Setup SSL Tunnel Using Stunnel on Ubuntu

The Stunnel program is designed to work as an SSL encryption wrapper between remote client and server. It can be used to add SSL functionality.

What Stunnel basically does is that it turns any insecure TCP port into a secure encrypted port using OpenSSL package for cryptography.

1.Update & Upgrade Ubuntu

apt-get update && apt-get upgrade

2.Install Stunnel on VPS

apt-get install stunnel4 -y

3.Create SSL Certificate

openssl genrsa -out key.pem 2048
openssl req -new -x509 -key key.pem -out cert.pem -days 1095
cat key.pem cert.pem >> /etc/stunnel/stunnel.pem

4.configure Stunnel on VPS

vim /etc/stunnel/stunnel.conf

So overall the stunnel.conf file must contain the lines below:

client = no
[squid]
accept = 8888
connect = 127.0.0.1:3128
cert = /etc/stunnel/stunnel.pem

Note: The client = no part isn’t necessary, Stunnel by default is set to server mode.

Also, enable Stunnel automatic startup by configuring the “/etc/default/stunnel4” file

ENABLED=1

Finally, restart Stunnel for configuration to take effect, using this command:

/etc/init.d/stunnel4 restart

5.Install Squid Proxy

apt-get install squid3 -y

Configure Stunnel in Client

Using a SFTP client such as Filezilla, connect to your server and download the stunnel.pem file located in “/etc/stunnel/” directory to the client.

Install Stunnel on your choice of OS. Then go to the Stunnel folder and move the downloaded certificate stunnel.pem to Stunnel folder.

So stunnel.conf file in the client should look like this:

cert = stunnel.pem
client = yes
[squid]
accept = 127.0.0.1:8080
connect = [Server’s Public IP]:8888

Save and close the file and run stunnel.exe.

That’s it. Now when we want to connect to Squid proxy on our cloud server, we must configure our client to connect to 127.0.0.1:8080, and Stunnel automatically connects us through a secure tunnel to the service specified for that port.

0 (0)
Article Rating (No Votes)
Rate this article
Attachments
There are no attachments for this article.
Comments
There are no comments for this article. Be the first to post a comment.
Full Name
Email Address
Security Code Security Code
Related Articles RSS Feed
LVM: Rename root VG/LV
Viewed 972 times since Sat, Jun 2, 2018
Fałszujemy rozpoznania skanerów #1
Viewed 989 times since Mon, May 21, 2018
RHEL: Bonding network interfaces
Viewed 971 times since Sat, Jun 2, 2018
“Too many authentication failures” with SSH
Viewed 1884 times since Mon, May 21, 2018
RHEL: How to change a USER/GROUP UID/GID and all owned files
Viewed 2294 times since Sat, Jun 2, 2018
Set Up SSH Tunneling on a Linux / Unix / BSD Server To Bypass NAT
Viewed 87 times since Fri, May 15, 2020
Installing and Configuring an OCFS2 Clustered File System
Viewed 885 times since Sat, Jun 2, 2018
debian How to check Debian CVE status using python script
Viewed 471 times since Sun, Sep 23, 2018
Need to set up yum repository for locally-mounted DVD on Red Hat Enterprise Linux 7
Viewed 764 times since Mon, Oct 29, 2018
LVM: Extend SWAP size by adding a new Logical Volume
Viewed 651 times since Sat, Jun 2, 2018