Jump to content

Stunnel configuration example using Telnet: Difference between revisions

no edit summary
No edit summary
No edit summary
 
(15 intermediate revisions by 2 users not shown)
Line 1: Line 1:
<p style="color:red">The information in this page is updated in accordance with firmware version [https://wiki.teltonika-networks.com/view/FW_%26_SDK_Downloads'''07.02.7'''].</p>


==Introduction==
==Introduction==
This article provides a guide on how to configure stunnel and use telnet protocol for devices to interact with each other securely. These configurations can be implemented on RUT9xx and RUTX series.
This article provides a guide on how to configure stunnel and use telnet protocol for devices to interact with each other securely. These configurations can be implemented on RUT, RUTX and TRB series devices.


* First you want to make sure that you have '''ADVANCED mode''' enabled. This will allow you to choose from a larger variety of settings.
* First you want to make sure that you have '''ADVANCED mode''' enabled. This will allow you to choose from a larger variety of settings.
Line 34: Line 35:
First, configure the Stunnel server. The stunnel server will listen for incoming client connections on the specified port ( 2030 for this example) and connect them to telnet port at port 23. Configure stunnel client that will be connecting to the server.  
First, configure the Stunnel server. The stunnel server will listen for incoming client connections on the specified port ( 2030 for this example) and connect them to telnet port at port 23. Configure stunnel client that will be connecting to the server.  


[[File:Networking Rut955 manual stunnel toplogy v1.png|border]]
[[File:Networking Rut955 manual Stunnel config v1.png|border]]
 
 
==Router Configuration==
==Router Configuration==
Firstly, enable local telnet access at port 23, Go to '''System → Administration → Access Control'''
Firstly, enable local telnet access at port 23, Go to '''System → Administration → Access Control'''
Line 50: Line 53:


* You will be directed to stunnel configuration,
* You will be directed to stunnel configuration,
  Do following configuration:
 
  Enable Stunnel
1. '''Enable''' Stunnel
  Operating mode           : Server
 
  Listen IP               : 0.0.0.0
2. Select Operating mode '''(Server)'''
  Listen Port             : 2030
 
  Connect IP'S             : 127.0.0.1:23
3. Listen IP '''(0.0.0.0)'''
  TLS Cipher               : Secure
 
  Insert Certificate File : server.cert.pem and server.key.pem
4. Select Listen Port '''(2030)'''
 
5. Connect IP'S '''(127.0.0.1:23)'''
 
6. TLS Cipher '''(Secure)'''
 
7. Insert Certificate File '''(server.cert.pem and server.key.pem)'''
 


[[File:Networking Rut955 WebUI VPN stunnel config v1.bmp|border]]
[[File:Networking Rut955 WebUI VPN stunnel config v1.bmp|border]]
Line 76: Line 86:


'''For Windows:'''
'''For Windows:'''
Download Stunnel from [https://www.stunnel.org/downloads.html stunnel download].
Download Stunnel from [https://www.stunnel.org/downloads.html stunnel download].
Choose the latest win64 installer.exe and install.
Choose the latest win64 installer.exe and install.
Line 81: Line 92:
[[File:Networking Rut955 manual VPN stunnel install v1.png|border]]
[[File:Networking Rut955 manual VPN stunnel install v1.png|border]]


* Install only Stunnel.exe deamon, you can skip openssl.exe.
* Install only '''Stunnel.exe''' deamon, you can skip '''openssl.exe'''.
Once the application is installed, open stunnel, go to configuration and select edit configuration. Remove all the content and paste as below:
Once the application is installed, open stunnel, go to configuration and select edit configuration. Remove all the content and paste as below:


Line 93: Line 104:
Connect IP depends on your configuration and write them accordingly. Here in this example, it is as above.
Connect IP depends on your configuration and write them accordingly. Here in this example, it is as above.


