Port 1080, is the standard port for SOCKS protocol. If you don’t plan to use the stunnel init package (or just using anther OS like Windows), you can safely skip this section. You actually may not need to set any global config at all.
#STUNNEL UBUNTU HOW TO#
These are basically extracted from my post on How to install and configure stunnel on Ubuntu. You may need to slightly change the global options for other distros/OSes. These samples assume you are running stunnel on Ubuntu. Don’t forget to adjust them first if needed: Global config Config filesĪ sample of server and client SOCKS config is provided below. The traffic then will be encrypted and passed along to the stunnel SOCKS server port. Applications then will be able to talk to that local port using SOCKS protocol. On the client side, you setup any authentication/encryption method set on the server, and simply forward a local port to the stunnel SOCKS port on the server. You can use either PKI systems (with CA, client/server certs, CRL, OSCP, etc), or just a simple PSKsecrets file. This ensures that the underlying SOCKS traffic is fully authenticated and encrypted. This is your typical SOCKS4a/5 protocol, supporting basic features like name resolution and TCP/IP stream connection.Īccessing to that SOCKS port on the server, is guarded by the stunnel authentication layer. On the server side, stunnel exposes a SOCKS port.
The setup is easy and straight forward and what is happening under the hood, is rather interesting: Server side How to install and configure stunnel on Ubuntu Process overview To see how to properly install and setup stunnel on Ubuntu (and possibly other distros), refer to my other article on the topic: Only suited for personal use (as after the initial client verification, it’s not easy to setup client access control).īut even with those limitations (most of which also applies to OpenSSH SOCKS), it is still suited for most applications.SOCKS5 built-in Authentication is not supported (though stunnel has its own methods of authentication on top of SOCKS5).Advanced options like BIND is not supported.Only TCP tunneling is supported (not UDP).There are some limitations to the stunnel SOCKS implementation however that you should be aware of: It can do so without the need of any additional software, and to top that off, you don’t need to keep any other session active for it to work 2. Stunnel on the other hand, comes with its own implementation of secure SOCKS5, SOCKS4, and SOCKS4a protocol. The most serious problem with such approach, is that you need to have an active SSH connection to the server at all times (That is unless you do some ugly hacking). To overcome this, a very popular method for setting up a SOCKS server, is to use the OpenSSH port forwarding capability along with its built-in SOCKS support.īut using OpenSSH this way, is not always the best option. SOCKS protocol (including SOCKS5), does not provide any means of encryption by itself 1. SOCKS connections generally has a per connection overhead, which is neglectable. This is specially true when you have a per packet ones. Overhead might not look like a big deal at first, but it adds up.
In such cases, setting up a SOCKS proxy might just do the trick.Īnother interesting aspect of SOCKS proxy, is that after the initial per each connection handshake, it doesn’t add much overhead to the underlying traffic.
#STUNNEL UBUNTU ANDROID#
How to run stunnel on your android device To see how to install and setup stunnel on android, take a look at: SOCKS functionality could then be directly used in your phone for apps that support it: Firefox, Telegram, etc. Stunnel can be used on your Android phone.
0 kommentar(er)
