Stunnel 5.44 client syntax to accept connections on pty?

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Stunnel 5.44 client syntax to accept connections on pty?

Martin Got
How to use 'stunnel' in client mode to accept connections on pty from local programs like 'ppp' instead of 'accept=IP:PORT'?

'pty = yes' seems work in server mode only, so when I removed
'accept = 127.0.0.1:1723' from 'stunnel' client config I'm getting the error:

[!] Service [ppp]: Each service must define two endpoints on stunnel-5.44

I need to call 'stunnel' client from 'pppd' and communicate with 'stunnel' using pty if it was possible by using a command:

pppd /dev/ptyp3 10.0.1.2: local debug noauth passive noccp novj novjccomp nopcomp noaccomp name ppp-client connect 'stunnel /etc/stunnel/stunnel-client.conf'

Both 'pppd' and 'stunnel' started by executing the command above, but 'pppd' can't communicate to 'stunnel' server using pty.

Please advice.

[ppp]
client = yes
accept = [127.0.0.1:1723 ](http://127.0.0.1:1723)
^^^^^^^^^^^^^^^^^^^^^^^
connect = STUNNEL-SERVER-IP:723
CAfile = /etc/stunnel/ca.crt
cert = /etc/stunnel/client.crt
key = /etc/stunnel/client.key
verifyChain = yes
checkHost = hostna.me
;checkIP = 1.2.3.4
Reply | Threaded
Open this post in threaded view
|

Re: Stunnel 5.44 client syntax to accept connections on pty?

Tom Smyth
Hello Martin
what are you trying to achieve ?
are you trying to wrap a pptp tunnel inside a TLS tunnel similar to
SSTP ?

if im not mistaken you also need to encapsulate the assoicated  PPTP
GRE traffic aswell

have you seen the following secition fo the stunnel manual

If you want to provide tunneling to your pppd daemon on port 2020, use
something like:

    [vpn]
    accept = 2020
    exec = /usr/sbin/pppd
    execArgs = pppd local
    pty = yes


I havent tried what you are doing but I think you need to find some
way of passing
both the GRE traffic and the TCP 1723 traffic into stunnel ... and
vice versa on the other
end ...

I hope this helps

Tom Smyth


On Wed, 17 Apr 2019 at 17:49, Martin Got <[hidden email]> wrote:

>
> How to use 'stunnel' in client mode to accept connections on pty from local programs like 'ppp' instead of 'accept=IP:PORT'?
>
> 'pty = yes' seems work in server mode only, so when I removed
> 'accept = 127.0.0.1:1723' from 'stunnel' client config I'm getting the error:
>
> [!] Service [ppp]: Each service must define two endpoints on stunnel-5.44
>
> I need to call 'stunnel' client from 'pppd' and communicate with 'stunnel' using pty if it was possible by using a command:
>
> pppd /dev/ptyp3 10.0.1.2: local debug noauth passive noccp novj novjccomp nopcomp noaccomp name ppp-client connect 'stunnel /etc/stunnel/stunnel-client.conf'
>
> Both 'pppd' and 'stunnel' started by executing the command above, but 'pppd' can't communicate to 'stunnel' server using pty.
>
> Please advice.
>
> [ppp]
> client = yes
> accept = [127.0.0.1:1723 ](http://127.0.0.1:1723)
> ^^^^^^^^^^^^^^^^^^^^^^^
> connect = STUNNEL-SERVER-IP:723
> CAfile = /etc/stunnel/ca.crt
> cert = /etc/stunnel/client.crt
> key = /etc/stunnel/client.key
> verifyChain = yes
> checkHost = hostna.me
> ;checkIP = 1.2.3.4



--
Kindest regards,
Tom Smyth

The information contained in this E-mail is intended only for the
confidential use of the named recipient. If the reader of this message
is not the intended recipient or the person responsible for
delivering it to the recipient, you are hereby notified that you have
received this communication in error and that any review,
dissemination or copying of this communication is strictly prohibited.
If you have received this in error, please notify the sender
immediately by telephone at the number above and erase the message
You are requested to carry out your own virus check before
opening any attachment.

Reply | Threaded
Open this post in threaded view
|

Re: Stunnel 5.44 client syntax to accept connections on pty?

Denis Lapshin-2
In reply to this post by Martin Got
You can use this for peer to perform ppp connection once stunnel started up.

[ppp]
client = yes
connect = STUNNEL-SERVER-IP:723
exec = /usr/sbin/pppd
execargs = defaultroute persist 10.0.1.2:10.0.1.1 lock local debug
noauth name peer's-name
pty = yes
CAfile = /etc/stunnel/ca.crt
cert = /etc/stunnel/client.crt
key = /etc/stunnel/client.key
verifyChain = yes
checkHost = hostna.me
;checkIP = 1.2.3.4

ppp ends should be routed by firewall to perform traffic flow.

On 4/17/2019 8:43 PM, Martin Got wrote:

> How to use 'stunnel' in client mode to accept connections on pty from local programs like 'ppp' instead of 'accept=IP:PORT'?
>
> 'pty = yes' seems work in server mode only, so when I removed
> 'accept = 127.0.0.1:1723' from 'stunnel' client config I'm getting the error:
>
> [!] Service [ppp]: Each service must define two endpoints on stunnel-5.44
>
> I need to call 'stunnel' client from 'pppd' and communicate with 'stunnel' using pty if it was possible by using a command:
>
> pppd /dev/ptyp3 10.0.1.2: local debug noauth passive noccp novj novjccomp nopcomp noaccomp name ppp-client connect 'stunnel /etc/stunnel/stunnel-client.conf'
>
> Both 'pppd' and 'stunnel' started by executing the command above, but 'pppd' can't communicate to 'stunnel' server using pty.
>
> Please advice.
>
> [ppp]
> client = yes
> accept = [127.0.0.1:1723 ](http://127.0.0.1:1723)
> ^^^^^^^^^^^^^^^^^^^^^^^
> connect = STUNNEL-SERVER-IP:723
> CAfile = /etc/stunnel/ca.crt
> cert = /etc/stunnel/client.crt
> key = /etc/stunnel/client.key
> verifyChain = yes
> checkHost = hostna.me
> ;checkIP = 1.2.3.4
>