* Navigate to C:\Program files (x86)\Stunnel\config and create new file ca-cert1.pem.
* Navigate to '''C:\Program files (x86)\Stunnel\config''' and create new file ''ca-cert1.pem''.
* Copy and paste client.cert.pem and client.key.pem to it and save the file. ('''Note:''' Download the client certificate from your Web-UI, '''System → Administration → certificate''')
* Copy and paste ''client.cert.pem'' and ''client.key.pem'' to it and save the file. ('''Note:''' Download the client certificate from your Web-UI, '''System → Administration → certificate''')
* For example:
* For example:


[[File:Networking Rut955 manual stunnel clientcert v1.png|border]]
[[File:Networking Rut955 manual stunnel clientcert v1.png|border]]


Once saved, go back to stunnel > configuration, and reload configuration.
Once saved, go back to '''stunnel configuration''', and reload configuration.


[[File:Networking Rut955 manual stunnel config v1.bmp|border]]
[[File:Networking Rut955 manual stunnel config v1.bmp|border]]
Line 109: Line 120:
Similarly, for Linux machines follow the below commands.
Similarly, for Linux machines follow the below commands.


'''Step 1: update and upgrade Ubuntu'''
* Update and upgrade Ubuntu


Using these commands update your Ubuntu's package list and also upgrade the existing packages to the latest version:
Using these commands update your Ubuntu's package list and also upgrade the existing packages to the latest version:
* apt-get update
*apt-get upgrade


'''Step 2: Install Stunnel'''
''apt-get update'' 
''apt-get upgrade''
 
 
* Install Stunnel


Install Stunnel package using the code below:
Install Stunnel package using the code below:
* apt-get install stunnel4 -y
''apt-get install stunnel4 -y''
 


'''Step 3: Configure Stunnel'''
* Configure Stunnel


Stunnel configures itself using a file named '''stunnel.conf''' which by default is located in '''/etc/stunnel'''.
Stunnel configures itself using a file named '''stunnel.conf''' which by default is located in '''/etc/stunnel'''.
Create a '''stunnel.conf''' file in the /etc/stunnel directory.
Create a '''stunnel.conf''' file in the /etc/stunnel directory.
* nano /etc/stunnel/stunnel.conf  
''nano /etc/stunnel/stunnel.conf''


Next, specify a service for use with stunnel. Here, it will work as client so file should look like this:
Next, specify a service for use with stunnel. Here, it will work as client so file should look like this:
Line 137: Line 153:
[[File:Networking Rut955 manual stunnel config ubuntu v1.bmp|border]]
[[File:Networking Rut955 manual stunnel config ubuntu v1.bmp|border]]


'''Step 4: Create certificates'''
 
* Create certificates


Stunnel uses SSL certificate to secure its connections, which you can easily create using the commands:
Stunnel uses SSL certificate to secure its connections, which you can easily create using the commands:


*openssl genrsa -out key.pem 2048
''openssl genrsa -out key.pem 2048'' 
*openssl req -new -x509 -key key.pem -out cert.pem -days 1095
''openssl req -new -x509 -key key.pem -out cert.pem -days 1095''




and then create file stunnel.pem
and then create file stunnel.pem
* nano /etc/stunnel/stunnel.pem
''nano /etc/stunnel/stunnel.pem''




copy the certificates to stunnel.pem file:
copy the certificates to stunnel.pem file:
* cat key.pem cert.pem >> /etc/stunnel/stunnel.pem
cat key.pem cert.pem >> /etc/stunnel/stunnel.pem




[[File:Networking Rut955 manual stunnel certificates ubuntu v1.bmp|border]]
[[File:Networking Rut955 manual stunnel certificates ubuntu v1.bmp|border]]


'''Step 5: Restart stunnel'''
Restart stunnel


restart the stunnel configuration using the command:
restart the stunnel configuration using the command:
* /etc/init.d/stunnel4 restart  
''/etc/init.d/stunnel4 restart''