538
edits
Changes
Template:Networking rut2xx manual vpn stunnel (view source)
Revision as of 15:10, 16 October 2019
, 15:10, 16 October 2019no edit summary
<td>file; default: <b>none</b></td>
<td>file; default: <b>none</b></td>
<td>Uploads an Stunnel configuration file.</td>
<td>Uploads an Stunnel configuration file.</td>
</tr>
</table>
===Stunnel client/server===
----
To create a new Stunnel instance, go to the <i>Services → VPN → Stunnel</i> section, enter a custom name and click the 'Add' button. An Stunnel instance with the given name will appear in the "Stunnel Configuration" list.
To begin configuration, click the 'Edit' button located next to the instance. Refer to the figure and table below for information on the Stunnel instance's configuration fields:
[[File:{{{file_stunnel_client_server_config}}}]]
<table class="nd-mantable">
<tr>
<th>Field</th>
<th>Value</th>
<th>Description</th>
</tr>
<tr>
<td>Enable</td>
<td>yes | no; default: <b>no</b></td>
<td>Turns the Stunnel instance on or off.</td>
</tr>
<tr>
<td>Operating Mode</td>
<td>Server | Client; default: <b>Server</b></td>
<td>Selects the Stunnel instance's role.
<ul>
<li><b>Server</b> - listens for connecting Stunnel clients.</li>
<li><b>Client</b> - listens for connecting OpenVPN clients and connects to an Stunnel server.</li>
</ul>
</td>
</tr>
<tr>
<td>Listen IP</td>
<td>ip; default: <b>none</b></td>
<td>Makes the instance "listen" for incoming connections on the specified IP address. When left empty, the value of this field defaults to <i>localhost</i> (<i>127.0.0.1</i>).</td>
</tr>
<tr>
<td>Listen Port</td>
<td>integer [0..65535]; default: <b>none</b></td>
<td>Makes the instance "listen" for incoming connections on the specified TCP port. Make sure you chose a port that is not being used by another service. You will also have to allow traffic on the specified port. You can do this via the <b>Network → Firewall → Traffic Rulles → [[{{{name}}}_Firewall#Open_Ports_On_Router|Open Ports On Router]]</b> section.</td>
</tr>
<tr>
<td>Connect IP's</td>
<td>ip:port; default: <b>none</b></td>
<td>IP:Port to listen for VPN connections. When left empty the value of this field is interpreted as <i>localhost</i>.
Must contain at least one item. If multiple options are specified, remote address is chosen using a round-robin algorithm.</td>
</tr>
<tr>
<td>TLS Cipher</td>
<td>None | Secure | Custom; default: <b>None</b></td>
<td>Packet encryption algorithm cipher.</td>
</tr>
<tr>
<td>Allowed TLS Ciphers</td>
<td>string; default: <b>none</b></td>
<td>A list of TLS ciphers accepted for this connection.</td>
</tr>
<tr>
<td>Application Protocol</td>
<td>Connect | SMTP | Not specified; default: <b>Not specified</b></td>
<td>This option enables initial, protocol-specific negotiation of the TLS encryption. The protocol option should not be used with TLS encryption on a separate port.</td>
</tr>
<tr>
<td>Protocol Authentication</td>
<td><b>Connect</b>: Basic | NTLM; default: <b>Basic</b><br><b>SMTP</b>: Plain | Login; default: <b>Plain</b></td>
<td>Authentication type for the protocol negotiations.</td>
</tr>
<tr>
<td>Protocol Domain</td>
<td>string; default: <b>none</b></td>
<td>Domain for the protocol negotiations.</td>
</tr>
<tr>
<td>Protocol Host</td>
<td>host:port; default: <b>none</b></td>
<td>Specifies the final TLS server to be connected to by the proxy, and not the proxy server directly connected by Stunnel. The proxy server should be specified along with the <i>connect</i> option.</td>
</tr>
<tr>
<td>Protocol Username</td>
<td>string; Default: <b>none</b></td>
<td>Username for authentication to the protocol negotiations.</td>
</tr>
<tr>
<td>Protocol Password</td>
<td>string; default: <b>none</b></td>
<td>Password for authentication to the protocol negotiations.</td>
</tr>
<tr>
<td>Certificate File</td>
<td>.crt file; default: <b>none</b></td>
<td>TLS client or server certificate file.</td>
</tr>
<tr>
<td>Private Key</td>
<td>.key file; default: <b>none</b></td>
<td>TLS client or server key file.</td>
</tr>
</tr>
</table>
</table>
