Stunnel configuration example using Telnet: Difference between revisions
Stunnel configuration example using Telnet (view source)
Revision as of 09:59, 22 December 2022
, 22 December 2022no edit summary
No edit summary |
No edit summary |
||
(15 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
<p style="color:red">The information in this page is updated in accordance with firmware version [https://wiki.teltonika-networks.com/view/FW_%26_SDK_Downloads'''07.02.7'''].</p> | |||
==Introduction== | ==Introduction== | ||
This article provides a guide on how to configure stunnel and use telnet protocol for devices to interact with each other securely. These configurations can be implemented on | This article provides a guide on how to configure stunnel and use telnet protocol for devices to interact with each other securely. These configurations can be implemented on RUT, RUTX and TRB series devices. | ||
* First you want to make sure that you have '''ADVANCED mode''' enabled. This will allow you to choose from a larger variety of settings. | * First you want to make sure that you have '''ADVANCED mode''' enabled. This will allow you to choose from a larger variety of settings. | ||
Line 34: | Line 35: | ||
First, configure the Stunnel server. The stunnel server will listen for incoming client connections on the specified port ( 2030 for this example) and connect them to telnet port at port 23. Configure stunnel client that will be connecting to the server. | First, configure the Stunnel server. The stunnel server will listen for incoming client connections on the specified port ( 2030 for this example) and connect them to telnet port at port 23. Configure stunnel client that will be connecting to the server. | ||
[[File:Networking Rut955 manual | [[File:Networking Rut955 manual Stunnel config v1.png|border]] | ||
==Router Configuration== | ==Router Configuration== | ||
Firstly, enable local telnet access at port 23, Go to '''System → Administration → Access Control''' | Firstly, enable local telnet access at port 23, Go to '''System → Administration → Access Control''' | ||
Line 50: | Line 53: | ||
* You will be directed to stunnel configuration, | * You will be directed to stunnel configuration, | ||
1. '''Enable''' Stunnel | |||
2. Select Operating mode '''(Server)''' | |||
3. Listen IP '''(0.0.0.0)''' | |||
4. Select Listen Port '''(2030)''' | |||
5. Connect IP'S '''(127.0.0.1:23)''' | |||
6. TLS Cipher '''(Secure)''' | |||
7. Insert Certificate File '''(server.cert.pem and server.key.pem)''' | |||
[[File:Networking Rut955 WebUI VPN stunnel config v1.bmp|border]] | [[File:Networking Rut955 WebUI VPN stunnel config v1.bmp|border]] | ||
Line 76: | Line 86: | ||
'''For Windows:''' | '''For Windows:''' | ||
Download Stunnel from [https://www.stunnel.org/downloads.html stunnel download]. | Download Stunnel from [https://www.stunnel.org/downloads.html stunnel download]. | ||
Choose the latest win64 installer.exe and install. | Choose the latest win64 installer.exe and install. | ||
Line 81: | Line 92: | ||
[[File:Networking Rut955 manual VPN stunnel install v1.png|border]] | [[File:Networking Rut955 manual VPN stunnel install v1.png|border]] | ||
* Install only Stunnel.exe deamon, you can skip openssl.exe. | * Install only '''Stunnel.exe''' deamon, you can skip '''openssl.exe'''. | ||
Once the application is installed, open stunnel, go to configuration and select edit configuration. Remove all the content and paste as below: | Once the application is installed, open stunnel, go to configuration and select edit configuration. Remove all the content and paste as below: | ||
Line 93: | Line 104: | ||
Connect IP depends on your configuration and write them accordingly. Here in this example, it is as above. | Connect IP depends on your configuration and write them accordingly. Here in this example, it is as above. | ||
* Navigate to C:\Program files (x86)\Stunnel\config and create new file ca-cert1.pem. | * Navigate to '''C:\Program files (x86)\Stunnel\config''' and create new file ''ca-cert1.pem''. | ||
* Copy and paste client.cert.pem and client.key.pem to it and save the file. ('''Note:''' Download the client certificate from your Web-UI, '''System → Administration → certificate''') | * Copy and paste ''client.cert.pem'' and ''client.key.pem'' to it and save the file. ('''Note:''' Download the client certificate from your Web-UI, '''System → Administration → certificate''') | ||
* For example: | * For example: | ||
[[File:Networking Rut955 manual stunnel clientcert v1.png|border]] | [[File:Networking Rut955 manual stunnel clientcert v1.png|border]] | ||
Once saved, go back to stunnel | Once saved, go back to '''stunnel → configuration''', and reload configuration. | ||
[[File:Networking Rut955 manual stunnel config v1.bmp|border]] | [[File:Networking Rut955 manual stunnel config v1.bmp|border]] | ||
Line 109: | Line 120: | ||
Similarly, for Linux machines follow the below commands. | Similarly, for Linux machines follow the below commands. | ||
* Update and upgrade Ubuntu | |||
Using these commands update your Ubuntu's package list and also upgrade the existing packages to the latest version: | Using these commands update your Ubuntu's package list and also upgrade the existing packages to the latest version: | ||
''' | ''apt-get update'' | ||
''apt-get upgrade'' | |||
* Install Stunnel | |||
Install Stunnel package using the code below: | Install Stunnel package using the code below: | ||
''apt-get install stunnel4 -y'' | |||
* Configure Stunnel | |||
Stunnel configures itself using a file named '''stunnel.conf''' which by default is located in '''/etc/stunnel'''. | Stunnel configures itself using a file named '''stunnel.conf''' which by default is located in '''/etc/stunnel'''. | ||
Create a '''stunnel.conf''' file in the /etc/stunnel directory. | Create a '''stunnel.conf''' file in the /etc/stunnel directory. | ||
''nano /etc/stunnel/stunnel.conf'' | |||
Next, specify a service for use with stunnel. Here, it will work as client so file should look like this: | Next, specify a service for use with stunnel. Here, it will work as client so file should look like this: | ||
Line 137: | Line 153: | ||
[[File:Networking Rut955 manual stunnel config ubuntu v1.bmp|border]] | [[File:Networking Rut955 manual stunnel config ubuntu v1.bmp|border]] | ||
* Create certificates | |||
Stunnel uses SSL certificate to secure its connections, which you can easily create using the commands: | Stunnel uses SSL certificate to secure its connections, which you can easily create using the commands: | ||
''openssl genrsa -out key.pem 2048'' | |||
''openssl req -new -x509 -key key.pem -out cert.pem -days 1095'' | |||
and then create file stunnel.pem | and then create file stunnel.pem | ||
''nano /etc/stunnel/stunnel.pem'' | |||
copy the certificates to stunnel.pem file: | copy the certificates to stunnel.pem file: | ||
cat key.pem cert.pem >> /etc/stunnel/stunnel.pem | |||
[[File:Networking Rut955 manual stunnel certificates ubuntu v1.bmp|border]] | [[File:Networking Rut955 manual stunnel certificates ubuntu v1.bmp|border]] | ||
* Restart stunnel | |||
restart the stunnel configuration using the command: | restart the stunnel configuration using the command: | ||
''/etc/init.d/stunnel4 restart'' | |||