Iptables -A INPUT -p tcp -dport 443 -j ACCEPT Now add a firewall setting on the Raspbery Pi to allow SSL packets through the firewal by creating a simple firewall script firewall.sh: We will re-edit the /etc/stunnel/nf to add more information. Now that we've got stunnel set up, let's get it working with Squid, the proxy server that we referenced earlier in the configuration file. Now configure stunnel by editing the default stunnel file:Ĭhange enable = 0 to enable = 1 Restart stunnel $ cat key.pem cert.pem > /etc/stunnel/stunnel.pem Put those both into the certificate file that we pointed to above, with our Squid proxy: Now you have your private key in key.pem and your server's certificate in cert.pem. If you enter '.', the field will be left blank. There are quite a few fields but you can leave some blankįor some fields there will be a default value, What you are about to enter is what is called a Distinguished Name or a DN. You are about to be asked to enter information that will be incorporated $ openssl req -new -x509 -key key.pem -out cert.pem -days 365 We already generated a private key, so now we generate a certificate, and use our own key to sign it. To do SSL, an stunnel server must have an SSL certificate, which requires a private key and a signature. Generating RSA private key, 2048 bit long modulus Use the openssl library to generate a 2048-bit private RSA key: Now you need to generate private keys, so that stunnel has private keys to use when encrypting using SSL.įirst, go to the directory where stunnel keeps all of its files: Generate Private Keys/Certificates for SSL
Note that it is pointing to a certificate file in /etc/stunnel/stunnel.pem, so our next step will be to create this certificate file. So, we're forwarding everything from port 8888 to port 3128. This then reroutes those incoming connections to 127.0.0.1 (localhost) and port 3128, which is where squid runs by default (localhost:3128). More information on this process is here: īasically, this accepts incoming connections on port 8888.
#Stunnel rasberry pi introduction how to
On the Raspberry Pi, edit the stunnel configuration file:Īdd the following information, which will point stunnel to your private key stunnel.pem (we'll cover how to create this next).
Stunnel on Raspberry Pi Client Installing The stunnel client will be our command and control server. The stunnel server will be our Raspberry Pi. In the case of reverse SSH, this provides a way to "wrap" SSH connections in an SSL layer, to make it through the firewall and past intrusion detection systems. (Example: if a mail server listens for unencrypted mail traffic on port 25, and clients send encrypted mail traffic on port 465, stunnel listens on port 465, passes traffic through stunnel to decrypt it, and then passes it to local port 25.īut this can also be used to wrap arbitrary traffic in SSL. Nominally, stunnel provides SSL encryption and decryption, which provides services not capable of SSL to communicate securely using SSL. 3 Stunnel on Command and Control Server.
0 kommentar(er)
