Stunnel configuration example using Telnet: Difference between revisions
Stunnel configuration example using Telnet (view source)
Revision as of 09:59, 22 December 2022
, 22 December 2022no edit summary
No edit summary |
No edit summary |
||
(16 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
<p style="color:red">The information in this page is updated in accordance with firmware version [https://wiki.teltonika-networks.com/view/FW_%26_SDK_Downloads'''07.02.7'''].</p> | |||
==Introduction== | ==Introduction== | ||
This article provides a guide on how to configure stunnel and use telnet protocol for devices to interact with each other securely. These configurations can be implemented on | This article provides a guide on how to configure stunnel and use telnet protocol for devices to interact with each other securely. These configurations can be implemented on RUT, RUTX and TRB series devices. | ||
* First you want to make sure that you have '''ADVANCED mode''' enabled. This will allow you to choose from a larger variety of settings. | * First you want to make sure that you have '''ADVANCED mode''' enabled. This will allow you to choose from a larger variety of settings. | ||
Line 30: | Line 31: | ||
As mentioned earlier, here, in this configuration since telnet does not provide security, we are going to develop a Stunnel in between the router and the client, and then connect them using telnet protocol, so that there is encryption provided to the data. For this we will use Wireshark to capture the packets and verify if the data has been encrypted or not. | As mentioned earlier, here, in this configuration since telnet does not provide security, we are going to develop a Stunnel in between the router and the client, and then connect them using telnet protocol, so that there is encryption provided to the data. For this we will use Wireshark to capture the packets and verify if the data has been encrypted or not. | ||
==Client and Server Configuration== | |||
First, configure the Stunnel server. The stunnel server will listen for incoming client connections on the specified port ( 2030 for this example) and connect them to telnet port at port 23. Configure stunnel client that will be connecting to the server. | |||
[[File:Networking Rut955 manual Stunnel config v1.png|border]] | |||
Line 47: | Line 53: | ||
* You will be directed to stunnel configuration, | * You will be directed to stunnel configuration, | ||
1. '''Enable''' Stunnel | |||
2. Select Operating mode '''(Server)''' | |||
3. Listen IP '''(0.0.0.0)''' | |||
4. Select Listen Port '''(2030)''' | |||
5. Connect IP'S '''(127.0.0.1:23)''' | |||
6. TLS Cipher '''(Secure)''' | |||
7. Insert Certificate File '''(server.cert.pem and server.key.pem)''' | |||
[[File:Networking Rut955 WebUI VPN stunnel config v1.bmp|border]] | [[File:Networking Rut955 WebUI VPN stunnel config v1.bmp|border]] | ||
Line 73: | Line 86: | ||
'''For Windows:''' | '''For Windows:''' | ||
Download Stunnel from [https://www.stunnel.org/downloads.html stunnel download]. | Download Stunnel from [https://www.stunnel.org/downloads.html stunnel download]. | ||
Choose the latest win64 installer.exe and install. | Choose the latest win64 installer.exe and install. | ||
Line 78: | Line 92: | ||
[[File:Networking Rut955 manual VPN stunnel install v1.png|border]] | [[File:Networking Rut955 manual VPN stunnel install v1.png|border]] | ||
* Install only Stunnel.exe deamon, you can skip openssl.exe. | * Install only '''Stunnel.exe''' deamon, you can skip '''openssl.exe'''. | ||
Once the application is installed, open stunnel, go to configuration and select edit configuration. Remove all the content and paste as below: | Once the application is installed, open stunnel, go to configuration and select edit configuration. Remove all the content and paste as below: | ||
Line 90: | Line 104: | ||
Connect IP depends on your configuration and write them accordingly. Here in this example, it is as above. | Connect IP depends on your configuration and write them accordingly. Here in this example, it is as above. | ||
* Navigate to C:\Program files (x86)\Stunnel\config and create new file ca-cert1.pem. | * Navigate to '''C:\Program files (x86)\Stunnel\config''' and create new file ''ca-cert1.pem''. | ||
* Copy and paste client.cert.pem and client.key.pem to it and save the file. ('''Note:''' Download the client certificate from your Web-UI, '''System → Administration → certificate''') | * Copy and paste ''client.cert.pem'' and ''client.key.pem'' to it and save the file. ('''Note:''' Download the client certificate from your Web-UI, '''System → Administration → certificate''') | ||
* For example: | * For example: | ||
[[File:Networking Rut955 manual stunnel clientcert v1.png|border]] | [[File:Networking Rut955 manual stunnel clientcert v1.png|border]] | ||
Once saved, go back to stunnel | Once saved, go back to '''stunnel → configuration''', and reload configuration. | ||
[[File:Networking Rut955 manual stunnel config v1.bmp|border]] | [[File:Networking Rut955 manual stunnel config v1.bmp|border]] | ||
Line 106: | Line 120: | ||
Similarly, for Linux machines follow the below commands. | Similarly, for Linux machines follow the below commands. | ||
* Update and upgrade Ubuntu | |||
Using these commands update your Ubuntu's package list and also upgrade the existing packages to the latest version: | Using these commands update your Ubuntu's package list and also upgrade the existing packages to the latest version: | ||
''' | ''apt-get update'' | ||
''apt-get upgrade'' | |||
* Install Stunnel | |||
Install Stunnel package using the code below: | Install Stunnel package using the code below: | ||
''apt-get install stunnel4 -y'' | |||
* Configure Stunnel | |||
Stunnel configures itself using a file named '''stunnel.conf''' which by default is located in '''/etc/stunnel'''. | Stunnel configures itself using a file named '''stunnel.conf''' which by default is located in '''/etc/stunnel'''. | ||
Create a '''stunnel.conf''' file in the /etc/stunnel directory. | Create a '''stunnel.conf''' file in the /etc/stunnel directory. | ||
''nano /etc/stunnel/stunnel.conf'' | |||
Next, specify a service for use with stunnel. Here, it will work as client so file should look like this: | Next, specify a service for use with stunnel. Here, it will work as client so file should look like this: | ||
Line 134: | Line 153: | ||
[[File:Networking Rut955 manual stunnel config ubuntu v1.bmp|border]] | [[File:Networking Rut955 manual stunnel config ubuntu v1.bmp|border]] | ||
* Create certificates | |||
Stunnel uses SSL certificate to secure its connections, which you can easily create using the commands: | Stunnel uses SSL certificate to secure its connections, which you can easily create using the commands: | ||
''openssl genrsa -out key.pem 2048'' | |||
''openssl req -new -x509 -key key.pem -out cert.pem -days 1095'' | |||
and then create file stunnel.pem | and then create file stunnel.pem | ||
''nano /etc/stunnel/stunnel.pem'' | |||
copy the certificates to stunnel.pem file: | copy the certificates to stunnel.pem file: | ||
cat key.pem cert.pem >> /etc/stunnel/stunnel.pem | |||
[[File:Networking Rut955 manual stunnel certificates ubuntu v1.bmp|border]] | [[File:Networking Rut955 manual stunnel certificates ubuntu v1.bmp|border]] | ||
* Restart stunnel | |||
restart the stunnel configuration using the command: | restart the stunnel configuration using the command: | ||
''/etc/init.d/stunnel4 restart'' | |||