Jump to content

Template:Networking rut manual vpn: Difference between revisions

No edit summary
Line 1,047: Line 1,047:
==Stunnel==
==Stunnel==


<b>Stunnel</b> is an open-source a proxy service that adds TLS encryption to clients and servers already existing on a VPN network. TLS encryption provided by Stunnel can be used as an additional layer of encryption for data sent by OpenVPN. This procedure increases the security of the established connection and provides higher chances of passing a Deep packet inspection (DPI) check.  
<b>Stunnel</b> is an open-source a proxy service that adds TLS encryption to clients and servers already existing on a VPN network. TLS encryption provided by Stunnel can be used as an additional layer of encryption for data sent by VPN. This procedure increases the security of the established connection and provides higher chances of passing a Deep packet inspection (DPI) check.  


For a more in-depth Stunnel configuration example visit this page: [[OpenVPN over Stunnel {{{name}}}|OpenVPN over Stunnel]].
For a more in-depth Stunnel configuration example visit this page: [[OpenVPN over Stunnel {{{name}}}|OpenVPN over Stunnel]].
Line 1,053: Line 1,053:
===Stunnel Globals===
===Stunnel Globals===
----
----
The <b>Stunnel Globals</b> section is used to manage the Stunnel service as a whole. Refer to the figure and table below for information on the field contained in the Stunnel Globals section.
The <b>Stunnel Globals</b> section is used to manage the Stunnel service as a whole. Refer to the figure and table below for information on the fields contained in the Stunnel Globals section.


[[File:{{{file_stunnel_globals}}}]]
[[File:{{{file_stunnel_globals}}}]]
Line 1,066: Line 1,066:
         <td>Enabled</td>
         <td>Enabled</td>
         <td>yes | no; default: <b>no</b></td>
         <td>yes | no; default: <b>no</b></td>
         <td>Turns the Stunnel service on or off. If this is unchecked, Stunnel instances will not start (even if they are enabled individually); therefore, iti is necessary to check this field in order to make Stunnel active on the router.</td>
         <td>Turns the Stunnel service on or off. If this is unchecked, Stunnel instances will not start (even if they are enabled individually); therefore, it is necessary to check this field in order to make Stunnel active on the router.</td>
     </tr>
     </tr>
     <tr>
     <tr>
Line 1,072: Line 1,072:
         <td>integer [0..7]; default: <b>5</b></td>
         <td>integer [0..7]; default: <b>5</b></td>
         <td>Debugging to log output level.
         <td>Debugging to log output level.
       
            <ul>
Level is one of the syslog level names or numbers emerg (0), alert (1), crit (2), err (3), warning (4), notice (5), info (6), or debug (7). All logs for the specified level and all levels numerically less than it will be shown. Use '''7''' for greatest debugging output.</td>
                <li><b>0 (emergency)</b> - a panic condition, i.e., system is no longer usable.</li>
                <li><b>1 (alert)</b> - a condition that must be corrected immediately.</li>
                <li><b>2 (critical)</b> - critical conditions, device errors.</li>
                <li><b>3 (error)</b> - errors that are fatal to the operation, but not the service or application (can't open a required file, missing data, etc.) Solving these types of errors will usually require user intervention.</li>
                <li><b>4 (warning)</b> - anything that can potentially cause application oddities, but for which the system is automatically recovering from (e.g., retrying an operation, missing secondary data, etc.)</li>
                <li><b>5 (notice)</b> - conditions that are not error conditions, but that may require special handling.</li>
                <li><b>6 (info)</b> - general useful information (e.g., configuration changes, starts and stops of services, etc.)</li>
                <li><b>7 (debug)</b> - contains basic information that is diagnostically helpful to most people (i.e., not just engineers).</li>
            </ul>
     </tr>
     </tr>
     <tr>
     <tr>
Line 1,108: Line 1,116:
         <td>Selects the Stunnel instance's role.
         <td>Selects the Stunnel instance's role.
             <ul>
             <ul>
                 <li><b>Server</b> - </li>
                 <li><b>Server</b> - listens for connecting Stunnel clients.</li>
                 <li><b>Client</b> - </li>
                 <li><b>Client</b> - listens for connecting OpenVPN clients and connects to an Stunnel server.</li>
             </ul>
             </ul>
         </td>
         </td>
Line 1,126: Line 1,134:
         <td>Connect IP's</td>
         <td>Connect IP's</td>
         <td>ip:port; default: <b>none</b></td>
         <td>ip:port; default: <b>none</b></td>
         <td>Uses the standard host:port convetion (e.g. 127.0.0.1:6001; localhost:6001). Host part can be emmited - empty host part defaults to '''localhost'''.
         <td>IP:Port to listen for VPN connections. When left empty the value of this field is interpreted as <i>localhost</i>.


Must contain at least one item. If multiple options are specified, remote address is chosen using a round-robin algorithm.</td>
Must contain at least one item. If multiple options are specified, remote address is chosen using a round-robin algorithm.</td>