Line 20: |
Line 20: |
| <td>file; default: <b>none</b></td> | | <td>file; default: <b>none</b></td> |
| <td>Uploads an Stunnel configuration file.</td> | | <td>Uploads an Stunnel configuration file.</td> |
| + | </tr> |
| + | </table> |
| + | |
| + | ===Stunnel client/server=== |
| + | ---- |
| + | To create a new Stunnel instance, go to the <i>Services → VPN → Stunnel</i> section, enter a custom name and click the 'Add' button. An Stunnel instance with the given name will appear in the "Stunnel Configuration" list. |
| + | |
| + | To begin configuration, click the 'Edit' button located next to the instance. Refer to the figure and table below for information on the Stunnel instance's configuration fields: |
| + | |
| + | [[File:{{{file_stunnel_client_server_config}}}]] |
| + | |
| + | <table class="nd-mantable"> |
| + | <tr> |
| + | <th>Field</th> |
| + | <th>Value</th> |
| + | <th>Description</th> |
| + | </tr> |
| + | <tr> |
| + | <td>Enable</td> |
| + | <td>yes | no; default: <b>no</b></td> |
| + | <td>Turns the Stunnel instance on or off.</td> |
| + | </tr> |
| + | <tr> |
| + | <td>Operating Mode</td> |
| + | <td>Server | Client; default: <b>Server</b></td> |
| + | <td>Selects the Stunnel instance's role. |
| + | <ul> |
| + | <li><b>Server</b> - listens for connecting Stunnel clients.</li> |
| + | <li><b>Client</b> - listens for connecting OpenVPN clients and connects to an Stunnel server.</li> |
| + | </ul> |
| + | </td> |
| + | </tr> |
| + | <tr> |
| + | <td>Listen IP</td> |
| + | <td>ip; default: <b>none</b></td> |
| + | <td>Makes the instance "listen" for incoming connections on the specified IP address. When left empty, the value of this field defaults to <i>localhost</i> (<i>127.0.0.1</i>).</td> |
| + | </tr> |
| + | <tr> |
| + | <td>Listen Port</td> |
| + | <td>integer [0..65535]; default: <b>none</b></td> |
| + | <td>Makes the instance "listen" for incoming connections on the specified TCP port. Make sure you chose a port that is not being used by another service. You will also have to allow traffic on the specified port. You can do this via the <b>Network → Firewall → Traffic Rulles → [[{{{name}}}_Firewall#Open_Ports_On_Router|Open Ports On Router]]</b> section.</td> |
| + | </tr> |
| + | <tr> |
| + | <td>Connect IP's</td> |
| + | <td>ip:port; default: <b>none</b></td> |
| + | <td>IP:Port to listen for VPN connections. When left empty the value of this field is interpreted as <i>localhost</i>. |
| + | |
| + | Must contain at least one item. If multiple options are specified, remote address is chosen using a round-robin algorithm.</td> |
| + | </tr> |
| + | <tr> |
| + | <td>TLS Cipher</td> |
| + | <td>None | Secure | Custom; default: <b>None</b></td> |
| + | <td>Packet encryption algorithm cipher.</td> |
| + | </tr> |
| + | <tr> |
| + | <td>Allowed TLS Ciphers</td> |
| + | <td>string; default: <b>none</b></td> |
| + | <td>A list of TLS ciphers accepted for this connection.</td> |
| + | </tr> |
| + | <tr> |
| + | <td>Application Protocol</td> |
| + | <td>Connect | SMTP | Not specified; default: <b>Not specified</b></td> |
| + | <td>This option enables initial, protocol-specific negotiation of the TLS encryption. The protocol option should not be used with TLS encryption on a separate port.</td> |
| + | </tr> |
| + | <tr> |
| + | <td>Protocol Authentication</td> |
| + | <td><b>Connect</b>: Basic | NTLM; default: <b>Basic</b><br><b>SMTP</b>: Plain | Login; default: <b>Plain</b></td> |
| + | <td>Authentication type for the protocol negotiations.</td> |
| + | </tr> |
| + | <tr> |
| + | <td>Protocol Domain</td> |
| + | <td>string; default: <b>none</b></td> |
| + | <td>Domain for the protocol negotiations.</td> |
| + | </tr> |
| + | <tr> |
| + | <td>Protocol Host</td> |
| + | <td>host:port; default: <b>none</b></td> |
| + | <td>Specifies the final TLS server to be connected to by the proxy, and not the proxy server directly connected by Stunnel. The proxy server should be specified along with the <i>connect</i> option.</td> |
| + | </tr> |
| + | <tr> |
| + | <td>Protocol Username</td> |
| + | <td>string; Default: <b>none</b></td> |
| + | <td>Username for authentication to the protocol negotiations.</td> |
| + | </tr> |
| + | <tr> |
| + | <td>Protocol Password</td> |
| + | <td>string; default: <b>none</b></td> |
| + | <td>Password for authentication to the protocol negotiations.</td> |
| + | </tr> |
| + | <tr> |
| + | <td>Certificate File</td> |
| + | <td>.crt file; default: <b>none</b></td> |
| + | <td>TLS client or server certificate file.</td> |
| + | </tr> |
| + | <tr> |
| + | <td>Private Key</td> |
| + | <td>.key file; default: <b>none</b></td> |
| + | <td>TLS client or server key file.</td> |
| </tr> | | </tr> |
| </table> | | </table> |