and resteem
## <center>This post is 100% powered up</center>
## <center>https://i.imgsafe.org/cd2d14ec42.gif</center> 

## <center>https://i.imgsafe.org/cd2d0cf565.gif</center> 

## <center>https://i.imgsafe.org/cd2d06f677.gif</center> 


<center> https://i.imgsafe.org/cd2d1dba11.gif</center>

<center>Tue Feb  7 19:02:16 IST 2017</center>
👍  , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , and 265 others
properties (23)
authormeysam
permlinkstunnel-how-to-secure-your-connection-step-by-step-guide-with-configuration-files
categorytutorial
json_metadata{"tags":["tutorial","linux","learning","beginner","security"],"image":["https://i.imgsafe.org/9ef165701e.jpg","https://i.imgsafe.org/9ac9be5e32.jpg","https://i.imgsafe.org/9ca3d6e832.jpg","https://i.imgsafe.org/9dc1d62e84.jpg","https://i.imgsafe.org/9dc679a432.jpg","https://i.imgsafe.org/9def451a87.jpg","https://i.imgsafe.org/cd2d14ec42.gif","https://i.imgsafe.org/cd2d0cf565.gif","https://i.imgsafe.org/cd2d06f677.gif","https://i.imgsafe.org/cd2d1dba11.gif"],"links":["https://n0where.net/stunnel/","https://www.openssl.org/source/openssl-1.0.2-latest.tar.gz","https://www.stunnel.org/downloads/stunnel-5.40.tar.gz","https://www.stunnel.org/downloads.html","https://www.stunnel.org/static/stunnel.html","https://www.dropbox.com/home?preview=%DB%B2%DB%B0%DB%B1%DB%B7-%DB%B0%DB%B2-%DB%B0%DB%B7+at+%DB%B1%DB%B8-%DB%B4%DB%B1-%DB%B5%DB%B9.mp4"],"app":"steemit/0.1","format":"markdown"}
created2017-02-07 16:01:12
last_update2017-02-07 18:07:09
depth0
children5
last_payout2017-03-10 19:53:24
cashout_time1969-12-31 23:59:59
total_payout_value17.120 HBD
curator_payout_value3.129 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length6,351
author_reputation24,504,907,990,035
root_title"Stunnel - how to Secure your connection(Step by Step guide with configuration files)"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd0
post_id2,446,047
net_rshares49,582,219,075,377
author_curate_reward""
vote details (329)
@alexandergomez ·
Upvoted, followed and Resteemed. Thank you
👍  
properties (23)
authoralexandergomez
permlinkre-meysam-stunnel-how-to-secure-your-connection-step-by-step-guide-with-configuration-files-20170207t170541811z
categorytutorial
json_metadata{"tags":["tutorial"],"app":"steemit/0.1"}
created2017-02-07 17:05:48
last_update2017-02-07 17:05:48
depth1
children1
last_payout2017-03-10 19:53:24
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length42
author_reputation4,360,173,193,042
root_title"Stunnel - how to Secure your connection(Step by Step guide with configuration files)"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id2,446,434
net_rshares11,089,158,435
author_curate_reward""
vote details (1)
@meysam ·
@alexandergomez
thank you sir, I appreciate the support 
followed back
properties (22)
authormeysam
permlinkre-alexandergomez-re-meysam-stunnel-how-to-secure-your-connection-step-by-step-guide-with-configuration-files-20170207t175406538z
categorytutorial
json_metadata{"tags":["tutorial"],"users":["alexandergomez"],"app":"steemit/0.1"}
created2017-02-07 17:54:06
last_update2017-02-07 17:54:06
depth2
children0
last_payout2017-03-10 19:53:24
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length70
author_reputation24,504,907,990,035
root_title"Stunnel - how to Secure your connection(Step by Step guide with configuration files)"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id2,446,699
net_rshares0
@bobinson ·
very informational

#bookmark
properties (22)
authorbobinson
permlinkre-meysam-stunnel-how-to-secure-your-connection-step-by-step-guide-with-configuration-files-20181012t183012119z
categorytutorial
json_metadata{"tags":["tutorial","bookmark"],"app":"steemit/0.1"}
created2018-10-12 18:30:12
last_update2018-10-12 18:30:12
depth1
children0
last_payout2018-10-19 18:30:12
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length29
author_reputation55,343,141,313,811
root_title"Stunnel - how to Secure your connection(Step by Step guide with configuration files)"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id73,164,199
net_rshares0
@steemtrail ·
$1.00
Hello @meysam, 

Congratulations! Your post has been chosen by the communities of SteemTrail as one of our top picks today.

Also, as a selection for being a top pick today, you have been [awarded a TRAIL token for your participation](https://discord.gg/w4sdqkS) on our innovative platform...STEEM.
[Please visit SteemTrail](https://discord.gg/w4sdqkS) to get instructions on how to claim your TRAIL token today.

If you wish to not receive comments from SteemTrail, please reply with "Stop" to opt out.
 

Happy TRAIL!
http://i.imgur.com/vs9Ai7I.png
👍  , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , and 79 others
properties (23)
authorsteemtrail
permlinkre-meysam-stunnel-how-to-secure-your-connection-step-by-step-guide-with-configuration-files-20170208t043334842z
categorytutorial
json_metadata{"tags":["tutorial"],"users":["meysam"],"image":["http://i.imgur.com/vs9Ai7I.png"],"links":["https://discord.gg/w4sdqkS"],"app":"steemit/0.1"}
created2017-02-08 04:33:45
last_update2017-02-08 04:33:45
depth1
children1
last_payout2017-03-10 19:53:24
cashout_time1969-12-31 23:59:59
total_payout_value0.967 HBD
curator_payout_value0.033 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length550
author_reputation263,209,530,304,931
root_title"Stunnel - how to Secure your connection(Step by Step guide with configuration files)"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id2,450,869
net_rshares9,632,851,196,860
author_curate_reward""
vote details (143)
@meysam ·
thanks
properties (22)
authormeysam
permlinkre-steemtrail-re-meysam-stunnel-how-to-secure-your-connection-step-by-step-guide-with-configuration-files-20170208t050058811z
categorytutorial
json_metadata{"tags":["tutorial"],"app":"steemit/0.1"}
created2017-02-08 05:01:00
last_update2017-02-08 05:01:00
depth2
children0
last_payout2017-03-10 19:53:24
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length6
author_reputation24,504,907,990,035
root_title"Stunnel - how to Secure your connection(Step by Step guide with configuration files)"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id2,451,007
net_rshares0