thank you for the How to, very helpful. Question: Does stunnel4 provide me anonymity like tor when i access a newserver? if not can it be configured to go through proxy servers?
thank you for the How to, very helpful. Question: Does stunnel4 provide me anonymity like tor when i access a newserver? if not can it be configured to go through proxy servers?
The Windows/Linux/OS X holy wars are pointless. Use what you like. It's just an operating system on a computer. Seriously.
Edited because it was probably wrong.
Last edited by mikezila; May 5th, 2009 at 09:58 PM. Reason: Idiocy.
The Windows/Linux/OS X holy wars are pointless. Use what you like. It's just an operating system on a computer. Seriously.
Having some trouble. Everything is setup correctly (or it seems to be), it's just that wireshark is still seeing a bunch of plain TCP packets, with no "SSL Continuation Data" at all, leading me to believe that it just isn't working. Here's some details.
I'm using giganews, and I have SSL enabled on my account. Diamond plan baby!
I'm using Pan, and Pan is connecting to localhost at port 119
stunnel is configured exactly as in OP's post, save for my nntp section, which is:
stunnel is also ENABLED=1, so I know that's not it.Code:[nntp] accept = localhost:119 connect = news.giganews.com:563
Pan connects and works correctly, but when I fire up Wireshark to monitor my tubes, they're clogged with normal TCP traffic! What gives! I need my tinfoil headgear!
Last edited by mikezila; May 5th, 2009 at 10:06 PM.
The Windows/Linux/OS X holy wars are pointless. Use what you like. It's just an operating system on a computer. Seriously.
Guys,
Thanks to the OP for this helpful post. I got stunnel going with Astraweb. Had to use:
secure.news.astraweb.com:563
for some reason ssl.astranews.com:563 didn't work.
Anyhow, since stunnel requires sudo to start, is there a way to automatically start it at boot? I thought programs that required sudo could not be started without password. Im new to Linux, so that might be a very simple thing..
Thanks.
You can do this
Add the following line at the end of the /etc/sudoers file (use down arrow to move cursor down to bottom)Code:export EDITOR=gedit && sudo visudo
Replace "johndoe" by the name of the user or the group which can use sudo and do the modification.Code:johndoe ALL= NOPASSWD: /etc/init.d/stunnel4 restart
Finally you need to add stunnel to the startup programs list from [System] [Preferences] [Startup Applications] [Add]
Name: stunnel4
Command: bash -c "sleep 45; sudo /etc/init.d/stunnel4 restart --start-hidden"
Comment: whatever
Note the 45 seconds is the pause before the stunnel starts. You may want to adjust this pause or not have one at all. I don't jump right into using pan after boot so I set a long pause.
Last edited by russetaylor; November 21st, 2009 at 05:02 AM. Reason: confusing
I set the local port listening for stunnel to 11900 instead of 119 and this seems to get around the sudo problem.
I can now boot the PC, logon on as a non-sudoer user and it just works when starting pan without any command line instructions.
I had to change the server setup in Pan to also point to localhost 11900.
Thanks
Gavin
Great HOWTO. I'm using PAN to connect to UsenetMonster. Configuring Stunnel and PAN together was simple and worked first time.
Thanks!
Hey guys,
I can't seem to get past the "You should check that you have specified the pid= in you configuration file" error. My config file is:and ls -al /etc/ssl/certs/stunnel.pem returns:Code:; Sample stunnel configuration file by Michal Trojnara 2002-2009 ; Some options used here may not be adequate for your particular configuration ; Please make sure you understand them (especially the effect of the chroot jail) ; Certificate/key is needed in server mode and optional in client mode cert = /etc/ssl/certs/stunnel.pem ;key = /etc/ssl/certs/stunnel.pem ; Protocol version (all, SSLv2, SSLv3, TLSv1) sslVersion = SSLv3 ; Some security enhancements for UNIX systems - comment them out on Win32 chroot = /var/lib/stunnel4/ setuid = stunnel4 setgid = stunnel4 ; PID is created inside the chroot jail pid = /stunnel4.pid ; Some performance tunings socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 ;compression = zlib ; Workaround for Eudora bug ;options = DONT_INSERT_EMPTY_FRAGMENTS ; Authentication stuff ;verify = 2 ; Don't forget to c_rehash CApath ; CApath is located inside chroot jail ;CApath = /certs ; It's often easier to use CAfile ;CAfile = /etc/stunnel/certs.pem ; Don't forget to c_rehash CRLpath ; CRLpath is located inside chroot jail ;CRLpath = /crls ; Alternatively you can use CRLfile ;CRLfile = /etc/stunnel/crls.pem ; Some debugging stuff useful for troubleshooting ;debug = 7 ;output = /var/log/stunnel4/stunnel.log ; Use it for client mode client = yes ; Service-level configuration ;[pop3s] ;accept = 995 ;connect = 110 ;[imaps] ;accept = 993 ;connect = 143 ;[ssmtp] ;accept = 465 ;connect = 25 ;[https] ;accept = 443 ;connect = 80 ;TIMEOUTclose = 0 ; vim:ft=dosini [Eucalyptus for Landscape] accept = landscape.canonical.com:443 connect = localhost:8773
any idea what I'm doing wrong? Using Lucid server by the way, trying to get this working.Code:-rw-r--r-- 1 root root 3432 2012-02-09 11:41 /etc/ssl/certs/stunnel.pem
Kevpatts
Onieric - Leaning towards Xubuntu these days.
Is it possible to set up stunnel4 for multiple servers? I would like to add gmane.org to the news-server I already have set and working.
pan 0.136 with stunnel4 operational on Mint 11 AMD64
Bookmarks