stunnel Notes

this file can be found at www.estss.com/opensource/cheatsheet.php


I have tried a few VPN solutions, (such as PPP-SSH & OpenVPN) eons ago and found that they have a horrendous amount of setup that touches some system files (/etc/hosts & /etc/resolv.conf) and running commands that require super user access:

iptablesmodify firewall rules
route addchange the routing tables
mknod + modprobecreate a network device
ifconfigassigning an IP address to the new device
ptypseudo terminal

These are all basically ssh-based virtual private network tunnelling. And it seemed like an overkill solution for what I needed.

stunnel has a very simple way to create an encrypted channel between two networked computers. No system files or super user commands are required to make this work.

ssh TCP forwarding works the same way. But "stunnel is running as it's own daemon, you can use this port forward without first establishing the ssh connection." -- stunnel.org

( A fun read: SSH Tunnels: Bypass (Almost) Any Firewall. )


To double check your ssh server's fingerprint:


stunnel code snipets (see man page for details on these options):

Then, execute on the respective computers:


Copyright © 2010-2014 by Nick Shin. All Rights Reserved.
These pages are designed by ESTSS.